Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: OpenSSL 0.9.8h available.
From: Fyodor <fyodor () insecure org>
Date: Sun, 1 Jun 2008 14:17:23 -0700

On Sun, Jun 01, 2008 at 05:14:40PM +0100, jah wrote:
On 01/06/2008 16:13, Kris Katterjohn wrote:
It's broken. The dlls don't seem to be statically linked against MSVCR80
(according to depends.exe) and nmap fails to initialise on a clean XP
install (I've got the standalone runtime installed on my main machine
and there, ssl is working as before).
I've tried building OpenSSL again, but I get the same result.  I notice
that libeay32.dll is about 32K smaller than it was before...
I'm a bit pressed for time at the moment, but intend to have a closer
look in a couple of hours.

Thanks for testing, Jah.  Did you check if the previous version works
on that new build machine?  Kris' SSL update seems to work on my
Windows XP SP2 box.  But I'll release 4.65 without the upgrade to
allow for further testing.  The OpenSSL security issues don't have any
code execution risks AFAICT.  It looks like, at worst, a malicious SSL
server could possibly cause Windows Nmap to crash if Nmap tries
version detection against that server.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]