mailing list archives
Re: OpenSSL 0.9.8h available.
From: Fyodor <fyodor () insecure org>
Date: Sun, 1 Jun 2008 14:17:23 -0700
On Sun, Jun 01, 2008 at 05:14:40PM +0100, jah wrote:
On 01/06/2008 16:13, Kris Katterjohn wrote:
It's broken. The dlls don't seem to be statically linked against MSVCR80
(according to depends.exe) and nmap fails to initialise on a clean XP
install (I've got the standalone runtime installed on my main machine
and there, ssl is working as before).
I've tried building OpenSSL again, but I get the same result. I notice
that libeay32.dll is about 32K smaller than it was before...
I'm a bit pressed for time at the moment, but intend to have a closer
look in a couple of hours.
Thanks for testing, Jah. Did you check if the previous version works
on that new build machine? Kris' SSL update seems to work on my
Windows XP SP2 box. But I'll release 4.65 without the upgrade to
allow for further testing. The OpenSSL security issues don't have any
code execution risks AFAICT. It looks like, at worst, a malicious SSL
server could possibly cause Windows Nmap to crash if Nmap tries
version detection against that server.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org