1st March 2016
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
|
|
LibreSSL not affected by DROWN attack
From http://undeadly.org/cgi?action=artic...20160301141941
Quote:
As noted by Bernard Spil, the OpenSSL bugs disclosed on 2016-03-01 have very little impact on LibreSSL, especially on OpenBSD. However, we will briefly mention the two high-profile issues:
- LibreSSL (on any platform) is not affected by DROWN. Support for SSLv2 was flensed out quite a while ago.
- Cachebleed is local-only, and requires a lot effort to get. This is thought to be very difficult to exploit on OpenBSD due to many of the normal mitigations on an OpenBSD system. Other systems without such mitigations may not be so lucky.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|