DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News
Reload this Page Security LibreSSL not affected by DROWN attack
FAQ Today's Posts Search

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st March 2016
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default LibreSSL not affected by DROWN attack
From http://undeadly.org/cgi?action=artic...20160301141941

Quote:
As noted by Bernard Spil, the OpenSSL bugs disclosed on 2016-03-01 have very little impact on LibreSSL, especially on OpenBSD. However, we will briefly mention the two high-profile issues:
  • LibreSSL (on any platform) is not affected by DROWN. Support for SSLv2 was flensed out quite a while ago.
  • Cachebleed is local-only, and requires a lot effort to get. This is thought to be very difficult to exploit on OpenBSD due to many of the normal mitigations on an OpenBSD system. Other systems without such mitigations may not be so lucky.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
First Release of LIbreSSL port shep News 1 24th September 2015 09:47 AM
Bizzare LibreSSL CVE shep OpenBSD Security 1 3rd February 2015 03:52 AM
LibreSSL 2.1.1 released...and included a bonus note from Bob Beck rocket357 OpenBSD Security 0 16th October 2014 07:57 PM
Security Intel CPUs affected by VM privilege escalation exploit J65nko News 9 18th June 2012 11:51 PM


All times are GMT. The time now is 04:40 PM.

DaemonForums.org RSS Feeds - Contact Us - DaemonForums.org - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick