On Fri, Sep 28, 2007 at 07:16:15PM +0200, Kurt Roeckx wrote: > > Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL > > 0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary > > code via a crafted packet that triggers a one-byte buffer underflow.
So, it seems to be that CVE-2006-3738 didn't properly fix things. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
