Oracle issues details of their SSL flaws

[R. A. Hettinga]

<http://www.smh.com.au/cgi-bin/common/popupPrintArticle.pl?path=/articles/2003/12/09/1070732180593.html>

The Sydney Morning Herald

Oracle issues details of high-risk flaws
By Online Staff
December 9, 2003

Oracle has issued a security alert detailing high risk security holes
affecting all SSL products in the Oracle9i Application Server, the Oracle9i
and Oracle8i Database Servers, and Oracle HTTP server.

"Any client that is able to access the server may exploit the
vulnerabilities," the company said.

OpenSSL is an open source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a
general purpose cryptography library.

The SSL vulnerabilities were detailed by reserachers in October.

The host involved in a fraud attack on National Westminster in the UK was,
according to the published Apache module line running a vulnerable version
of OpenSSL, according to a statement by web services firm, Netcraft.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com