[tpop3d-discuss] ssl Bug
Dave Baker
dave at dsb3.com
Wed, 5 Nov 2003 11:49:22 -0500
On Wed, Nov 05, 2003 at 04:14:29PM +0000, Chris Lightfoot wrote:
> Can somebody put a mailspool which exhibits this problem
> on an FTP/web site somewhere, so that I can get a
> binary-perfect copy of it here, and also tell me the
> exact configuration (OS, architecture, libraries etc.)
> they are using (preferably on Linux, but at a pinch I can
> manage FreeBSD etc. on x86).
>
Here's my example again, gzipped to double protect the contents from
alteration in transmit.
http://dsb3.com/mbox-crash-1.gz
Server:
Intel FreeBSD 4.5-RELEASE
$ openssl version
OpenSSL 0.9.7c 30 Sep 2003
Server has an old 0.9.6e installed in /usr, but tpop3d was
compiled against the 0.9.7c (in /usr/local)
$ ldd /opt/tpop3d/sbin/tpop3d
/opt/tpop3d/sbin/tpop3d:
libwrap.so.3 => /usr/lib/libwrap.so.3 (0x2807b000)
libssl.so.3 => /usr/local/lib/libssl.so.3 (0x28083000)
libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x280b1000)
libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x2819d000)
libperl.so.3 => /usr/lib/libperl.so.3 (0x281b6000)
libm.so.2 => /usr/lib/libm.so.2 (0x2824e000)
libc.so.4 => /usr/lib/libc.so.4 (0x2826a000)
libutil.so.3 => /usr/lib/libutil.so.3 (0x28303000)
Non-Problematic Client:
The problem does *NOT* occur when connecting via loopback on the
same machine.
Problematic Clients:
Intel Debian Linux (2.4.21)
$ openssl version
OpenSSL 0.9.7c 30 Sep 2003
Also tested on Intel Redhat9 (2.4.20)
$ openssl version
OpenSSL 0.9.7a Feb 19 2003
Dave
--
- Dave Baker : dave@dsb3.com : http://dsb3.com/ -
GnuPG: 1024D/D7BCA55D / 09CD D148 57DE 711E 6708 B772 0DD4 51D5 D7BC A55D