[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] MRI Rubies may contain statically linked, vulnerable OpenSSL
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] MRI Rubies may contain statically linked, vulnerable OpenSSL
- From: glitch <glitch@xxxxxxxxxxxxxx>
- Date: Fri, 11 Apr 2014 11:20:20 -0400
https://gist.github.com/chapmajs/10473815
Apparently some MRI build scripts copy only the OpenSSL version at time of
build, so the provided test is not necessarily 100% accurate. PoC confirmed
with RVM on OS X 10.9, Arch Linux, Slackware 14.1
-- glitch
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/