[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL

To: Dotzero <dotzero@xxxxxxxxx>, Gabriel Brezi <gb@xxxxxxxxx>
Subject: Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL
From: Mike Iglesias <iglesias@xxxxxxx>
Date: Tue, 15 Apr 2014 12:50:47 -0700

On 04/15/2014 11:33 AM, Dotzero wrote:
> If they were bundled with out of date libs then they were most likely
> on 0.9.8(probably e) and not vulnerable. I'm just saying. It's folks
> who were more current that were more likely to be vulnerable to this
> particular issue. I can't say much about OSX but what I've seen in
> checking is that many apps are simply using whatever OpenSSL is on the
> OS.

Kerio Connect bundled in OpenSSL 1.0.1 instead of using the OSX copy.


-- 
Mike Iglesias                          Email:       iglesias@xxxxxxx
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Auditing systems for vulnerable 3rd-party OpenSSL
  - From: Gabriel Brezi
- Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL
  - From: Dotzero

Prev by Date: Re: [FD] Should openssl accept weak DSA/DH keys with g = +/- 1 ?
Next by Date: [FD] Audit: don't only focus on heartbleed issue
Previous by thread: Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL
Next by thread: Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL
Index(es):
- Date
- Thread