[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL

To: <fulldisclosure@xxxxxxxxxxxx>
Subject: Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL
From: James Lay <jlay@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 15 Apr 2014 14:14:27 -0600

On 2014-04-15 12:33, Dotzero wrote:

On Tue, Apr 15, 2014 at 1:53 PM, Gabriel Brezi <gb@xxxxxxxxx> wrote:

I'm advising a client on auditing his systems for vulnerable OpenSSL
libs which may be included by 3rd-parties. Does anyone know of some
relatively simple tools that I can leverage to figure out what

applications were bundled with out of date libs? Most of the focuswill

be Linux and OSX systems.


Latest version of nmap contains the heartbleed script..works well:

http://nmap.org/nsedoc/scripts/ssl-heartbleed.html

James

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Auditing systems for vulnerable 3rd-party OpenSSL
  - From: Gabriel Brezi
- Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL
  - From: Dotzero

Prev by Date: Re: [FD] Should openssl accept weak DSA/DH keys with g = +/- 1 ?
Next by Date: Re: [FD] iis cgi 0day
Previous by thread: Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL
Next by thread: [FD] lxml (python lib) vulnerability
Index(es):
- Date
- Thread