Re: heartbleed OpenSSL bug CVE-2014-0160

[Matthew Musingo <matthew.musingo () gmail com>]

Even if your systems were patched  an attacker could have already attained
the secrets.

Certs and other sensitive information need to be reconsidered for
replacement or changed
On Apr 8, 2014 8:00 AM, "Jann Horn" <jann () thejh net> wrote:

> On Tue, Apr 08, 2014 at 10:23:26AM +0200, Joerg Mertin wrote:
> > Ubuntu already has released:
> > http://www.ubuntu.com/usn/usn-2165-1/
> >
> > My server updated during the night :}
>
> Make sure that it actually worked! I did this after updating my debian
> server:
>
> root@thejh:/home/jann# for pid in $(grep -F
> '/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (deleted)' /proc/*/maps | cut
> -d/ -f3 | sort -u); do cat /proc/$pid/cmdline | tr '\0' ' '; echo; done
> /usr/lib/erlang/erts-5.9.1/bin/beam -Bd -K true -A 4 -- -root
> /usr/lib/erlang -progname erl -- -home /var/lib/couchdb -- -noshell
> -noinput -os_mon start_memsup false start_cpu_sup false
> disk_space_check_interval 1 disk_almost_full_threshold 1 -sasl errlog_type
> error -couch_ini /etc/couchdb/default.ini /etc/couchdb/local.ini
> /etc/couchdb/default.ini /etc/couchdb/local.ini -s couch -pidfile
> /var/run/couchdb/couchdb.pid -heart
> /usr/bin/couchjs /usr/share/couchdb/server/main.js
> /usr/bin/couchjs /usr/share/couchdb/server/main.js
> /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
> /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
> /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
> /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
> /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
> /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
> /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
> /usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
> /usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
> /usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
> /usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
> /usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
> /usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
> /usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
> /usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
> /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
> /usr/lib/postfix/master
> /usr/sbin/vsftpd
> /usr/bin/znc -d /etc/znc
> pickup -l -t fifo -u -c
> anvil -l -t unix -u -c
> smtpd -n smtp -t inet -u -c -o stress= -s 2
> irssi
> /usr/sbin/openvpn --writepid /var/run/openvpn.tun0.pid --daemon ovpn-tun0
> --cd /etc/openvpn --config /etc/openvpn/tun0.conf
> qmgr -l -t fifo -u
> tlsmgr -l -t unix -u -c
>
> So, yeah, it did replace the library file, but stunnel, couchdb, lighttpd,
> postfix, vsftpd and so on are still using the old version. You have to
> manually restart those services... :D
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/