Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

MRI Rubies may contain statically linked, vulnerable OpenSSL

From: glitch <glitch () glitchwrks com>
Date: Fri, 11 Apr 2014 11:20:20 -0400
https://gist.github.com/chapmajs/10473815

Apparently some MRI build scripts copy only the OpenSSL version at time of build, so the provided test is not 
necessarily 100% accurate. PoC confirmed with RVM on OS X 10.9, Arch Linux, Slackware 14.1

-- glitch

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: