Full Disclosure mailing list archives
Re: Auditing systems for vulnerable 3rd-party OpenSSL
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 15 Apr 2014 14:14:27 -0600
On 2014-04-15 12:33, Dotzero wrote:
On Tue, Apr 15, 2014 at 1:53 PM, Gabriel Brezi <gb () hydrau lc> wrote:I'm advising a client on auditing his systems for vulnerable OpenSSL libs which may be included by 3rd-parties. Does anyone know of some relatively simple tools that I can leverage to figure out whatapplications were bundled with out of date libs? Most of the focus willbe Linux and OSX systems.
Latest version of nmap contains the heartbleed script..works well: http://nmap.org/nsedoc/scripts/ssl-heartbleed.html James _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Auditing systems for vulnerable 3rd-party OpenSSL Gabriel Brezi (Apr 15)
- Re: Auditing systems for vulnerable 3rd-party OpenSSL Dotzero (Apr 15)
- Re: Auditing systems for vulnerable 3rd-party OpenSSL Mike Iglesias (Apr 15)
- Re: Auditing systems for vulnerable 3rd-party OpenSSL James Lay (Apr 16)
- Re: Auditing systems for vulnerable 3rd-party OpenSSL Dotzero (Apr 15)