Full Disclosure mailing list archives
Auditing systems for vulnerable 3rd-party OpenSSL
From: Gabriel Brezi <gb () hydrau lc>
Date: Tue, 15 Apr 2014 13:53:17 -0400
I'm advising a client on auditing his systems for vulnerable OpenSSL libs which may be included by 3rd-parties. Does anyone know of some relatively simple tools that I can leverage to figure out what applications were bundled with out of date libs? Most of the focus will be Linux and OSX systems. I'll cover as much as I can by automating ldd, nm, JAR unpackers and UPX. I'll have to contact developers directly if I find evidence of obfuscation tools. Can someone add to this list of concerns or weigh in on any existing tools that can automate part of this process? I don't know OSX so well so extra advice for this platform is helpful. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Auditing systems for vulnerable 3rd-party OpenSSL Gabriel Brezi (Apr 15)
- Re: Auditing systems for vulnerable 3rd-party OpenSSL Dotzero (Apr 15)
- Re: Auditing systems for vulnerable 3rd-party OpenSSL Mike Iglesias (Apr 15)
- Re: Auditing systems for vulnerable 3rd-party OpenSSL James Lay (Apr 16)
- Re: Auditing systems for vulnerable 3rd-party OpenSSL Dotzero (Apr 15)