Full Disclosure mailing list archives
Re: ldd for OS X WAS:Auditing systems for vulnerable 3rd-party OpenSSL (Gabriel Brezi)
From: Tim Heckman <tim+fd () pagerduty com>
Date: Thu, 17 Apr 2014 00:52:29 -0700
There are quite a few Homebrew[1] formula that depend on OpenSSL. They may be vulnerable to Heartbleed on OS X if 'brew update && brew upgrade' hasn't been ran and the machine rebooted. Attached at the bottom of this email[2] is the full list of the formula that depend on OpenSSL for one reason or another. Cheers! -Tim --- Tim Heckman Operations Engineer PagerDuty, Inc. [1] http://brew.sh/ [2] bind curl curl ejabberd elinks git imapfilter ircd-hybrid irssi ldns lftp liblacewing libssh2 libtorrent-rasterbar lynx midnight-commander mongodb monkeysphere mosquitto mutt mysql neon nginx nmap openconnect openlitespeed ori osslsigncode psqlodbc python python3 rtmpdump ruby-build ruby sipp spdylay strongswan stunnel subversion tomcat-native tor wget wrk zbackup On Wed, Apr 16, 2014 at 11:29 PM, Douglas Held <risk () douglasheld net> wrote:
Hi Gabriel, In OS X there is no 'ldd' command. Instead, the synonym is: #!/bin/bash /usr/bin/otool -L "$1" Also, I think you will find up to the latest OS X version (10.9.2 ?) the bundled Openssl version is 0.9.8y. So, safe from Heartbleed unless the user has installed a different openssl. Doug risk () douglasheld net _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- ldd for OS X WAS:Auditing systems for vulnerable 3rd-party OpenSSL (Gabriel Brezi) Douglas Held (Apr 17)
- Re: ldd for OS X WAS:Auditing systems for vulnerable 3rd-party OpenSSL (Gabriel Brezi) Tim Heckman (Apr 17)