|
⇤ ← Revision 1 as of 2014-04-09 11:50:55
Size: 821
Comment:
|
Size: 822
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
| == How to check for vulnerable versions of OpenSSL== | == How to check for vulnerable versions of OpenSSL == |
heartbleed
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
http://helpdesk.wisc.edu/page.php?id=39080
How to check for vulnerable versions of OpenSSL
Versions 1.0.1 to 1.0.1f are potentially vulnerable. Version 1.0.1g if the fixed version. Other versions of OpenSSL (1.0.0 branch, 0.9.8 branch) are not vulnerable.
A basic version check: openssl version -a
A more specific check: openssl version -a| grep -oE '1.0.1[a-g]{1}?|DOPENSSL_NO_HEARTBEATS'
This should return the version, assuming version 1.0.1x. If the OPENSSL_NO_HEARTBEATS flag shows up then it’s not vulnerable regardless of version.