lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <53440594.4040502@gmx.com>
Date: Tue, 08 Apr 2014 16:20:04 +0200
From: Francesc Guitart <fguitart@....com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160

El 08/04/2014 13:59, Jann Horn escribió:
> On Tue, Apr 08, 2014 at 10:23:26AM +0200, Joerg Mertin wrote:
>> Ubuntu already has released:
>> http://www.ubuntu.com/usn/usn-2165-1/
>>
>> My server updated during the night :}
>
> Make sure that it actually worked! I did this after updating my debian server:
>
> root@...jh:/home/jann# for pid in $(grep -F '/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (deleted)' /proc/*/maps | cut -d/ -f3 | sort -u); do cat /proc/$pid/cmdline | tr '\0' ' '; echo; done


If I'm not wrong this does the same in a little bit easier way:

sudo lsof -n | grep ssl | grep DEL

I guess it works on all Linux distributions.


-- 
Francesc Guitart

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ