lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <534D8D97.9000203@uci.edu>
Date: Tue, 15 Apr 2014 12:50:47 -0700
From: Mike Iglesias <iglesias@....edu>
To: Dotzero <dotzero@...il.com>, Gabriel Brezi <gb@...rau.lc>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL

On 04/15/2014 11:33 AM, Dotzero wrote:
> If they were bundled with out of date libs then they were most likely
> on 0.9.8(probably e) and not vulnerable. I'm just saying. It's folks
> who were more current that were more likely to be vulnerable to this
> particular issue. I can't say much about OSX but what I've seen in
> checking is that many apps are simply using whatever OpenSSL is on the
> OS.

Kerio Connect bundled in OpenSSL 1.0.1 instead of using the OSX copy.


-- 
Mike Iglesias                          Email:       iglesias@....edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ