Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Auditing systems for vulnerable 3rd-party OpenSSL

From: Mike Iglesias <iglesias () uci edu>
Date: Tue, 15 Apr 2014 12:50:47 -0700
On 04/15/2014 11:33 AM, Dotzero wrote:

If they were bundled with out of date libs then they were most likely
on 0.9.8(probably e) and not vulnerable. I'm just saying. It's folks
who were more current that were more likely to be vulnerable to this
particular issue. I can't say much about OSX but what I've seen in
checking is that many apps are simply using whatever OpenSSL is on the
OS.


Kerio Connect bundled in OpenSSL 1.0.1 instead of using the OSX copy.


-- 
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: