Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] SSL Heartbleed

From: "Gisle Vanem" <gvanem () yahoo no>
Date: Wed, 9 Apr 2014 15:52:20 +0200
"Alan Jones" <asjones987 () gmail com> wrote:


Already got notification from one vendor saying they are
working on incorporating the patches into their environment then will send
fixes out.  I suspect there are many like this.  So scanning like this may
be useful.


That includes ncat too. I just scanned myself (a Win-XP box) and found
I was vulnerable. Kudos to Patrik for making this script. Output from 'ncat -kl --ssl 443' + 'nmap -P0 -sT -p443 10.0.0.6 --script=ssl-heartbleed' : 
...
NSE: Finished 'ssl-heartbleed' (thread: 02A01A50) against 10.0.0.6:443.
Completed NSE at 13:05, 0.03s elapsed
Nmap scan report for pcgv (10.0.0.6)
Host is up, received user-set (0.00s latency).
Scanned at 2014-04-09 13:05:11 CET for 0s
PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack
| ssl-heartbleed:
|   VULNERABLE:
|   The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software
|   library. It allows for stealing information intended to be protected by SSL/TLS encryption.
|     State: VULNERABLE
|     Risk factor: High
...

------
So is there a chance ncat (or nsock) could detect a vulnerable local OpenSSL too? The details at http://heartbleed.com/ mentions that if OpenSSL is built with '-DOPENSSL_NO_HEARTBEATS', it's not vulnerable. But I fail to see at runtime how it can be detected. What function should return the TLS heartbeat 
state etc?

--gv
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: