Nmap Development mailing list archives

Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL

From: Kent Fritz <kfritz () wolfman devio us>
Date: Tue, 10 Jun 2014 22:48:41 -0400

On Sun, Jun 08, 2014 at 11:07:41PM +0100, Claudiu Perta wrote:

Hi everybody,

I implemented a script (in attachment) that checks for the "CCS Injection"
vulnerability in OpenSSL (CVE-2014-0224 [1]). The code is based on the C
implementation at https://gist.github.com/rcvalle/71f4b027d61a78c42607

Any feedback is welcomed.

Cheers,
Claudiu

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224


I tried it on several patched and un-patched systems, on odd ports and
non-html ports.  Worked great!  Many thanks.  Hope this gets checked in 
soon.

Kent.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

NSE script detecting "CCS Injection" vulnerability in OpenSSL Claudiu Perta (Jun 08)
- Message not available
  - Message not available
    - Message not available
    - Message not available
    - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Daniel Miller (Jun 09)
    - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Claudiu Perta (Jun 11)
    - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Daniel Miller (Jun 11)
    - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Daniel Miller (Jun 11)
- Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Kent Fritz (Jun 10)
- <Possible follow-ups>
- Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL vito (Jun 19)
  - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Claudiu Perta (Jun 19)