Results 1 to 3 of 3

Thread: Open SSL 1.01 to 1.01f vulnerable

  1. #1
    Join Date
    2014-Mar
    Posts
    163

    Lightbulb Open SSL 1.01 to 1.01f vulnerable

    nothing is secure , tha we already knew .
    also many versions of linux distributions are vulnerable to this issue .

    more information on this subject in :
    http://www.heartbleed.com

    do not panic , the new version is already avaliable at openssl.com but it may take 1 day or 2 until be avaliable with apt-get update .

    if you want to update to version 1.01g now the open a terminal and copy all these commands to there :
    cd /
    cd tmp
    wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz
    tar -xzvf openssl-1.0.1g.tar.gz
    cd openssl-1.0.1g
    make
    make install
    you have just updated your ssl
    Last edited by pedropt; 2014-04-08 at 20:24.

  2. #2
    Join Date
    2013-Jun
    Posts
    113
    We just finished implementing this fix in 95 servers irrespective they using SSL or public facing or not. I suggest others to check their F5's to confirm vuln. As far I am aware, 10.1 below and 11.5 is vuln.

  3. #3
    The Kali-Linux repo is synced automatically 4 times a day with Debian.

    Debian have pushed out a patch (apt-get update && apt-get install openssl), so this means all Kali users will also get it.

    Code:
    root@kali ~$ dpkg -l | grep openssl
    ii  libcrypt-openssl-bignum-perl                                0.04-3                             i386         Access OpenSSL multiprecision integer arithmetic libraries
    ii  libcrypt-openssl-rsa-perl                                   0.28-1                             i386         module for RSA encryption using OpenSSL
    ii  libevent-openssl-2.0-5:i386                                 2.0.19-stable-3                    i386         Asynchronous event notification library (openssl)
    ii  libgnutls-openssl27:i386                                    2.12.20-8+deb7u1                   i386         GNU TLS library - OpenSSL wrapper
    ii  openssl                                                     1.0.1e-2+deb7u6                    i386         Secure Socket Layer (SSL) binary and related cryptographic tools
    ii  python-openssl                                              0.13-2+deb7u1                      i386         Python 2 wrapper around the OpenSSL library
    root@kali ~$
    Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

    Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
    Source: http://heartbleed.com/


    The current version is: 1.0.1e-2+deb7u6.
    The vulnerable is: 1.0.1e-2+deb7u4
    For more information: http://www.debian.org/security/2014/dsa-2896


    Its highly recommend that you stick to the repo, rather than compiling it yourself.
    For reasons why: http://www.kali.org/kali-monday/blee...-repositories/
    Last edited by g0tmi1k; 2014-04-12 at 18:59.
    This is a Kali-Linux support forum - not general IT/infosec help.

    Useful Commands: OS, Networking, Hardware, Wi-Fi
    Troubleshooting: Kali-Linux Installation, Repository, Wi-Fi Cards (Official Docs)
    Hardware: Recommended 802.11 Wireless Cards

    Documentation: http://docs.kali.org/ (Offline PDF version)
    Bugs Reporting & Tool Requests: https://bugs.kali.org/
    Kali Tool List, Versions & Man Pages: https://tools.kali.org/

Similar Threads

  1. Replies: 2
    Last Post: 2016-12-08, 16:24
  2. Sticky Finger's **** Vulnerable Pi
    By re4son in forum ARM Archive
    Replies: 0
    Last Post: 2016-07-09, 01:59
  3. WPS Flaw Vulnerable Devices - Shared document
    By frafri in forum General Archive
    Replies: 0
    Last Post: 2015-05-15, 15:20
  4. Replies: 2
    Last Post: 2015-04-02, 20:05
  5. issues installing **** vulnerable web app
    By nshoema in forum General Archive
    Replies: 3
    Last Post: 2014-11-16, 15:23

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •