[Commotion-dev] Fwd: OpenSSL vulnerability
Seamus Tuohy
s2e at opentechinstitute.org
Wed Apr 9 14:14:14 EDT 2014
Just used the current nmap-script heartbleed vulnerability test. Per
that test the routers are not vulnerable as they closed the connection
and returned no data.
s2e
On 04/09/2014 12:42 PM, Chris Ritzo wrote:
> Ben,
> Thanks for opening this discussion on the hearbleed exploit. This is
> definitely an issue with OpenSSL on openwrt.
>
> For Commotion, we are using cyassl rather than openssl, so it should be
> less of an issue for Commotion. Due dilligence though, we are testing
> the exploit against Commotion nodes running cyassl to confirm that we're ok.
>
> -Chris
>
>
> On 04/07/2014 10:16 PM, Ben West wrote:
>> About the exploit:
>> http://heartbleed.com/
>>
>> The fixed version (released recently) is 1.01g+:
>> https://www.openssl.org/news/secadv_20140407.txt
>>
>> Trunk appears to be using 1.01f:
>> https://dev.openwrt.org/browser/trunk/package/libs/openssl/Makefile
>>
>> AA is on 1.01e
>> https://dev.openwrt.org/browser/tags/attitude_adjustment_12.09/package/openssl/Makefile?rev=40420
>>
>> --
>> Ben West
>> http://gowasabi.net
>> ben at gowasabi.net <mailto:ben at gowasabi.net>
>> 314-246-9434 <tel:314-246-9434>
>>
>>
>>
>> --
>> Ben West
>> http://gowasabi.net
>> ben at gowasabi.net <mailto:ben at gowasabi.net>
>> 314-246-9434
>>
>>
>> _______________________________________________
>> Commotion-dev mailing list
>> Commotion-dev at lists.chambana.net
>> https://lists.chambana.net/mailman/listinfo/commotion-dev
>>
>
> _______________________________________________
> Commotion-dev mailing list
> Commotion-dev at lists.chambana.net
> https://lists.chambana.net/mailman/listinfo/commotion-dev
>
More information about the Commotion-dev
mailing list