[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL update.. still giving me a Vulnerable status

On Tuesday, 2002-09-17 at 21:10:14 -0400, Noah L. Meyerhans wrote:
> On Wed, Sep 18, 2002 at 10:55:24AM +1000, Jeroen de Leeuw den Bouter wrote:
> > After updating libssl09 to the latest stable (0.9.4-6.woody.2) version.
> > And running the openssl-sslv2-master script from
> > (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php)

> The test program is being stupid and just looking at the version string.
> It sees 0.9.4 and thinks you're vulnerable.  You aren't.

No, it checks a large and a small overflow. Jeroen, have you restarted
the httpd? If not, it is still running with the old library.

On my Woody machine, after I restarted httpd, I get

1.2.3.4 443 PATCHED: detects small overflow, but crashes (0.9.6e)

HTH,
Lupe Christoph
-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be        |
| unsinkable. The designer had a speech impediment. He said: "I have     |
| thith great unthinkable conthept ..."                                  |
Reply to: