SSL problems in woody (slapper)
Reading on the list about the slapper worm I thought I should check what
my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php).
(apache was restarted after upgrade of ssl)
/home/bjarne# ./ssl-test xxx.xxx.xxx.31
xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e)
I checked the apache prosess on the server after I ran the test. It had not crashed.
Is it only the child prosess that terminates?
According to the the makers of openssl-sslv2-master the version returned
is guessed from how the server responds to the probe. Does this mean
that 0.9.6c-2.woody.1 -> 0.9.6e?
After I checked to see which versions of SSL I had installed:
bjarne@system:~$ dpkg -l | grep ssl
ii curl-ssl 7.9.5-2 Pseudopackage for migration from Debian 2.2
ii libapache-mod- 2.8.9-2 Documentation for Apache module mod_ssl
ii libcurl2-ssl 7.9.5-2 Multi-protocol file transfer library. (SSL s
ii libssl0.9.6 0.9.6c-2.woody SSL shared libraries
ii libssl09 0.9.4-6.woody. SSL shared libraries (old version)
ii openssl 0.9.6c-2.woody Secure Socket Layer (SSL) binary and related
dpkg -l libssl0.9.6 returns 0.9.6c-2.woody.1
dpkg -l libssl09 returns 0.9.4-6.woody.2
On a side note.
I wonder about curl-ssl and libssl09. Are they made redundant by libssl0.9.6?
--
Bjarne
A novice on a steep learning curve.
Reply to: