[AusNOG] Heartbleed Bug

Ian Henderson ianh at ianh.net.au
Thu Apr 10 18:02:29 EST 2014 

On 10 Apr 2014, at 3:47 pm, Joshua D'Alton <joshua at railgun.com.au> wrote:

> Another tool:  https://ssltools.geotrust.com/checker/views/certCheck.jsp   though it seems to be being "ddosed" due to use.

The latest version of nmap has a script for detecting heartbleed, considerably faster than the python or external methods, plus it works inside your network for firewalled/RFC1918/etc. svn co https://svn.nmap.org/nmap/. I concurrently scanned ~400 /24’s in less than five minutes on a three year old Macbook Pro (OK, so I couldn’t do anything /else/ on the machine at the time...).

ianh at mel-mb003:~/nmap$ ./nmap --script scripts/ssl-heartbleed.nse -p 443 10.x.x.x

Starting Nmap 6.41SVN ( http://nmap.org ) at 2014-04-10 17:57 EST
Nmap scan report for 10.x.x.x
Host is up (0.042s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-heartbleed: 
|   VULNERABLE:
|   The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
|     State: VULNERABLE
|     Risk factor: High
|     Description:
|       OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|           
|     References:
|       http://www.openssl.org/news/secadv_20140407.txt 
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
|_      http://cvedetails.com/cve/2014-0160/

Nmap done: 1 IP address (1 host up) scanned in 0.96 seconds
ianh at mel-mb003:~/nmap$ 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4130 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140410/f7ea3afd/attachment.bin>

More information about the AusNOG mailing list