Friday, June 23, 2017

security - How can I check if my embedded Linux's SSL is not affected by heartbleed, without relying on the version number?




There are a lot of embedded Linux device that are built on Linux, that are used exactly for security purposes, like gateways, if I check OpenSSL I get:



openssl version -a


gets -»



OpenSSL 1.0.0k 5 Feb 2013



But this maybe patched or merged and I don't have access to the sources, how can I check that my system is not vulnerable without relying on openssl version -a


Answer



There is a perl script that allows you to check our own services. There are also online tools. One more.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...