Re: [FRnOG] Re: [ALERT] Nouvelle faille openssl

Wed, 09 Apr 2014 16:24:07 -0700 

Le 09/04/2014 23:40, jehan procaccia INT a écrit :
> serait-il capable de trouver une vulnérabilité dans openssh
un ldd de /usr/bin/ssh et /usr/sbin/sshd sur une debian wheezy ne liste
pas libssl.

je ne sais pas si openssl se cache sous un autre nom dans ce cas mais il
semble qu'on soit tranquille pour le coup non ?

# ldd /usr/sbin/sshd
        linux-gate.so.1 =>  (0xb7753000)
        libwrap.so.0 => /lib/i386-linux-gnu/libwrap.so.0 (0xb76b2000)
        libpam.so.0 => /lib/i386-linux-gnu/libpam.so.0 (0xb76a3000)
        libselinux.so.1 => /lib/i386-linux-gnu/libselinux.so.1 (0xb7682000)
        libcrypto.so.1.0.0 =>
/usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 (0xb74c3000)
        libutil.so.1 => /lib/i386-linux-gnu/i686/cmov/libutil.so.1
(0xb74bf000)
        libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb74a6000)
        libcrypt.so.1 => /lib/i386-linux-gnu/i686/cmov/libcrypt.so.1
(0xb7474000)
        libgssapi_krb5.so.2 =>
/usr/lib/i386-linux-gnu/libgssapi_krb5.so.2 (0xb7435000)
        libkrb5.so.3 => /usr/lib/i386-linux-gnu/libkrb5.so.3 (0xb7363000)
        libcom_err.so.2 => /lib/i386-linux-gnu/libcom_err.so.2 (0xb735e000)
        libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb71fa000)
        libnsl.so.1 => /lib/i386-linux-gnu/i686/cmov/libnsl.so.1
(0xb71e3000)
        libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb71de000)
        /lib/ld-linux.so.2 (0xb7754000)
        libk5crypto.so.3 => /usr/lib/i386-linux-gnu/libk5crypto.so.3
(0xb71b4000)
        libkrb5support.so.0 =>
/usr/lib/i386-linux-gnu/libkrb5support.so.0 (0xb71ab000)
        libkeyutils.so.1 => /lib/i386-linux-gnu/libkeyutils.so.1
(0xb71a6000)
        libresolv.so.2 => /lib/i386-linux-gnu/i686/cmov/libresolv.so.2
(0xb7192000)
        libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
(0xb7178000)


# ldd /usr/bin/ssh
        linux-gate.so.1 =>  (0xb7743000)
        libselinux.so.1 => /lib/i386-linux-gnu/libselinux.so.1 (0xb76a4000)
        libresolv.so.2 => /lib/i386-linux-gnu/i686/cmov/libresolv.so.2
(0xb7690000)
        libcrypto.so.1.0.0 =>
/usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 (0xb74d0000)
        libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb74cc000)
        libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb74b3000)
        libgssapi_krb5.so.2 =>
/usr/lib/i386-linux-gnu/libgssapi_krb5.so.2 (0xb7475000)
        libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb7311000)
        /lib/ld-linux.so.2 (0xb7744000)
        libkrb5.so.3 => /usr/lib/i386-linux-gnu/libkrb5.so.3 (0xb723e000)
        libk5crypto.so.3 => /usr/lib/i386-linux-gnu/libk5crypto.so.3
(0xb7214000)
        libcom_err.so.2 => /lib/i386-linux-gnu/libcom_err.so.2 (0xb720f000)
        libkrb5support.so.0 =>
/usr/lib/i386-linux-gnu/libkrb5support.so.0 (0xb7206000)
        libkeyutils.so.1 => /lib/i386-linux-gnu/libkeyutils.so.1
(0xb7201000)
        libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
(0xb71e7000)


---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/

Répondre à