For testing, I've had good luck with https://github.com/titanous/heartbleeder and https://gist.github.com/takeshixx/10107280
Both are mostly platform-independent, so they should be able to work even if you don't have a modern OpenSSL to test with. Cheers and good luck (you're going to need it), jof On Tue, Apr 8, 2014 at 5:03 PM, Michael Thomas <m...@mtcc.com> wrote: > Just as a data point, I checked the servers I run and it's a good thing I > didn't reflexively update them first. > On Centos 6.0, the default openssl is 1.0.0 which supposedly doesn't have > the vulnerability, but the > ones queued up for update do. I assume that redhat will get the patched > version soon but be careful! > > Mike > > > On 04/07/2014 10:06 PM, Paul Ferguson wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> I'm really surprised no one has mentioned this here yet... >> >> FYI, >> >> - - ferg >> >> >> >> Begin forwarded message: >> >> From: Rich Kulawiec <r...@gsp.org> Subject: Serious bug in >>> ubiquitous OpenSSL library: "Heartbleed" Date: April 7, 2014 at >>> 9:27:40 PM EDT >>> >>> This reaches across many versions of Linux and BSD and, I'd >>> presume, into some versions of operating systems based on them. >>> OpenSSL is used in web servers, mail servers, VPNs, and many other >>> places. >>> >>> Writeup: Heartbleed: Serious OpenSSL zero day vulnerability >>> revealed >>> http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability- >>> revealed-7000028166/ >>> >>> Technical details: Heartbleed Bug http://heartbleed.com/ >>> >>> OpenSSL versions affected (from link just above): OpenSSL 1.0.1 >>> through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT >>> vulnerable (released today, April 7, 2014) OpenSSL 1.0.0 branch is >>> NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable >>> >>> >> - -- Paul Ferguson >> VP Threat Intelligence, IID >> PGP Public Key ID: 0x54DC85B2 >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2.0.22 (MingW32) >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iF4EAREIAAYFAlNDg9gACgkQKJasdVTchbIrAAD9HzKaElH1Tk0oIomAOoSOvfJf >> 3Dvt4QB54os4/yewQQ8A/0dhFZ/YuEdA81dkNfR9KIf1ZF72CyslSPxPvkDcTz5e >> =aAzE >> -----END PGP SIGNATURE----- >> > > >
