Looking for tool to test new ssl vulnerabilities

Russell Fulton r.fulton at auckland.ac.nz
Wed Jul 31 20:12:28 GMT 2002


Hi All, 

I've been pondering how I am going to find all the servers on campus
that are vulnerable to the latest SSL bugs.  Unlike ssh you can't simply
grab a banner to find the version (although this has problems of its own
since linux binary updates don't change the banners...). 

If anyone has any ideas I would love to hear them. 

Hmmmm... nessus has a plugin (quick work!) that reports the ssl version,
but as I noted above this will still flag all the linux systems that
have been upgrade using rpms.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

'It aint necessarily so'  - Gershwin



More information about the unisog mailing list