Looking for tool to test new ssl vulnerabilities
r.fulton at auckland.ac.nz
Wed Jul 31 20:12:28 GMT 2002
I've been pondering how I am going to find all the servers on campus
that are vulnerable to the latest SSL bugs. Unlike ssh you can't simply
grab a banner to find the version (although this has problems of its own
since linux binary updates don't change the banners...).
If anyone has any ideas I would love to hear them.
Hmmmm... nessus has a plugin (quick work!) that reports the ssl version,
but as I noted above this will still flag all the linux systems that
have been upgrade using rpms.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
'It aint necessarily so' - Gershwin
More information about the unisog