[unisog] Remote detection of vulnerable OpenSSL versions (fwd)

Andreas Östling andreaso at it.su.se
Wed Sep 18 19:17:35 GMT 2002


On Wed, 18 Sep 2002, Anderson Johnston wrote:

> I'm sure these guys know what they are doing, but I hesitate to detect
> buffer overflow conditions by causing buffer overflows - even little ones.
> Has anyone more courageous than I tried this?
>
> 					- andy

I agree, since you're actually causing unexpected behaviour. From what
I've tested though, it works quite well. Keep in mind that a service on a
vulnerable host may crash and not restart, but I hardly see that as a bad
thing in this case.

The OpenSSL exploit just published on a few lists contains a scanner that
claims to do an even better job of remotely detecting vulnerable
versions.

Btw, did anyone else find out that there are more than just Apache that
uses (a vulnerable) OpenSSL and listens on 443/tcp? (and most likely on
other ports as well, I guess)

Regards,
Andreas Östling



More information about the unisog mailing list