[CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
Keith Keller
kkeller at wombat.san-francisco.ca.us
Tue Apr 8 22:19:21 UTC 2014
On 2014-04-08, Leon Fauster <leonfauster at googlemail.com> wrote:
>
> looking inside - its seems that this issue (cve-2014-0160) is resolved
> in ssl/d1_both.c and ssl/t1_lib.c and not in files under crypto/ ...
> to say more i have to take a look into the build process.
So if it turns out to be true that the bug is in libssl, and not
libcrypto (which so far seems like a reasonable guess, but has not yet
been confirmed), then the following lsof should work to report active
processes which are still vulnerable:
lsof -n | grep -E libssl | grep -i DEL
The -i makes the grep case-insensitive. I've seen both DEL and deleted
in the lsof output for various CentOS versions; it's possible that an
old lsof could still be running on a box with a vulnerable openssl,
though, so it's safest to look for both patterns.
--keith
--
kkeller at wombat.san-francisco.ca.us
More information about the CentOS
mailing list