Solved

Implication of applying patch / renew SSL cert on non-vulnerable Heart-Bleed OpenSSL versions

Posted on 2014-04-21
2
417 Views
Last Modified: 2014-04-22
The vulnerable versions are 1.0.1 to 1.0.1f

I have 1.0.1g & 0.9.8 (& its branch versions)
as well asl 0.9.7d

Q1:
0.9.7d was not indicated as vulnerable or non-vul but I'm inclined to believe
it's not as the Heartbleed vulnerability appears to start to surface starting
from 1.0.1 (sort of coding flaw started at that time): is this assumption right?

Q2:
if a colleague accidentally applied patches on non-vulnerable versions,
what's the implication?  Or does it allow the patch in RHES/Solaris x86/
SuSE Linux to go through?  I don't have access to Linux to test this out.
0
Comment
Question by:sunhux
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 250 total points
ID: 40014157
the "patch" should just be an upgrade to 1.0.1g - there WAS a temp patch which recompiled openssl (from source) with the flag OPENSSL_NO_HEARTBEATS asserted - if you recompile openssl with an unrecognised flag, it is just ignored.

So in either case, there is no significant impact (although going to the latest stable is rarely a bad thing :)
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40014246
A1: still you have to patch such an old version for other vulnerabilities
A2: Just that those old versions got less other vulnerabilities.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now