Yesterday, the script openssl_overflow_generic_test.nasl was released.
Basically, this script connects to all the SSL enabled ports of the
remote host, advertizes itself as a SSLv2 client, sends a malformed key
and observes the behavior of the remote host.
So far, every SSLv2-compatible service I've tested with script script
have been shown as vulnerable when they were, so I'm now considering
removing the lame openssl_overflow.nasl which just relies on the banner
version (and is subject to a false positive on RedHat and possibly
Debian).
Before I do that, I'd appreciate to get some feedback concerning
openssl_overflow_generic_test.nasl. Since the protocol is not really
negociated, I fear that there is some case were we might miss a
vulnerability.
So please, report to me any false positive / false negative.
(the script is on www.nessus.org/scripts.php or obtainable via
nessus-update-plugins)
-- Renaud
Basically, this script connects to all the SSL enabled ports of the
remote host, advertizes itself as a SSLv2 client, sends a malformed key
and observes the behavior of the remote host.
So far, every SSLv2-compatible service I've tested with script script
have been shown as vulnerable when they were, so I'm now considering
removing the lame openssl_overflow.nasl which just relies on the banner
version (and is subject to a false positive on RedHat and possibly
Debian).
Before I do that, I'd appreciate to get some feedback concerning
openssl_overflow_generic_test.nasl. Since the protocol is not really
negociated, I fear that there is some case were we might miss a
vulnerability.
So please, report to me any false positive / false negative.
(the script is on www.nessus.org/scripts.php or obtainable via
nessus-update-plugins)
-- Renaud