Re: SSL problems in woody (slapper)
On Friday, 2002-09-20 at 09:18:44 +0200, Bjarne Østby wrote: /home/bjarne# ./ssl-test xxx.xxx.xxx.31 xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e) I checked the apache prosess on the server after I ran the test. It had not crashed. Is it only the child prosess that terminates? It is the connection that crashes, i.e. is not properly shut down with the SSL protocol. 0.9.6g does that. According to the the makers of openssl-sslv2-master the version returned is guessed from how the server responds to the probe. Does this mean that 0.9.6c-2.woody.1 - 0.9.6e? 0.9.6c-2.woody.1 behaves like 0.9.6e in this by terminating the connection hard instead of sending an error message. On a side note. I wonder about curl-ssl and libssl09. Are they made redundant by libssl0.9.6? For libssl09, I found no packages in sarge that depend on it. And curl-ssl's Description in sarge says: Description: Pseudopackage for migration from Debian 2.2 (potato). I checked woody, same situation. So unless you are running potato, you can remove both packages. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be| | unsinkable. The designer had a speech impediment. He said: I have | | thith great unthinkable conthept ... | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSL problems in woody (slapper)
On Friday, 2002-09-20 at 09:18:44 +0200, Bjarne Østby wrote: /home/bjarne# ./ssl-test xxx.xxx.xxx.31 xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e) I checked the apache prosess on the server after I ran the test. It had not crashed. Is it only the child prosess that terminates? It is the connection that crashes, i.e. is not properly shut down with the SSL protocol. 0.9.6g does that. According to the the makers of openssl-sslv2-master the version returned is guessed from how the server responds to the probe. Does this mean that 0.9.6c-2.woody.1 - 0.9.6e? 0.9.6c-2.woody.1 behaves like 0.9.6e in this by terminating the connection hard instead of sending an error message. On a side note. I wonder about curl-ssl and libssl09. Are they made redundant by libssl0.9.6? For libssl09, I found no packages in sarge that depend on it. And curl-ssl's Description in sarge says: Description: Pseudopackage for migration from Debian 2.2 (potato). I checked woody, same situation. So unless you are running potato, you can remove both packages. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be| | unsinkable. The designer had a speech impediment. He said: I have | | thith great unthinkable conthept ... |
SSL problems in woody (slapper)
Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). (apache was restarted after upgrade of ssl) /home/bjarne# ./ssl-test xxx.xxx.xxx.31 xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e) I checked the apache prosess on the server after I ran the test. It had not crashed. Is it only the child prosess that terminates? According to the the makers of openssl-sslv2-master the version returned is guessed from how the server responds to the probe. Does this mean that 0.9.6c-2.woody.1 - 0.9.6e? After I checked to see which versions of SSL I had installed: bjarne@system:~$ dpkg -l | grep ssl ii curl-ssl 7.9.5-2Pseudopackage for migration from Debian 2.2 ii libapache-mod- 2.8.9-2Documentation for Apache module mod_ssl ii libcurl2-ssl 7.9.5-2Multi-protocol file transfer library. (SSL s ii libssl0.9.60.9.6c-2.woody SSL shared libraries ii libssl09 0.9.4-6.woody. SSL shared libraries (old version) ii openssl0.9.6c-2.woody Secure Socket Layer (SSL) binary and related dpkg -l libssl0.9.6 returns 0.9.6c-2.woody.1 dpkg -l libssl09 returns 0.9.4-6.woody.2 On a side note. I wonder about curl-ssl and libssl09. Are they made redundant by libssl0.9.6? -- Bjarne A novice on a steep learning curve. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSL problems in woody (slapper)
On Fri, Sep 20, 2002 at 09:18:44AM +0200, Bjarne Østby wrote: Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). How did you compile it. My effort failed and I don't have enough knowledge of C to know what to do: cc -lcrypt -ldl openssl-sslv2-master.c -o openssl-sslv2-master /tmp/cc5fIiWn.o: In function `buffer_md5': /tmp/cc5fIiWn.o(.text+0x87e): undefined reference to `MD5' /tmp/cc5fIiWn.o: In function `buffer_encrypt_RSA': /tmp/cc5fIiWn.o(.text+0x8a7): undefined reference to `RSA_size' /tmp/cc5fIiWn.o(.text+0x8d1): undefined reference to `RSA_size' /tmp/cc5fIiWn.o(.text+0x8f7): undefined reference to `RSA_public_encrypt' /tmp/cc5fIiWn.o: In function `buffer_derive_RC4_key': /tmp/cc5fIiWn.o(.text+0x937): undefined reference to `RC4_set_key' /tmp/cc5fIiWn.o: In function `buffer_crypt_RC4': /tmp/cc5fIiWn.o(.text+0x986): undefined reference to `RC4' /tmp/cc5fIiWn.o: In function `ssl_check_server_hello': /tmp/cc5fIiWn.o(.text+0xf43): undefined reference to `d2i_X509' /tmp/cc5fIiWn.o(.text+0xf79): undefined reference to `X509_get_pubkey' /tmp/cc5fIiWn.o: In function `ssl_disconnect': /tmp/cc5fIiWn.o(.text+0x1640): undefined reference to `EVP_PKEY_free' /tmp/cc5fIiWn.o(.text+0x1660): undefined reference to `X509_free' collect2: ld returned 1 exit status Regards. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch But my God shall supply all your need according to his riches in glory by Christ Jesus. Philippians 4:19 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSL problems in woody (slapper) (ignore my previous message)
On Fri, Sep 20, 2002 at 11:08:25AM +0200, Johann Spies wrote: On Fri, Sep 20, 2002 at 09:18:44AM +0200, Bjarne Østby wrote: Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). How did you compile it. My effort failed and I don't have enough knowledge of C to know what to do: cc -lcrypt -ldl openssl-sslv2-master.c -o openssl-sslv2-master Sorry, my mistake. I did not read properly. using -lcrypto worked. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch But my God shall supply all your need according to his riches in glory by Christ Jesus. Philippians 4:19 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSL problems in woody (slapper)
On Fri, Sep 20, 2002 at 09:18:44AM +0200, Bjarne Østby wrote: Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). (apache was restarted after upgrade of ssl) /home/bjarne# ./ssl-test xxx.xxx.xxx.31 xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e) The output I get is constantly: xxx.xxx.xxx.xxx.31 443 UNDECIDED: initial connection failed Is that normal? Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch But my God shall supply all your need according to his riches in glory by Christ Jesus. Philippians 4:19 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSL problems in woody (slapper)
On Fri, Sep 20, 2002 at 04:03:32PM +0200, Johann Spies wrote: On Fri, Sep 20, 2002 at 09:18:44AM +0200, Bjarne Østby wrote: Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). (apache was restarted after upgrade of ssl) /home/bjarne# ./ssl-test xxx.xxx.xxx.31 xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e) The output I get is constantly: xxx.xxx.xxx.xxx.31 443 UNDECIDED: initial connection failed Is that normal? I get it if I forget to turn off my firewall or target a closed port. Have you installed HTTPS support for apache (and use it)? I have webservers without HTTPS and they return UNDECIDED. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch But my God shall supply all your need according to his riches in glory by Christ Jesus. Philippians 4:19 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Bjarne Østby A novice on a steep learning curve. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
SSL problems in woody (slapper)
Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). (apache was restarted after upgrade of ssl) /home/bjarne# ./ssl-test xxx.xxx.xxx.31 xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e) I checked the apache prosess on the server after I ran the test. It had not crashed. Is it only the child prosess that terminates? According to the the makers of openssl-sslv2-master the version returned is guessed from how the server responds to the probe. Does this mean that 0.9.6c-2.woody.1 - 0.9.6e? After I checked to see which versions of SSL I had installed: [EMAIL PROTECTED]:~$ dpkg -l | grep ssl ii curl-ssl 7.9.5-2Pseudopackage for migration from Debian 2.2 ii libapache-mod- 2.8.9-2Documentation for Apache module mod_ssl ii libcurl2-ssl 7.9.5-2Multi-protocol file transfer library. (SSL s ii libssl0.9.60.9.6c-2.woody SSL shared libraries ii libssl09 0.9.4-6.woody. SSL shared libraries (old version) ii openssl0.9.6c-2.woody Secure Socket Layer (SSL) binary and related dpkg -l libssl0.9.6 returns 0.9.6c-2.woody.1 dpkg -l libssl09 returns 0.9.4-6.woody.2 On a side note. I wonder about curl-ssl and libssl09. Are they made redundant by libssl0.9.6? -- Bjarne A novice on a steep learning curve.
Re: SSL problems in woody (slapper)
On Fri, Sep 20, 2002 at 09:18:44AM +0200, Bjarne Østby wrote: Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). How did you compile it. My effort failed and I don't have enough knowledge of C to know what to do: cc -lcrypt -ldl openssl-sslv2-master.c -o openssl-sslv2-master /tmp/cc5fIiWn.o: In function `buffer_md5': /tmp/cc5fIiWn.o(.text+0x87e): undefined reference to `MD5' /tmp/cc5fIiWn.o: In function `buffer_encrypt_RSA': /tmp/cc5fIiWn.o(.text+0x8a7): undefined reference to `RSA_size' /tmp/cc5fIiWn.o(.text+0x8d1): undefined reference to `RSA_size' /tmp/cc5fIiWn.o(.text+0x8f7): undefined reference to `RSA_public_encrypt' /tmp/cc5fIiWn.o: In function `buffer_derive_RC4_key': /tmp/cc5fIiWn.o(.text+0x937): undefined reference to `RC4_set_key' /tmp/cc5fIiWn.o: In function `buffer_crypt_RC4': /tmp/cc5fIiWn.o(.text+0x986): undefined reference to `RC4' /tmp/cc5fIiWn.o: In function `ssl_check_server_hello': /tmp/cc5fIiWn.o(.text+0xf43): undefined reference to `d2i_X509' /tmp/cc5fIiWn.o(.text+0xf79): undefined reference to `X509_get_pubkey' /tmp/cc5fIiWn.o: In function `ssl_disconnect': /tmp/cc5fIiWn.o(.text+0x1640): undefined reference to `EVP_PKEY_free' /tmp/cc5fIiWn.o(.text+0x1660): undefined reference to `X509_free' collect2: ld returned 1 exit status Regards. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch But my God shall supply all your need according to his riches in glory by Christ Jesus. Philippians 4:19
Re: SSL problems in woody (slapper) (ignore my previous message)
On Fri, Sep 20, 2002 at 11:08:25AM +0200, Johann Spies wrote: On Fri, Sep 20, 2002 at 09:18:44AM +0200, Bjarne Østby wrote: Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). How did you compile it. My effort failed and I don't have enough knowledge of C to know what to do: cc -lcrypt -ldl openssl-sslv2-master.c -o openssl-sslv2-master Sorry, my mistake. I did not read properly. using -lcrypto worked. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch But my God shall supply all your need according to his riches in glory by Christ Jesus. Philippians 4:19
Re: SSL problems in woody (slapper)
How did you compile it. My effort failed and I don't have enough knowledge of C to know what to do: cc -lcrypt -ldl openssl-sslv2-master.c -o openssl-sslv2-master cc -lcrypto will do a better job... /tmp/cc5fIiWn.o: In function `buffer_md5': /tmp/cc5fIiWn.o(.text+0x87e): undefined reference to `MD5' /tmp/cc5fIiWn.o: In function `buffer_encrypt_RSA': /tmp/cc5fIiWn.o(.text+0x8a7): undefined reference to `RSA_size' /tmp/cc5fIiWn.o(.text+0x8d1): undefined reference to `RSA_size' /tmp/cc5fIiWn.o(.text+0x8f7): undefined reference to `RSA_public_encrypt' /tmp/cc5fIiWn.o: In function `buffer_derive_RC4_key': /tmp/cc5fIiWn.o(.text+0x937): undefined reference to `RC4_set_key' /tmp/cc5fIiWn.o: In function `buffer_crypt_RC4': /tmp/cc5fIiWn.o(.text+0x986): undefined reference to `RC4' /tmp/cc5fIiWn.o: In function `ssl_check_server_hello': /tmp/cc5fIiWn.o(.text+0xf43): undefined reference to `d2i_X509' /tmp/cc5fIiWn.o(.text+0xf79): undefined reference to `X509_get_pubkey' /tmp/cc5fIiWn.o: In function `ssl_disconnect': /tmp/cc5fIiWn.o(.text+0x1640): undefined reference to `EVP_PKEY_free' /tmp/cc5fIiWn.o(.text+0x1660): undefined reference to `X509_free' collect2: ld returned 1 exit status -- Laurent Luyckx signature.asc Description: This is a digitally signed message part
Re: SSL problems in woody (slapper)
On Fri, Sep 20, 2002 at 09:18:44AM +0200, Bjarne Østby wrote: Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). (apache was restarted after upgrade of ssl) /home/bjarne# ./ssl-test xxx.xxx.xxx.31 xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e) The output I get is constantly: xxx.xxx.xxx.xxx.31 443 UNDECIDED: initial connection failed Is that normal? Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch But my God shall supply all your need according to his riches in glory by Christ Jesus. Philippians 4:19
Re: SSL problems in woody (slapper)
On Fri, Sep 20, 2002 at 04:03:32PM +0200, Johann Spies wrote: On Fri, Sep 20, 2002 at 09:18:44AM +0200, Bjarne Østby wrote: Reading on the list about the slapper worm I thought I should check what my servers return when tested with the openssl-sslv2-master script (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php). (apache was restarted after upgrade of ssl) /home/bjarne# ./ssl-test xxx.xxx.xxx.31 xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e) The output I get is constantly: xxx.xxx.xxx.xxx.31 443 UNDECIDED: initial connection failed Is that normal? I get it if I forget to turn off my firewall or target a closed port. Have you installed HTTPS support for apache (and use it)? I have webservers without HTTPS and they return UNDECIDED. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch But my God shall supply all your need according to his riches in glory by Christ Jesus. Philippians 4:19 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Bjarne Østby A novice on a steep learning curve.
