anders.synstad

Nimsoft Monitor and the critical openssl heartbleed bug

Discussion created by anders.synstad on Apr 8, 2014
Latest reply on Apr 15, 2014 by 1_keithk

Many of you have probably heard about the recent critical "heartbleed" bug in
openssl and are currently franticly patching your systems (or should be at
least).

 

http://heartbleed.com/
https://www.openssl.org/news/secadv_20140407.txt

 

"The OpenSSL project has confirmed that the code responsible for the flaw has
been present in its software since 2011 and available to the public since the
release of OpenSSL 1.0.1 in March 2012."

 

I just had a quick check on the hub probes at least:

# strings /opt/nimsoft/hub/hub |egrep -io "openssl.*20.*$" | uniq
OpenSSL 1.0.0c 2 Dec 2010

# strings /opt/nimsoft/hub/libldapssl.so.0 |egrep -io "openssl.*20.*$" | uniq
OpenSSL 0.9.8 05 Jul 2005

 

It appears both the new v7.50 and the older v5.82 have the same openssl lib
statically linked. And it should not be affected by the heartbleed bug.

 

But if anyone else comes across something else in the Nimbus world that is
affected by this, please shout out!

Outcomes