OpenSSL Security issues

Alan DeKok aland at deployingradius.com
Mon Apr 7 23:18:16 CEST 2014


  This is a bad one:

http://heartbleed.com/

...
The Heartbleed bug allows anyone on the Internet to read the memory of
the systems protected by the vulnerable versions of the OpenSSL software.
...

* OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
* OpenSSL 1.0.1g is NOT vulnerable
* OpenSSL 0.9.8 branch is NOT vulnerable

  Everyone using TLS methods with EAP are likely vulnerable.  Anyone
using RadSec is likely vulnerable.

  Please check which version of OpenSSL you are using.

  Alan DeKok.


More information about the Freeradius-Users mailing list