Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 26 Apr 2014 13:15:18 +0200
From:      =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To:        Joe Parsons <jp4314@outlook.com>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: am I NOT hacked?
Message-ID:  <86tx9gl4u1.fsf@nine.des.no>
In-Reply-To: <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl> (Joe Parsons's message of "Sat, 26 Apr 2014 05:55:28 -0400")
References:  <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl>

next in thread | previous in thread | raw e-mail | index | archive | help
Joe Parsons <jp4314@outlook.com> writes:
> I was slow to patch my multiple vms after that heartbleed disclosure.
> I just managed to upgrade these systems to 9.2, and installed the
> patched openssl, then started changing passwords for root and other
> shell users.  [...]

If you were running 9.2 or older and had not installed OpenSSL from
ports, you were never vulnerable.

In any case, heartbleed does *not* facilitate remote code execution or
code injection, only information retrieval, so unless your passwords
were stored in cleartext (or a weakly hashed form) in the memory of an
Internet-facing SSL-enabled service (such as https, smtp with STARTTLS
or imaps, but not ssh), you cannot have been "hacked" as a consequence
of heartbleed.

Your passwd etc issues are consistent with out-of-sync {,s}pwd.mkdb
which can result from a botched mergemaster.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86tx9gl4u1.fsf>