Date: Sat, 26 Apr 2014 13:15:18 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Joe Parsons <jp4314@outlook.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: am I NOT hacked? Message-ID: <86tx9gl4u1.fsf@nine.des.no> In-Reply-To: <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl> (Joe Parsons's message of "Sat, 26 Apr 2014 05:55:28 -0400") References: <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Parsons <jp4314@outlook.com> writes: > I was slow to patch my multiple vms after that heartbleed disclosure. > I just managed to upgrade these systems to 9.2, and installed the > patched openssl, then started changing passwords for root and other > shell users. [...] If you were running 9.2 or older and had not installed OpenSSL from ports, you were never vulnerable. In any case, heartbleed does *not* facilitate remote code execution or code injection, only information retrieval, so unless your passwords were stored in cleartext (or a weakly hashed form) in the memory of an Internet-facing SSL-enabled service (such as https, smtp with STARTTLS or imaps, but not ssh), you cannot have been "hacked" as a consequence of heartbleed. Your passwd etc issues are consistent with out-of-sync {,s}pwd.mkdb which can result from a botched mergemaster. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86tx9gl4u1.fsf>