Date: Sat, 26 Apr 2014 13:15:18 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Joe Parsons <jp4314@outlook.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: am I NOT hacked? Message-ID: <86tx9gl4u1.fsf@nine.des.no> In-Reply-To: <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl> (Joe Parsons's message of "Sat, 26 Apr 2014 05:55:28 -0400") References: <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Parsons <jp4314@outlook.com> writes:
> I was slow to patch my multiple vms after that heartbleed disclosure.
> I just managed to upgrade these systems to 9.2, and installed the
> patched openssl, then started changing passwords for root and other
> shell users. [...]
If you were running 9.2 or older and had not installed OpenSSL from
ports, you were never vulnerable.
In any case, heartbleed does *not* facilitate remote code execution or
code injection, only information retrieval, so unless your passwords
were stored in cleartext (or a weakly hashed form) in the memory of an
Internet-facing SSL-enabled service (such as https, smtp with STARTTLS
or imaps, but not ssh), you cannot have been "hacked" as a consequence
of heartbleed.
Your passwd etc issues are consistent with out-of-sync {,s}pwd.mkdb
which can result from a botched mergemaster.
DES
--
Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86tx9gl4u1.fsf>