I did get a response from Pat:
Quote:
I would do nothing. If you've applied all the security patches to
Slackware 11.0 then you're running openssl-0.9.8d regardless of what a
(possible?) typo in the logfile might say. nmap -sV localhost should
confirm this.
|
I run nmap, and it showed this:
Quote:
# nmap -sV localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-05-22 16:44 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: (...) closed ports
PORT STATE SERVICE VERSION
(...)
80/tcp open http Apache httpd 1.3.37 ((Unix) mod_ssl/2.8.28 OpenSSL/0.9.8b)
443/tcp open http Apache httpd 1.3.37 ((Unix) mod_ssl/2.8.28 OpenSSL/0.9.8b)
(...)
Nmap finished: 1 IP address (1 host up) scanned in 113.700 seconds
|
Also the "LoadModule ssl_module libexec/apache/libssl.so" file was modified prior to release of OpenSSL 0.9.8d:
Quote:
# ls -l /usr/libexec/apache/libssl.so
-rwxr-xr-x 1 root root 176616 2006-07-28 17:32 /usr/libexec/apache/libssl.so*
|
So I replied to him, but I'm about to go on a 2 weeks vacation and wanted to have this straightened out, so I followed your advice Alien and downloaded source for mod_ssl and compiled it.
Now it's logging version OpenSSL 0.9.8d:
Quote:
[23/May/2007 20:26:35 18205] [info] Server: Apache/1.3.37, Interface: mod_ssl/2.8.28, Library: OpenSSL/0.9.8d
|
And nmap shows it too:
Quote:
# nmap -sV localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-05-23 20:28 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: (...) closed ports
PORT STATE SERVICE VERSION
(...)
80/tcp open http Apache httpd 1.3.37 ((Unix) mod_ssl/2.8.28 OpenSSL/0.9.8d)
443/tcp open http Apache httpd 1.3.37 ((Unix) mod_ssl/2.8.28 OpenSSL/0.9.8d)
(...)
Nmap finished: 1 IP address (1 host up) scanned in 113.817 seconds
|
Do you know of any hacking tools that would allow testing the OpenSSL vulnerabilities prior to 0.9.8d?
So I'm a happy noob now, but something tells me that Slackware 11.0 is not a popular choice for Apache with OpenSSL?