Heartbleed: dovecot2 is still vulnerable after upgrade of OpenSSL library
Winfried Dietmayer
Winfried.Dietmayer at t-online.de
Mon Apr 21 02:49:17 PDT 2014
Hello,
I use the following version of dovecot2 and OpenSSL:
--------
$ port installed | egrep "dovecot|openssl"
--------
--> dovecot2 @2.2.12_0 (active)
--> openssl @1.0.1g_0 (active)
I attack the dovecot server:
--------
$ ./cardiac-arrest.py -a -p 993 localhost | grep -i fail
--------
--> [FAIL] Heartbeat response was 16384 bytes instead of 3! 127.0.0.1:993 is vulnerable over SSLv3
--> [FAIL] Heartbeat response was 16384 bytes instead of 3! 127.0.0.1:993 is vulnerable over TLSv1.0
--> [FAIL] Heartbeat response was 16384 bytes instead of 3! 127.0.0.1:993 is vulnerable over TLSv1.1
--> [FAIL] Heartbeat response was 16384 bytes instead of 3! 127.0.0.1:993 is vulnerable over TLSv1.2
My configuration:
--------
$ uname -a
————
—> Darwin 13.1.0 Darwin Kernel Version 13.1.0: Thu Jan 16 19:40:37 PST 2014; root:xnu-2422.90.20~2/RELEASE_X86_64 x86_64
————
$ port -v
————
—> MacPorts 2.2.1
What I have to do in order to get rid of the heartbleed vulnerability of my dovecot imap server?
Thanks & Regards,
Winfried
——
"In theory, there is no difference between theory and practice.
In practice, there is."
More information about the macports-users
mailing list