Heartbleed: dovecot2 is still vulnerable after upgrade of OpenSSL library
Gustaf Neumann
neumann at wu.ac.at
Mon Apr 28 04:47:20 PDT 2014
Am 28.04.14 10:27, schrieb Winfried Dietmayer:
> This is all really weird.
>
> Thank you so far for your help , any further help is of course much appreciated.
Not sure, if this helps, but i just installed dovecot freshly from
macports on 10.9.2
with the default configuration, and it does not seem to be vulnerable.
-gn
% ~/scripts/cardiac-arrest.py -a -p 993 localhost
[INFO] Testing: localhost (127.0.0.1)
[INFO] Connecting to 127.0.0.1:993 using SSLv3
[INFO] No heartbeat response was received. The server is probably not vulnerable.
[INFO] Connecting to 127.0.0.1:993 using TLSv1.0
[INFO] No heartbeat response was received. The server is probably not vulnerable.
[INFO] Connecting to 127.0.0.1:993 using TLSv1.1
[INFO] No heartbeat response was received. The server is probably not vulnerable.
[INFO] Connecting to 127.0.0.1:993 using TLSv1.2
[INFO] No heartbeat response was received. The server is probably not vulnerable.
[PASS] localhost:993 (127.0.0.1:993) does not appear to be vulnerable to Heartbleed!
More information about the macports-users
mailing list