News: This forum is now permanently frozen.
Pages: [1]
Topic: M0n0wall susceptible to POODLE SSLv3 vulnerability [CVE-2014-3566]  (Read 664 times)
« on: December 16, 2014, 01:46:57 »
hastingsc *
Posts: 5

According to my vulnerability scanner it looks like M0n0wall is vulnerable to POODLE attacks on its web interface on TCP port 443.  Is the associated FreeBSD patch going to be applied to the M0n0wall code base in order address this vulnerability soon?

Many thanks!

NOTE: I'm unsure which topic vulnerability reports go under so I also created a new topic for this issue under "Bug Reports".
« Reply #1 on: January 01, 2015, 06:58:57 »
azdps **
Posts: 63

I updated Freebsd 8.4 source code to revision 276494 on my own and a made a m0n0wall build. Try this build and let me know if your still exposed to the POODLE vulnerability. Date created 12/31/14. The patch was announced on 10/21/14 by the FreeBSD project, and an official m0n0wall snapshot is dated as 11/03/14 on the snapshots website I would assume that the official m0n0wall snapshot dated 11/03/14 would have included the patched source code. Both of those dates are fairly close, and I guess that the patch potentially might not have been included. Which m0n0wall build were you using when you tested yourself? Just curious.



« Last Edit: January 01, 2015, 07:15:03 by azdps »
Pages: [1]
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines