General Questions

According to my vulnerability scanner it looks like M0n0wall is vulnerable to POODLE attacks on its web interface on TCP port 443.  Is the associated FreeBSD patch going to be applied to the M0n0wall code base in order address this vulnerability soon?

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:23.openssl.asc

Many thanks!

NOTE: I'm unsure which topic vulnerability reports go under so I also created a new topic for this issue under "Bug Reports".

I updated Freebsd 8.4 source code to revision 276494 on my own and a made a m0n0wall build. Try this build and let me know if your still exposed to the POODLE vulnerability. Date created 12/31/14. The patch was announced on 10/21/14 by the FreeBSD project, and an official m0n0wall snapshot is dated as 11/03/14 on the snapshots website http://m0n0.ch/wall/snapshots/1.8.2/. I would assume that the official m0n0wall snapshot dated 11/03/14 would have included the patched source code. Both of those dates are fairly close, and I guess that the patch potentially might not have been included. Which m0n0wall build were you using when you tested yourself? Just curious.

generic-pc-1.8.2b574.img
http://www.datafilehost.com/d/e579e3d6

generic-pc-1.8.2b574.iso
http://www.datafilehost.com/d/6195f454

generic-pc-serial-1.8.2b574.img
http://www.datafilehost.com/d/181570ba