NSClient OpenSSL Vulnerability

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
pato
Posts: 18
Joined: Thu Oct 10, 2013 6:06 pm
Location: Melbourne, Australia

NSClient OpenSSL Vulnerability

Post by pato »

Hello,

Apologies if this isn't an appropriate post for this forum.

Just wanted to let the community know that NSClient (Nagios client software for windows) that many of you will be using is vulnerable to the OpenSSL Heartbleed vulnerability for versions 0.4.1 prior to 0.4.1.105 and 0.4.2 prior to 0.4.2.93. Since the application doesn't use dlls to provide SSL functionality, this went pretty much unnoticed at my place of work until recently. Also, before today (when the developer posted a news article regarding this) there was nothing online at all about NSClient's vulnerability.

More info here: http://nsclient.org/nscp/discussion/top ... essage3680
And here: http://www.nsclient.org/2014/05/20/heartbleed-status/

You can grab the latest binaries for nsclient++ here: http://nsclient.org/nscp/downloads
Top
slansing
Posts: 7698
Joined: Mon Apr 23, 2012 4:28 pm
Location: Travelling through time and space...

Re: NSClient OpenSSL Vulnerability

Post by slansing »

While we do try to keep up on vulnerable applications, NSClient++ is a third party developed and maintained project that we have no control over. We also recommend using version 0.3.9 of the NSClient++ client if you do choose to use it (which is not vulnerable to "Heartbleed"). Thank you for re-posting the developer's blog on this, hopefully he gets the more recent versions fixed up soon but we maintain that version 0.3.9 is the most stable version of that agent.
Top
Locked

Return to “Open Source Nagios Projects”