Hello,
Apologies if this isn't an appropriate post for this forum.
Just wanted to let the community know that NSClient (Nagios client software for windows) that many of you will be using is vulnerable to the OpenSSL Heartbleed vulnerability for versions 0.4.1 prior to 0.4.1.105 and 0.4.2 prior to 0.4.2.93. Since the application doesn't use dlls to provide SSL functionality, this went pretty much unnoticed at my place of work until recently. Also, before today (when the developer posted a news article regarding this) there was nothing online at all about NSClient's vulnerability.
More info here: http://nsclient.org/nscp/discussion/top ... essage3680
And here: http://www.nsclient.org/2014/05/20/heartbleed-status/
You can grab the latest binaries for nsclient++ here: http://nsclient.org/nscp/downloads
NSClient OpenSSL Vulnerability
-
- Posts: 7698
- Joined: Mon Apr 23, 2012 4:28 pm
- Location: Travelling through time and space...
Re: NSClient OpenSSL Vulnerability
While we do try to keep up on vulnerable applications, NSClient++ is a third party developed and maintained project that we have no control over. We also recommend using version 0.3.9 of the NSClient++ client if you do choose to use it (which is not vulnerable to "Heartbleed"). Thank you for re-posting the developer's blog on this, hopefully he gets the more recent versions fixed up soon but we maintain that version 0.3.9 is the most stable version of that agent.