NSClient OpenSSL Vulnerability
Posted: Tue May 20, 2014 7:07 pm
Hello,
Apologies if this isn't an appropriate post for this forum.
Just wanted to let the community know that NSClient (Nagios client software for windows) that many of you will be using is vulnerable to the OpenSSL Heartbleed vulnerability for versions 0.4.1 prior to 0.4.1.105 and 0.4.2 prior to 0.4.2.93. Since the application doesn't use dlls to provide SSL functionality, this went pretty much unnoticed at my place of work until recently. Also, before today (when the developer posted a news article regarding this) there was nothing online at all about NSClient's vulnerability.
More info here: http://nsclient.org/nscp/discussion/top ... essage3680
And here: http://www.nsclient.org/2014/05/20/heartbleed-status/
You can grab the latest binaries for nsclient++ here: http://nsclient.org/nscp/downloads
Apologies if this isn't an appropriate post for this forum.
Just wanted to let the community know that NSClient (Nagios client software for windows) that many of you will be using is vulnerable to the OpenSSL Heartbleed vulnerability for versions 0.4.1 prior to 0.4.1.105 and 0.4.2 prior to 0.4.2.93. Since the application doesn't use dlls to provide SSL functionality, this went pretty much unnoticed at my place of work until recently. Also, before today (when the developer posted a news article regarding this) there was nothing online at all about NSClient's vulnerability.
More info here: http://nsclient.org/nscp/discussion/top ... essage3680
And here: http://www.nsclient.org/2014/05/20/heartbleed-status/
You can grab the latest binaries for nsclient++ here: http://nsclient.org/nscp/downloads