0001256: Curl, PERL, NCAT still use vulnerable OpenSSL and are vulnerable to heartbleed as clients

ID	Project	Category	View Status	Date Submitted	Last Update

0001256	Kali Linux	Kali Package Bug	public	2014-05-20 21:03	2025-07-14 09:36

Reporter	[email protected]	Assigned To	muts
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	no change required
Platform	x64	OS	Kali	OS Version	1.0
Product Version	1.0.6

Summary	0001256: Curl, PERL, NCAT still use vulnerable OpenSSL and are vulnerable to heartbleed as clients
Description	Curl, PERL, NCAT still use vulnerable OpenSSL and are vulnerable to heartbleed as clients - I tested against python tool, pacemaker ( https://github.com/Lekensteyn/pacemaker ) and found that I was able to use heartbleed to exploit these tools that even with the latest dist upgrade are using sub 1.0.1g versions of OpenSSL.

rhertzog 2014-05-22 07:36 administrator ~0001885	Do you have the kali-security repository activated in your /etc/apt/sources.list? Can you indicate what versions of the packages you are using? Curl uses libcurl3 which links dynamically against libssl so it should not be vulnerable provided that you have a good version of libssl (aka 1.0.1e-2+deb7u9). For Perl, what are you referring to exactly? Which module in which package do you believe is affected? For NCAT, I assume you're referring to ncat-w32? I'm not sure how it's built so it's possible that it has been statically linked against a vulnerable version of openssl.

muts 2014-05-31 16:58 reporter ~0001958	Closed due to inactivity.

Date Modified	Username	Field	Change
2014-05-20 21:03	[email protected]	New Issue
2014-05-22 07:36	rhertzog	Note Added: 0001885
2014-05-31 16:58	muts	Note Added: 0001958
2014-05-31 16:58	muts	Status	new => closed
2014-05-31 16:58	muts	Assigned To	=> muts
2014-05-31 16:58	muts	Resolution	open => no change required
2025-07-14 09:36	g0tmi1k	Priority	high => normal