Last modified: 2014-07-08 19:55:17 UTC
Originally I posted this issue under Bug 53259, but I find more and more vulnerable sites, so I think it is more appropriate to move to a new bug report. According to SSL Labs these servers are "vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable": * graphite.wikimedia.org * gdash.wikimedia.org * dumps.wikimedia.org * noc.wikimedia.org These are vulnerable but probably not exploitable: * ganglia.wikimedia.org * lists.wikimedia.org [1] https://www.ssllabs.com/ssltest/analyze.html?d=noc.wikimedia.org
I reported your findings yesterday as RT #7806 and suggested that all hosts should be checked for missed libssl updates.
All of those and some more are fixed now. See also https://bugzilla.wikimedia.org/show_bug.cgi?id=53259#c26 .