Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: heartbleed OpenSSL bug CVE-2014-0160

From: Brandon Perry <bperry.volatile () gmail com>
Date: Thu, 10 Apr 2014 14:00:04 -0500
I think all you can do is look at pcaps. Willing to eat crow though.


On Thu, Apr 10, 2014 at 12:20 PM, Ingo Schmitt <
ingo.schmitt () binarysignals net> wrote:


Is it traceable with the log files when an (successful) attack occurred?

If yes, we could determine whether the vuln has been used by the bad
guys before. I'm no expert in dealing with apache log files, so I ask
you ;)


On 04/08/14 02:10, Kirils Solovjovs wrote:

We are doomed.

Description: http://www.openssl.org/news/vulnerabilities.html
Article dedicated to the bug: http://heartbleed.com/
Tool to check if TLS heartbeat extension is supported:
http://possible.lv/tools/hb/

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64kB of memory to a connected client or

server.


1.0.1[ abcdef] affected.


P.S. Happy Monday!

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/



--
--\___________________________________________________
ingo.schmitt () binarysignals net - GnuPG ID: 0xAFD687D2 |
FP: 7418 77A6 4B59 AF90 4A11 1CCE 91C9 FF1B AFD6 87D2 |

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/





-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: