Full Disclosure mailing list archives

Re: heartbleed OpenSSL bug CVE-2014-0160

From: "Marco Davids (priv)" <mdavids () forfun net>
Date: Fri, 11 Apr 2014 11:34:51 +0200

Paul,

On 11-04-14 08:32, Paul Vixie wrote:

no remote file modification, no root shell, no
non-root shell, no data-modification, no arbitrary file system reads...
just a read only heap exploit, and it's worse than anything you could
have previously fucking imagined?


9,10,11... whatever it is, it is bad.

Heartbleed leaks e-mails, user-credentials and lot's of other
interesting information.

Really, it wasn't pretty, what I have seen passing by the last few days.

--
Marco

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Re: heartbleed OpenSSL bug CVE-2014-0160, (continued)
- - Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ingo Schmitt (Apr 10)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 10)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 David Tomaschik (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Ivan .Heca (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Paul Vixie (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Paul Vixie (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Ivan .Heca (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Marco Davids (priv) (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Juergen Christoffel (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Paul Vixie (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Ferenc Kovacs (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Manuel Tiago Pereira (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Schmidt, Michael (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Afonso Araújo Neto (Apr 11)
    - Message not available
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Ricardo Iramar dos Santos (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 HaCKsPy (Apr 11)
    - Andrew "Weev" Auernheimer's Conviction Thrown Out g () 1337 io (Apr 11)

(Thread continues...)