Full Disclosure mailing list archives

Re: heartbleed OpenSSL bug CVE-2014-0160

From: Andrew Case <atcuno () gmail com>
Date: Mon, 07 Apr 2014 19:35:47 -0500

its 64KB per request so you can read much more than that through
multiple requests

Thanks,
Andrew (@attrc)

On 4/7/2014 7:10 PM, Kirils Solovjovs wrote:

We are doomed.

Description: http://www.openssl.org/news/vulnerabilities.html
Article dedicated to the bug: http://heartbleed.com/
Tool to check if TLS heartbeat extension is supported:
http://possible.lv/tools/hb/

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64kB of memory to a connected client or server.

1.0.1[ abcdef] affected.


P.S. Happy Monday!

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

heartbleed OpenSSL bug CVE-2014-0160 Kirils Solovjovs (Apr 07)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Andrew Case (Apr 07)
- Re: heartbleed OpenSSL bug CVE-2014-0160 David H (Apr 08)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Joerg Mertin (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Francesc Guitart (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Javier Reoyo (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Carlos P (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 David H (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Matthew Musingo (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Craig Holmes (Apr 09)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski (Apr 09)

(Thread continues...)