oss-sec mailing list archives
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160
From: mancha <mancha1 () zoho com>
Date: Wed, 9 Apr 2014 08:26:51 +0000
On Mon, Apr 07, 2014 at 09:43:46PM +0200, Tomas Hoger wrote:
Hi! There's a new OpenSSL release 1.0.1g that fixes information leak issue: http://www.openssl.org/news/secadv_20140407.txt http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902 http://heartbleed.com/
The good folks at Nmap (specifically Patrik Karlsson) have written a "heartbleed" detection script based on Jared Stafford's reproducer. I've made minor tweaks and placed it here: http://sf.net/projects/mancha/files/sec/ssl-heartbleed.nse It works quite well - thanks Nmap. --mancha
Attachment:
_bin
Description:
Current thread:
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160, (continued)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Michal Zalewski (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen (Apr 25)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Donald Stufft (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Vincent Danen (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Florian Weimer (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marc Deslauriers (Apr 09)