[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] heartbleed OpenSSL bug CVE-2014-0160

To: Ingo Schmitt <ingo.schmitt@xxxxxxxxxxxxxxxxx>
Subject: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
From: David Tomaschik <david@xxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Apr 2014 14:09:34 -0700

Apache wouldn't have anything in its logs, nor would any application.
 OpenSSL sees the heartbeat request and responds on its own, the fact that
a heartbeat occurred never hits the application (it stays entirely within
libssl).


On Thu, Apr 10, 2014 at 10:20 AM, Ingo Schmitt <
ingo.schmitt@xxxxxxxxxxxxxxxxx> wrote:

> Is it traceable with the log files when an (successful) attack occurred?
>
> If yes, we could determine whether the vuln has been used by the bad
> guys before. I'm no expert in dealing with apache log files, so I ask
> you ;)
>
>
> On 04/08/14 02:10, Kirils Solovjovs wrote:
> > We are doomed.
> >
> > Description: http://www.openssl.org/news/vulnerabilities.html
> > Article dedicated to the bug: http://heartbleed.com/
> > Tool to check if TLS heartbeat extension is supported:
> > http://possible.lv/tools/hb/
> >
> > A missing bounds check in the handling of the TLS heartbeat extension
> > can be used to reveal up to 64kB of memory to a connected client or
> server.
> >
> > 1.0.1[ abcdef] affected.
> >
> >
> > P.S. Happy Monday!
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
> >
>
> --
> --\___________________________________________________
> ingo.schmitt@xxxxxxxxxxxxxxxxx - GnuPG ID: 0xAFD687D2 |
> FP: 7418 77A6 4B59 AF90 4A11 1CCE 91C9 FF1B AFD6 87D2 |
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david@xxxxxxxxxxxxxxxxxx

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
  - From: Ivan .Heca

References:
- [FD] heartbleed OpenSSL bug CVE-2014-0160
  - From: Kirils Solovjovs
- Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
  - From: Ingo Schmitt

Prev by Date: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Next by Date: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Previous by thread: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Next by thread: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Index(es):
- Date
- Thread