[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 08/04/14 13:45, Martijn Grooten wrote: > > The vulnerability allows anyone to obtain a chunk of memory from a > vulnerably server. If that server runs OpenSSH and if OpenSSH stores > passwords, key phrases and/or private keys in memory, it is affected, > regardless of the dependency between OpenSSL and OpenSSH. Is it any memory? I would assume since it is a user space flaw, that it can only leak memory it can read, which would likely be 64K of its own memory space (on proper operating systems anyway). I've seen no commentary either way. That doesn't help much since the process likely has the key, the certificate, and other relevant bits in memory, but it would mean that unrelated processes like OpenSSH keys would be safe (unless someone shared credentials over TLS which were exposed and abused). -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq