[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Apr 2014 18:21:18 +0000
- Content-disposition: inline
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date; bh=sb+s8QvyUl18Rk93l00Y2YZgnX2ANP6rSBg1h188+zQ=; b=5j2yYVYTMF8PGB1GdnTRm66M+IhOw7PqFVRNKhrI5y1FVSeDqCrVqynih9piHMdcFc1y37ZjKtKf/hj5eiyCqr0QWyOdl+NZN5Ye1fzKJN+iYKc5/vs44PgQo3uKDMtNtzmQzvjP7znYQX5SvFfVcNWyXvFfq5gJaKyBjXlAZqs=;
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1396981278; bh=9j2Ti/CQ77tPOWJE36h9mLpNTkkh0f9bB5vLoAfTp04=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=H/7I6Be049/aaz1k7b1xU/RSUzsXraeO3+1Q2tKCy7M3V+NiKbUq/zqtloKWHVT/R 597Cret/rNT2wv70wCItkX7wR1VSwx6/EHWmavLCF+XSNDDZbgtysptwEtKuziOsVm 4h4+mH9RBNfVLVipvar40d+2OfCTFfvyFN0qsnp4=
On Tue, Apr 08, 2014 at 07:02:49PM +0100, Simon Waters wrote:
> On 08/04/14 13:45, Martijn Grooten wrote:
> >
> > The vulnerability allows anyone to obtain a chunk of memory from a
> > vulnerably server. If that server runs OpenSSH and if OpenSSH stores
> > passwords, key phrases and/or private keys in memory, it is affected,
> > regardless of the dependency between OpenSSL and OpenSSH.
>
> Is it any memory?
>
> I would assume since it is a user space flaw, that it can only leak
> memory it can read, which would likely be 64K of its own memory space
> (on proper operating systems anyway).
>
> I've seen no commentary either way.
Good point. You may well be right here.
(But yes, it's only a minor relief.)
Martijn.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq