[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOy4VzfYK57zREvdVDBBMZcJUb7jp2vv69wWzC325oHYt2Z_tQ@mail.gmail.com>
Date: Thu, 10 Apr 2014 14:09:34 -0700
From: David Tomaschik <david@...temoverlord.com>
To: Ingo Schmitt <ingo.schmitt@...arysignals.net>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Apache wouldn't have anything in its logs, nor would any application.
OpenSSL sees the heartbeat request and responds on its own, the fact that
a heartbeat occurred never hits the application (it stays entirely within
libssl).
On Thu, Apr 10, 2014 at 10:20 AM, Ingo Schmitt <
ingo.schmitt@...arysignals.net> wrote:
> Is it traceable with the log files when an (successful) attack occurred?
>
> If yes, we could determine whether the vuln has been used by the bad
> guys before. I'm no expert in dealing with apache log files, so I ask
> you ;)
>
>
> On 04/08/14 02:10, Kirils Solovjovs wrote:
> > We are doomed.
> >
> > Description: http://www.openssl.org/news/vulnerabilities.html
> > Article dedicated to the bug: http://heartbleed.com/
> > Tool to check if TLS heartbeat extension is supported:
> > http://possible.lv/tools/hb/
> >
> > A missing bounds check in the handling of the TLS heartbeat extension
> > can be used to reveal up to 64kB of memory to a connected client or
> server.
> >
> > 1.0.1[ abcdef] affected.
> >
> >
> > P.S. Happy Monday!
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
> >
>
> --
> --\___________________________________________________
> ingo.schmitt@...arysignals.net - GnuPG ID: 0xAFD687D2 |
> FP: 7418 77A6 4B59 AF90 4A11 1CCE 91C9 FF1B AFD6 87D2 |
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
--
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david@...temoverlord.com
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists