Re: [CentOS] [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround

11 Apr 2014


      In article 1483A20E-66B7-4ECC-8C14-34DE4B24BA33@gmail.com,
Markus Falb wnefal@gmail.com wrote:
...
...
No vulnerability on the
server can expose a private client certificate, only a vulnerability on
the client can.
With malicious server I did not meant one that was affected
by heartbleed but a server which is run by bad people that want to exploit
vulnerable clients.
If it's easy to write a malicious client to read the server's ram, it's maybe easy to
write a malicious server that can read the client's ram? Does heartbleed work
in both directions?
Assume that the client uses a vulnerable openssl, and it connects to a malicious 
server, can the server read the ram of the client?
https://reverseheartbleed.com/
Cheers
Tony
-- 
Tony Mountifield
Work: tony@softins.co.uk - http://www.softins.co.uk
Play: tony@mountifield.org - http://tony.mountifield.org

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround