[CentOS] [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
Tony Mountifield
tony at softins.co.uk
Fri Apr 11 09:09:34 UTC 2014
In article <1483A20E-66B7-4ECC-8C14-34DE4B24BA33 at gmail.com>,
Markus Falb <wnefal at gmail.com> wrote:
>
> > No vulnerability on the
> > server can expose a private client certificate, only a vulnerability on
> > the client can.
>
> With malicious server I did not meant one that was affected
> by heartbleed but a server which is run by bad people that want to exploit
> vulnerable clients.
>
> If it's easy to write a malicious client to read the server's ram, it's maybe easy to
> write a malicious server that can read the client's ram? Does heartbleed work
> in both directions?
>
> Assume that the client uses a vulnerable openssl, and it connects to a malicious
> server, can the server read the ram of the client?
https://reverseheartbleed.com/
Cheers
Tony
--
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org
More information about the CentOS
mailing list