flat assembler
Message board for the users of flat assembler.

Index > Heap > OpenSSL vulnerability, aka "Heartbleed"

Author
Thread Post new topic Reply to topic
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
I'm just learning about this topic so I can't say much but I'll just leave links :


http://www.theregister.co.uk/2014/04/09/heartbleed_explained/

http://bit.ly/1jySIfX


It turns out, our NSA friends had already been to the "party"


CVE : http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Post 11 Apr 2014, 20:39
View user's profile Send private message Reply with quote
pabloreda



Joined: 24 Jan 2007
Posts: 99
Location: Argentina
pabloreda
for information, here a post on C.L.F. with code

https://groups.google.com/forum/#!topic/comp.lang.forth/LF7bj8o-AXo
Post 11 Apr 2014, 23:27
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8865
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
http://xkcd.com/1354/

bounty USD 10,000
CloudFlare's Heartbleed challenge cracked
(in 3 hours)
https://news.ycombinator.com/item?id=7576389

https://twitter.com/indutny/status/454767565991325697

this bug could really havoc the whole internet Smile

check the following.

a fake site with certified cert.
Image
not even a warning, using chrome portable.
Post 12 Apr 2014, 00:31
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8865
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
it seems like,
if you could take control of the dns, basically anyone evil admin inside ISP can fake every fucking SSL websites out there, all private keys are compromised, at least we should assume so,
Post 12 Apr 2014, 01:43
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
sleepsleep wrote:
it seems like, if you could take control of the dns, basically anyone evil admin inside ISP can fake every fucking SSL websites out there, all private keys are compromised, at least we should assume so,

It's actually worse than that. While the bug may enable MITM attacks, it doesn't necessarily require one to be successful at compromising clients.
And the problem is not only one of compromised keys, but also of data leakage (theoretically of any type and length).
Quote:

Attacker can directly contact the vulnerable service or attack any user connecting to a malicious service. However in addition to direct threat the theft of the key material allows man in the middle attackers to impersonate compromised services.
[...]
There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.
(source)
Post 12 Apr 2014, 17:54
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8865
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
another one that hit badly too,

http://www.kb.cert.org/vuls/id/222929
Quote:


Vulnerability Note VU#222929
Microsoft Internet Explorer CMarkup use-after-free vulnerability

Original Release date: 27 Apr 2014 | Last revised: 02 May 2014
Print Document
Tweet
Like Me
Share
Overview

Microsoft Internet Explorer contains a use-after-free vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description

Microsoft Internet Explorer contains a use-after-free vulnerability. This can allow for arbitrary code execution. Internet Explorer versions 6 through 11 are affected.

Note that this vulnerability is being exploited in the wild. Although no Adobe Flash vulnerability appears to be at play here, the Internet Explorer vulnerability is used to corrupt Flash content in a way that allows ASLR to be bypassed via a memory address leak. This is made possible with Internet Explorer because Flash runs within the same process space as the browser. Note that exploitation without the use of Flash may be possible.
Post 02 May 2014, 18:50
View user's profile Send private message Reply with quote
Dr F



Joined: 01 Apr 2014
Posts: 239
Location: Berehove, Ukraine
Dr F
not big surprise.
Post 02 May 2014, 20:15
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.