From owner-freebsd-security@FreeBSD.ORG  Tue Apr  8 14:11:46 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 34649432
 for <freebsd-security@freebsd.org>; Tue,  8 Apr 2014 14:11:46 +0000 (UTC)
Received: from elektropost.org (elektropost.org [217.115.13.199])
 by mx1.freebsd.org (Postfix) with ESMTP id 76A361617
 for <freebsd-security@freebsd.org>; Tue,  8 Apr 2014 14:11:45 +0000 (UTC)
Received: (qmail 12735 invoked from network); 8 Apr 2014 14:05:03 -0000
Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org)
 by elektropost.org with AES128-SHA encrypted SMTP;
 8 Apr 2014 14:05:03 -0000
Message-ID: <5344020E.9080001@erdgeist.org>
Date: Tue, 08 Apr 2014 16:05:02 +0200
From: Dirk Engling <erdgeist@erdgeist.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Subject: Re: http://heartbleed.com/
References: <53430F72.1040307@gibfest.dk> <53431275.4080906@delphij.net>
 <5343FD71.6030404@sentex.net>
In-Reply-To: <5343FD71.6030404@sentex.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 14:11:46 -0000

On 08.04.14 15:45, Mike Tancsa wrote:

>     I am trying to understand the implications of this bug in the
> context of a vulnerable client, connecting to a server that does not
> have this extension.  e.g. a client app linked against 1.xx thats
> vulnerable talking to a server that is running something from RELENG_8
> in the base (0.9.8.x).  Is the server still at risk ? Will the client
> still bleed information ?

If the adversary is in control of the network and can MITM the
connection, then yes. The client leaks random chunks of up to 64k
memory, and that is for each heartbeat request the server sends.

  erdgeist