From owner-freebsd-security@FreeBSD.ORG Thu Apr 10 10:15:31 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7D59CF6B; Thu, 10 Apr 2014 10:15:31 +0000 (UTC) Received: from mx.softlayer.com (mx101.softlayer.com [IPv6:2607:f0d0:1000:b::19:1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx.softlayer.com", Issuer "VeriSign Class 3 Secure Server CA - G3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C1731DEA; Thu, 10 Apr 2014 10:15:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=softlayer.com; s=ex13; h=MIME-Version:Content-Transfer-Encoding:Content-ID:Content-Type:In-Reply-To:References:Message-ID:Date:Subject:CC:To:From; bh=KPwB/WnmaeBC1tByN6KDIJRRyLoKzLdZzP6o54KnQLU=; b=unSY2PopBMWbedtH5WYfJtt3PL8kYK6t+9kh4J+Ch1YkxiS4ympdJ1YHLAmwPS2rVPIoVdjlrXqFsmI/S1uiAI6TIBba08XgMLAPA8j3WoPuu5km0v82FtfS0lxPt/nxPrZnphLx/2oiw/kc21o+xlNFGD3/rhB5YWWCeedp1Po0PdW62aFwDbWpuqQDK5LdUH0nfB1h+LCcakTenjyEotVBQbFXnurH2k/3P7l0sO+wdw+ripyEoJ/kHhsx3vmI/yftMS3PUlFt38pt42+By1yUPY9B1WUArr0Ul88vr5JwEdYUd73H8VjAIm9codBnIf9F4gG32OfPiPdqXYwp8A==; Received: from mail.softlayer.com by mx.softlayer.com with esmtp (Exim) (envelope-from ) id 1WYC13-000DMT-PM; Thu, 10 Apr 2014 05:15:29 -0500 Received: from SM-CAS151.softlayer.local (172.18.18.38) by SM-TMG152.softlayer.local (172.18.18.52) with Microsoft SMTP Server (TLS) id 14.2.342.3; Thu, 10 Apr 2014 05:15:29 -0500 Received: from SM-DAG155.softlayer.local ([fe80::a8f6:d611:d2d:bfef]) by SM-CAS151.softlayer.local ([fe80::2cad:d6ac:55f7:c0e%10]) with mapi id 14.02.0342.003; Thu, 10 Apr 2014 05:15:29 -0500 From: Cyrus Lopez To: Carlo Strub , "mexas@bris.ac.uk" Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl Thread-Topic: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl Thread-Index: AQHPU4NI2s9YPClGnkadErEd6JIZyJsJRiwAgAAHfICAAak+gIAAAXwA Date: Thu, 10 Apr 2014 10:15:28 +0000 Message-ID: References: <20140409084809.GA2661@lena.kiev> <201404082334.s38NYDxr098590@freefall.freebsd.org> <201404090821.s398LMg7020616@mech-cluster241.men.bris.ac.uk> <1397124609.974780.949873937.113568.2@c-st.net> In-Reply-To: <1397124609.974780.949873937.113568.2@c-st.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.18.18.52] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Apr 2014 10:15:31 -0000 >>=20 >> SSH is not affected. >>=20 >=20 > SSH is indeed not affected, but I guess you should still consider the sec= ret sshd key on your otherwise affected server as burnt, as it might have b= een in the memory too while an attacker was inspecting it via heartbleed. B= etter recreate the secret ssh key and all other secret keys on your server = as well. But, again, the OpenSSH protocol/software per se are not affected. This is incorrect. The heartbleed exploit would have only returned portions= of memory that were under the control of OpenSSL, not general memory used = by other processes on the system.