From owner-freebsd-security@FreeBSD.ORG Thu Apr 10 11:35:54 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 25E7D1D7 for ; Thu, 10 Apr 2014 11:35:54 +0000 (UTC) Received: from st11p09mm-asmtp002.mac.com (st11p09mm-asmtp002.mac.com [17.164.24.97]) by mx1.freebsd.org (Postfix) with ESMTP id E4C041768 for ; Thu, 10 Apr 2014 11:35:53 +0000 (UTC) MIME-version: 1.0 Received: from [10.71.14.11] (dsl-hkibrasgw1-58c380-33.dhcp.inet.fi [88.195.128.33]) by st11p09mm-asmtp002.mac.com (Oracle Communications Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTPSA id <0N3T00KYC9EO8V80@st11p09mm-asmtp002.mac.com> for freebsd-security@freebsd.org; Thu, 10 Apr 2014 10:35:31 +0000 (GMT) Content-type: multipart/signed; boundary="Apple-Mail=_2F1E293B-BE63-41EE-BDEF-705BB82C8C8D"; protocol="application/pgp-signature"; micalg=pgp-sha1 Subject: Re: http://heartbleed.com/ From: Kimmo Paasiala In-reply-to: <5344020E.9080001@erdgeist.org> Date: Thu, 10 Apr 2014 13:33:47 +0300 Message-id: <680DECA1-4AD9-4B40-8F82-68E8499C01BB@icloud.com> References: <53430F72.1040307@gibfest.dk> <53431275.4080906@delphij.net> <5343FD71.6030404@sentex.net> <5344020E.9080001@erdgeist.org> To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.1874) X-MANTSH: 1TEIXWV4bG1oaGkdHB0lGUkdDRl5PWBoaGBEKTEMXGx0EGx0YBBIZBBsSEBseGh8 aEQpYTRdLEQptfhcaEQpMWRcbGhsbEQpZSRcRClleF2hjeREKQ04XSxsZGmJCH2luGFNtGXhzB xlrGxoZH39jEQpYXBcZBBoEHQdNSx0SSEkcTAUbHQQbHRgEEhkEGxIQGx4aHxsRCl5ZF2FMaEN kEQpMRhdsa2sRCkNaFxISBBsTHwQbGBIEGRkRCkRYFxgRCkRJFxsRCkJFF2Z9fxNNb1xgZRoSE QpCThdrRRpSUB5DXFlcaBEKQkwXbk0deVljZGh+GEYRCkJsF2FAfFNsSx8YZHt+EQpCQBdkbn5 wTGdyaxxkbxEKcGgXenNvWExacntjUn4RCnBoF2REWlxlUFpEZmkcEQpwaBdtekVuaVNzGwV6a REKcGgXZgEBXGcBR3pzGmIRCnBoF25yGGRiHkhDf1xiEQpwaxdoaUt+WUxGS3BGAREKcEsXYml yE1hdXGdtU3MRCnBrF2N5AXgFE2NySXhvEQpwbBdtZ24FH2FOYRxbGxE= X-CLX-Spam: false X-CLX-Score: 1011 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96,1.0.14,0.0.0000 definitions=2014-04-10_02:2014-04-10,2014-04-10,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=6 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1404100158 Cc: Dirk Engling X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Apr 2014 11:35:54 -0000 --Apple-Mail=_2F1E293B-BE63-41EE-BDEF-705BB82C8C8D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 8.4.2014, at 17.05, Dirk Engling wrote: > On 08.04.14 15:45, Mike Tancsa wrote: >=20 >> I am trying to understand the implications of this bug in the >> context of a vulnerable client, connecting to a server that does not >> have this extension. e.g. a client app linked against 1.xx thats >> vulnerable talking to a server that is running something from = RELENG_8 >> in the base (0.9.8.x). Is the server still at risk ? Will the client >> still bleed information ? >=20 > If the adversary is in control of the network and can MITM the > connection, then yes. The client leaks random chunks of up to 64k > memory, and that is for each heartbeat request the server sends. >=20 > erdgeist >=20 Going back to this original report of the vulnerability. Has it been = established with certainty that the attacker would first need MITM = capability to exploit the vulnerability? I=92m asking this because MITM = capability is not something that just any attacker can do. Also if this = is true then it can be argued that the severity of this vulnerabilty has = be greatly exaggerated. -Kimmo --Apple-Mail=_2F1E293B-BE63-41EE-BDEF-705BB82C8C8D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJTRnOPAAoJEFvLZC0FWRVpFY0H/3Sek6VeBBJJEoUMyAtCT7i1 XEFOAqW69Qs5n4Frp2psjmjwSxUxJphWgE+/izzYDOfxV76yqDSvNJDAxdZG57gR bjt1ASSCFGuLxIuZ9h8F3PlausBn83M30ycv67g5h/mwKw3lSVmi5FRbELLk2QXu zDjBTKKmzjD5mIp2IjSTlK8WaT5GWPIZh1RMNYGHN161WL097wjfbORMXXfAT3Ys 60dXFxUdv6Fs345z9zy+g4A58/K4FCAfbfGZajdPIQecwPzzBC9um2H1oKPHSDgE 9M5Gnn39i5loRRSGAbpfwRCMS98RdLb45sQQtiSAekFDoFiOBE/CONKY85cMVA0= =cZAw -----END PGP SIGNATURE----- --Apple-Mail=_2F1E293B-BE63-41EE-BDEF-705BB82C8C8D--