MSUNAG Archives

MSUNAG Archives


Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font


Join or Leave MSUNAG
Reply | Post New Message
Search Archives

Subject: OpenSSL Private Key Leak Bug
From: David Graff <[log in to unmask]>
Reply-To:David Graff <[log in to unmask]>
Date:Mon, 7 Apr 2014 18:00:31 -0400

text/plain (13 lines)

This one is a doosy.

OpenSSL introduced a heartbeat feature in 1.0.1 (Dec 2011) that contains a
bug that allows for arbitrary areas of memory to be read remotely, meaning
that anyone who can connect to your server can pull your private keys.
Apache-based web servers are the most obvious target, but there are plenty
of other things like IMAP/POP3 email servers, VPNs, Linux embedded network
appliances to name a few. OpenSSL 1.0.1g has patched this vulnerability but
even after you get the fix on your system you'll want to issue new certs
because anything issued in that window could be potentially compromised.
OpenSSL 0.9.8 is not affected.

Back to: Top of Message | Previous Page | Main MSUNAG Page



CataList Email List Search Powered by the LISTSERV Email List Manager