OpenSSL Security issues

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Tue Apr 8 13:56:24 CEST 2014


There appear to have been 2 patches. 

The first one did the basic disable heartbeat method. ... so tools available at the time then declared you 'safe'. 

The second patch appears to have brought back the heartbeat function (well. . it was there for a reason! ;) ) but fixed the actual memory access bug. 

This second patch is the 'correct' way to go but means basic testing tools now fail and you need to use exploit-like code to see if you can get big replies

All fun. 

Alan
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140408/0f798ff2/attachment.html>


More information about the Freeradius-Users mailing list