FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Heartbleed bug?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Heartbleed bug? [message #185549 is a reply to message #185546] Thu, 10 April 2014 18:37 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
On 10/04/14 16:50, Denis McMahon wrote:
> On Thu, 10 Apr 2014 08:57:54 +0200, Arno Welzel wrote:
>
>> To be precise: If the installed PHP version is linked against OpenSSL
>> then it should be replaced with a patched version of course.
>
> Is simply being linked against the buggy openssl enough to be
> exploitable? As I understand it the openssl code needs to be invoked (eg
> https) for the bug to actually expose data.
>

well yes. A library you never use cant be exploited for flaws in it.

What you need is that you are providing an SSL service via a buggy SSL
library: then certain types of signal sent to it will get 'interesting'
responses in reply..




--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to
lead are elected by the least capable of producing, and where the
members of society least likely to sustain themselves or succeed, are
rewarded with goods and services paid for by the confiscated wealth of a
diminishing number of producers.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: cURL and response code 302
Next Topic: PHP Parse error: syntax error, unexpected '$sql' (T_VARIABLE) in
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 20:56:51 GMT 2024

Total time taken to generate the page: 0.04333 seconds