FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Heartbleed bug?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Heartbleed bug? [message #185552 is a reply to message #185551] Thu, 10 April 2014 21:32 Go to previous messageGo to previous message
M. Strobel is currently offline  M. Strobel
Messages: 386
Registered: December 2011
Karma:
Senior Member
Am 10.04.2014 22:56, schrieb Arno Welzel:
> Denis McMahon, 2014-04-10 17:50:
>
>> On Thu, 10 Apr 2014 08:57:54 +0200, Arno Welzel wrote:
>>
>>> To be precise: If the installed PHP version is linked against OpenSSL
>>> then it should be replaced with a patched version of course.
>>
>> Is simply being linked against the buggy openssl enough to be
>> exploitable? As I understand it the openssl code needs to be invoked (eg
>
> No. The bug is only exploitable if you run a SSL/TLS server - which is
> possible using PHP.
>

As I read on stackoverflow, the client is vulnerable as well. So if you start a ssl
secured connection, you can be attacked by the partner.

Evidently this is "less dangerous" than the case of a server offering SSL secured
services.

/Str.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: cURL and response code 302
Next Topic: PHP Parse error: syntax error, unexpected '$sql' (T_VARIABLE) in
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 18:07:19 GMT 2024

Total time taken to generate the page: 0.04166 seconds