FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Heartbleed bug?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Heartbleed bug? [message #185561 is a reply to message #185555] Fri, 11 April 2014 06:23 Go to previous messageGo to previous message
Arno Welzel is currently offline  Arno Welzel
Messages: 317
Registered: October 2011
Karma:
Senior Member
Denis McMahon, 2014-04-11 01:14:

> On Thu, 10 Apr 2014 22:56:34 +0200, Arno Welzel wrote:
>
>> Denis McMahon, 2014-04-10 17:50:
>>
>>> On Thu, 10 Apr 2014 08:57:54 +0200, Arno Welzel wrote:
>>>
>>>> To be precise: If the installed PHP version is linked against OpenSSL
>>>> then it should be replaced with a patched version of course.
>>>
>>> Is simply being linked against the buggy openssl enough to be
>>> exploitable? As I understand it the openssl code needs to be invoked
>>> (eg
>>
>> No. The bug is only exploitable if you run a SSL/TLS server - which is
>> possible using PHP.
>>
>>> https) for the bug to actually expose data.
>
> Sorry, but you seem to be saying "No" and then agreeing with me. Perhaps
> it's the way you have quote-replied, and I'm reading your "No" as
> applying to a different part of the quoted text to that which you
> intended it to refer?

Sorry for the confusion :-(

> Are you saying "No" to the question:
>
>>> Is simply being linked against the buggy openssl enough to be
>>> exploitable?

Yes - this I am referring to. Just the fact that you use a PHP version
which is linket to a buggy OpenSSL lib is of course not enough to
exploit the bug. One has to actually *use* the buggy functions in a way
that an attacker can send crafted heartbeat packets to your server.



--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
http://fahrradzukunft.de
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: cURL and response code 302
Next Topic: PHP Parse error: syntax error, unexpected '$sql' (T_VARIABLE) in
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 17:49:48 GMT 2024

Total time taken to generate the page: 0.03948 seconds