Uh Oh! TLS/SSL Heartbeat Vulnerability Time

TLS heartbeat read overrun (CVE-2014-0160)

Test using our online tool to see if your server is affected
https://www.dc414.org/projects/ssl-heartbleed-cve-2014-0160-test/

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley and Bodo Moeller for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

This entry was posted in Firsties. Bookmark the permalink.

One Response to Uh Oh! TLS/SSL Heartbeat Vulnerability Time

Leave a Reply

Your email address will not be published. Required fields are marked *