Openssl nightmare

[scatter]

so I guess every sys admins were pulling their hair today so I found this great article about this vuln :

http://heartbleed.com/" onclick="window.open(this.href);return false;

and I discussed it with some freinds and it seems from the patch that it s all because of an integer roll over :

hbtype = *p++; n2s(p, payload)

and the n2s is :
#define n2s(c,s)
((s=(((unsigned int)(c[0]))<< | \ (((unsigned int)(c[1])) )),c+=2)

so if you just rollover payload value by the looks of it t gets overflow of buffer +++ whatever, so you look for the payload variable in the protocol and add 32768 to get 32768 bytes of a random pick and mix of leaked memory and voilà

anyone else studied the case of this vuln?

[bad_brain]

I wouldn't overrate this, as usual there is a huge artificial hype about it...seems some people try to get famous by exaggerating and get their hands on the big-bucks-jobs that way.
already the testing tool on their site is bogus. it shows the suck-o server as vulnerable but the openssl version is already 1 past the version where the vulnerability was fixed (services have of course been restarted).

[scatter]

yeah I agree but well its still an industry for some people and the vulnerability is real and the number of possible vulnerable servers was huge so they had to take advantage of that like what everyone would do for discovering a critical vulnerability especially in such software and for the testing tool on their site I didn t test it yet but knowing suck-o server is safe is what we want ^ ^

[bad_brain]

there you go:
https://www.debian.org/security/2014/dsa-2896" onclick="window.open(this.href);return false;

and:

[maboroshi]

Thanks for updating my server buddy

[bad_brain]

that was my birthday present to you...