[UCI-Linux] Heartbeat Bug in OpenSSL - CVE-2014-0160

Adam Brenner aebrenne at uci.edu
Tue Apr 8 23:33:40 PDT 2014


For those who are running bleeding edge of OpenSSL (OpenSSL 1.0.1
through 1.0.1f (inclusive) or one of the distros below, are vulnerable
with an exploit that occurs in the handshake process allowing contents
in memory to be accessed. Consider grabbing the fix for CVE-2014-0160.
Most notable, CentOS 6.5 has this exploit.

More information: http://heartbleed.com/
Online Test: https://www.ssllabs.com/ssltest/index.html


Effected version of OpenSSL were shipped with:

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)


-Adam

--
Adam Brenner
Computer Science, Undergraduate Student
Donald Bren School of Information and Computer Sciences

System Administrator, HPC Cluster
Office of Information Technology
http://hpc.oit.uci.edu/

University of California, Irvine
www.ics.uci.edu/~aebrenne/
aebrenne at uci.edu


More information about the UCI-Linux mailing list