The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 prior to 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote malicious users to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl |
||
filezilla-project filezilla server |
||
siemens application_processing_engine_firmware 2.0 |
||
siemens cp_1543-1_firmware 1.1 |
||
siemens simatic_s7-1500_firmware 1.5 |
||
siemens simatic_s7-1500t_firmware 1.5 |
||
siemens elan-8.2 |
||
siemens wincc open architecture 3.12 |
||
intellian v100_firmware 1.20 |
||
intellian v100_firmware 1.21 |
||
intellian v100_firmware 1.24 |
||
intellian v60_firmware 1.15 |
||
intellian v60_firmware 1.25 |
||
mitel micollab 6.0 |
||
mitel micollab 7.0 |
||
mitel micollab 7.1 |
||
mitel micollab 7.2 |
||
mitel micollab 7.3.0.104 |
||
mitel micollab 7.3 |
||
mitel mivoice 1.1.3.3 |
||
mitel mivoice 1.2.0.11 |
||
mitel mivoice 1.3.2.2 |
||
mitel mivoice 1.4.0.102 |
||
mitel mivoice 1.1.2.5 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 13.1 |
||
canonical ubuntu linux 13.10 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |
||
fedoraproject fedora 20 |
||
fedoraproject fedora 19 |
||
redhat enterprise linux server eus 6.5 |
||
redhat storage 2.1 |
||
redhat enterprise linux server aus 6.5 |
||
redhat enterprise linux server tus 6.5 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat gluster storage 2.1 |
||
redhat virtualization 6.0 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
debian debian linux 6.0 |
||
ricon s9922l_firmware 16.10.3\\(3794\\) |
What does it take to get people patching? Not Reg readers, obviously. Other, silly people
Some 200,000 systems are still susceptible to Heartbleed more than two years and 9 months after the huge vulnerability was disclosed. Patching efforts spiked after news dropped in April 2014 of the world's most well-known and at the time then most catastrophic bug. The vulnerability (CVE-2014-0160) that established the practice of branding bugs lived up to its reputation: the tiny flaw in OpenSSL allows anyone to easily and quietly plunder vulnerable systems stealing passwords, login cookies, pr...
Don't worry, everything else is still safe ... we think
Apple has posted a security update to address instances of the Heartbleed security vulnerability in its AirPort router and file back-up gadgets. The company said that a firmware update for the AirPort Extreme and AirPort Time Capsule home network appliances would address the infamous CVE-2014-0160 OpenSSL security vulnerability, better known by the nickname Heartbleed. The flaw, in which an attacker can extract in-memory data from a targeted server, has sent shockwaves through the security commu...
Incoming
Hackers are posting massive lists of domains vulnerable to the infamous Heartbleed bug, security researchers warn. The warning comes amidst other evidence that the vulnerability is under active attack from hackers possibly based in China and elsewhere, targeting financial services firms among others. Fraud protection firm Easy Solutions reports that black hats are posting huge lists of 10,000+ domains that have been run through the automated web-based Heartbleed vulnerability checking tools. The...
Paper is safe. Clay tablets too
The startling password-spaffing vulnerability in OpenSSL affects far more than web servers, with everything from routers to smartphones also at risk. The so-called “Heartbleed” vulnerability (CVE-2014-0160) can be exploited to extract information from the servers running vulnerable version of OpenSSL, and this includes email servers and Android smartphones as well as routers. Hackers could potentially gain access to private encryption key before using this information to decipher the encrypt...