[Slackbuilds-users] Cauterizing heartbleed (CVE-2014-0160)
vbatts at gmail.com
Sat Apr 12 11:04:35 UTC 2014
Yes. Even client side is vulnerable.
Here is working PoC https://github.com/Lekensteyn/pacemaker
On Apr 12, 2014 2:55 AM, "B Watson" <yalhcru at gmail.com> wrote:
> On 4/12/14, mancha <mancha1 at hush.com> wrote:
> > After identifying candidates, we can worry about whether the bundled
> > or statically-linked OpenSSLs are vulnerable or not.
> Possibly stupid question but I'll ask it anyway. Are clients even
> vulnerable? Everything I've seen about heartbleed (and I haven't really
> researched in detail either) talks about attacks against vulnerable
> servers... is it possible for a malicious server to exploit an unpatched
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> Archives - http://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - http://slackbuilds.org/faq/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SlackBuilds-users