--Apple-Mail=_2F1E293B-BE63-41EE-BDEF-705BB82C8C8D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 8.4.2014, at 17.05, Dirk Engling <erdgeist@erdgeist.org> wrote: > On 08.04.14 15:45, Mike Tancsa wrote: >=20 >> I am trying to understand the implications of this bug in the >> context of a vulnerable client, connecting to a server that does not >> have this extension. e.g. a client app linked against 1.xx thats >> vulnerable talking to a server that is running something from = RELENG_8 >> in the base (0.9.8.x). Is the server still at risk ? Will the client >> still bleed information ? >=20 > If the adversary is in control of the network and can MITM the > connection, then yes. The client leaks random chunks of up to 64k > memory, and that is for each heartbeat request the server sends. >=20 > erdgeist >=20 Going back to this original report of the vulnerability. Has it been = established with certainty that the attacker would first need MITM = capability to exploit the vulnerability? I=92m asking this because MITM = capability is not something that just any attacker can do. Also if this = is true then it can be argued that the severity of this vulnerabilty has = be greatly exaggerated. -Kimmo --Apple-Mail=_2F1E293B-BE63-41EE-BDEF-705BB82C8C8D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJTRnOPAAoJEFvLZC0FWRVpFY0H/3Sek6VeBBJJEoUMyAtCT7i1 XEFOAqW69Qs5n4Frp2psjmjwSxUxJphWgE+/izzYDOfxV76yqDSvNJDAxdZG57gR bjt1ASSCFGuLxIuZ9h8F3PlausBn83M30ycv67g5h/mwKw3lSVmi5FRbELLk2QXu zDjBTKKmzjD5mIp2IjSTlK8WaT5GWPIZh1RMNYGHN161WL097wjfbORMXXfAT3Ys 60dXFxUdv6Fs345z9zy+g4A58/K4FCAfbfGZajdPIQecwPzzBC9um2H1oKPHSDgE 9M5Gnn39i5loRRSGAbpfwRCMS98RdLb45sQQtiSAekFDoFiOBE/CONKY85cMVA0= =cZAw -----END PGP SIGNATURE----- --Apple-Mail=_2F1E293B-BE63-41EE-BDEF-705BB82C8C8D--