Sign in to follow this  
Eyecu

OpenSSL 1.01 through 1.0.1f heartbleed exploit.

A serious exploit has been found in openssl v 1.0.1 through 1.0.1f also 1.02 beta1. The exploit known as the Heartbleed bug ( CVE-2014-0160) . This is a serious exploit because
it gives remote users the ability to read highly sensitive data from memory of programs using openssl. This includes prive ssl keys, passwords, etc. This does not just
effect ircd's using versions of openssl that have been identified to have the exploit but any program that uses it. Programs like apache httpd, mail servers, sql servers
etc.
Bram Matthys (Syzop) from unrealircd has tested this exploit through unrealircd and was able to see data in the memory and short phrases of text others had been saying.
This was without actually being online as a user on irc. Unrealircd has already patched there win32 downloads to fix against this exploit and has sent out a security advisory
to all users of the nix versioin advising them to update their systems.

Also recommended is to regenerate all ssl keys/certificates to protect again this exploit. OpenSSL 1.0.1g is not affected by this exploit. I would further recommend if you use any program that
uses OpenSSL to either check the developers site for an update. If no update is available I would disable said program until one is.

You can read more on this exploit at: http://heartbleed.com/

Share this post


Link to post
Share on other sites

There is no need for a patch with inspircd, insp window's builds ship with m_gnutls for the ssl. Openssl is not compilied with the windows builds due to licensing issues from what i was told.

Share this post


Link to post
Share on other sites

mmmm always a good thing when you are free of such an exploit . Thanks to the Unrealircd team for bringing this to the table , i hope those affected can sort this out with no further issues. 

 

Hugs m_gnutls.so lol

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this