search

lixuewei / rt-n56u

Automatically exported from code.google.com/p/rt-n56u
0 stars 0 forks source link

CVE-2014-0160 #1212

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hello!
What about CVE-2014-0160 on this firmware?

OpenSSL> version
OpenSSL 1.0.1e 11 Feb 2013

Source:

OpenSSL Security Advisory [07 Apr 2014]
========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

Original issue reported on code.google.com by SharUp...@gmail.com on 8 Apr 2014 at 7:32

GoogleCodeExporter commented 9 years ago 
http://code.google.com/p/rt-n56u/source/detail?r=d2641f855a6d8f3cf845dd37e4e0fa7
1a5147f98

Original comment by moonman...@gmail.com on 9 Apr 2014 at 3:13

GoogleCodeExporter commented 9 years ago

Original comment by Dr.Sydorenko.O on 9 Apr 2014 at 12:43

GoogleCodeExporter commented 9 years ago 
Thanks for your fast response and great work! =)

Original comment by SharUp...@gmail.com on 18 Apr 2014 at 8:01