Nope, works also on other protocols like IMAPS.
Am 08.04.2014 15:30, schrieb Chris Schmidt: > The bug is in the TLS implementation in OpenSSL, you will only see it on > https > > Sent from my iPhone > >> On Apr 8, 2014, at 4:43 AM, "Nik Mitev" <n...@mitev.net> wrote: >> >> I used the tool Kirils linked (http://possible.lv/tools/hb/) and my >> unpatched servers running a Tor node or an Openvpn server returned >> correct (old) version of openssl but not vulnerable. >> Is it the bug or the tool that seems to be limited to https I wonder? >> >> Patched now so can't test with this tool... >> >> -----Original Message----- >> From: Fraser Scott <fraser.sc...@gmail.com> >> To: fulldisclosure@seclists.org >> Subject: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160 >> Date: Tue, 8 Apr 2014 10:24:02 +0100 >> >> This seems to be the best test so far: >> >> http://s3.jspenguin.org/ssltest.py >> >> Other tests false-positive on patched versions from what I can see. >> >> >>> On 8 April 2014 01:10, Kirils Solovjovs <kirils.solovj...@kirils.com> wrote: >>> >>> We are doomed. >>> >>> Description: http://www.openssl.org/news/vulnerabilities.html >>> Article dedicated to the bug: http://heartbleed.com/ >>> Tool to check if TLS heartbeat extension is supported: >>> http://possible.lv/tools/hb/ >>> >>> A missing bounds check in the handling of the TLS heartbeat extension >>> can be used to reveal up to 64kB of memory to a connected client or server. >>> >>> 1.0.1[ abcdef] affected. >>> >>> >>> P.S. Happy Monday! >>> >>> _______________________________________________ >>> Sent through the Full Disclosure mailing list >>> http://nmap.org/mailman/listinfo/fulldisclosure >>> Web Archives & RSS: http://seclists.org/fulldisclosure/ >> _______________________________________________ >> Sent through the Full Disclosure mailing list >> http://nmap.org/mailman/listinfo/fulldisclosure >> Web Archives & RSS: http://seclists.org/fulldisclosure/ >> >> _______________________________________________ >> Sent through the Full Disclosure mailing list >> http://nmap.org/mailman/listinfo/fulldisclosure >> Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
