On 2014-04-08 at 12:51 -0700, David Lang wrote: > Basically, this bug allows you to dump the entire address space of the > server and then go digging through it.
My understanding is that the address-space you can get is 64kB after the address where the current TCP read-buffer is; you can lather/rinse/repeat and try to get more and more of the memory by repeating enough requests, including concurrent ones, that you increase how much of the address-space you're likely to see, but it's not _quite_ as simple as "enumerate the address-space and walk it". That said, there are enough demonstrations of retrieving private keys that you're probably playing Russian Roulette with a revolver with four bullets in it. -Phil _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
