On 11 Apr 2014, at 09:37, Richard Conto <r...@umich.edu> wrote: > I thought that HeartBleed allowed reading only of up to 64K (unsigned 16 bit > length) of heap memory - from wherever in the heap the buffer used was > allocated. It didn't allow arbitrary process memory exploitation, although I > suppose by manipulating the size of the requests, you ought to be able to > explore different parts of the heap. > > Of course, luck would play a part in what was revealed, although luck can be > manipulated.
I haven't personally analyzed the bug or designed any exploits. I'm just going by various sources I've read, some of which assert some pretty breathless potential outcomes. :wes ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
