Date: Thu, 10 Apr 2014 14:03:00 +0200 From: Carlo Strub <cs@FreeBSD.org> To: clopez@softlayer.com Cc: freebsd-security@freebsd.org, mexas@bris.ac.uk Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl Message-ID: <1397131380.350083.338453171.113568.2@c-st.net> In-Reply-To: <DE1D9BD7-2858-49BD-BDE8-C4CE7FE7351B@softlayer.com> References: <DE1D9BD7-2858-49BD-BDE8-C4CE7FE7351B@softlayer.com> <20140409084809.GA2661@lena.kiev> <201404082334.s38NYDxr098590@freefall.freebsd.org> <201404090821.s398LMg7020616@mech-cluster241.men.bris.ac.uk> <1397124609.974780.949873937.113568.2@c-st.net>
next in thread | previous in thread | raw e-mail | index | archive | help
10/04/2014 12:58 - Cyrus Lopez wrote: >=20 >=20 > >>=20 > >> SSH is not affected. > >>=20 > >=20 > > SSH is indeed not affected, but I guess you should still consider the s= ecret sshd key on your otherwise affected server as burnt, as it might have= been in the memory too while an attacker was inspecting it via heartbleed.= Better recreate the secret ssh key and all other secret keys on your serve= r as well. But, again, the OpenSSH protocol/software per se are not affecte= d. >=20 >=20 > This is incorrect. The heartbleed exploit would have only returned portio= ns of > memory that were under the control of OpenSSL, not general memory used by= other > processes on the system. >=20 >=20 >=20 >=20 Thanks for the update. I wasn't aware of that.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1397131380.350083.338453171.113568.2>