基于OpenSSL 1.0.1e源码的OpenSSL Heartbleed漏洞分析
OpenSSL Heartbleed vulnerability analysis based on OpenSSL 1.0.1e source code
OpenSSL出现了名为Heartbleed的缓冲区溢出漏洞。OpenSSL是一套开放源代码的安全套接字层密码库,可实现基本的传输层数据加密功能。涉及金钱或敏感信息的网站,一般都会使用SSL安全连接,它的安全可靠性非常重要。因此有必要对它的安全漏洞进行分析研究。文章介绍了OpenSSL定义及特征,分析了SSL连接建立机制,基于OpenSSL-1.0.1e源码做了OpenSSL的Heartbleed漏洞分析和漏洞利用,分析了其造成的信息泄露。
OpenSSL appeared Heartbleed buffer overflow vulnerability. OpenSSL is an open source Secure Sockets Layer password library, whitch can achieve the basic transport layer data encryption. Websites Involv money or sensitive information usually using SSL secure connection, its safety and reliability is very important. Therefore it is necessary to carry out the analysis of security vulnerabilities. This paper introduces the definition and characteristics of OpenSSL, analyzes the established mechanism of SSL connection, makes the OpenSSL Heartbleed vulnerability analysis and exploits based on OpenSSL-1.0.1e,and analyzes the information disclosure.
龙海旭、鹿凯宁、赵凯
计算技术、计算机技术通信
数据安全与计算机安全OpenSSLHeartbleed漏洞分析信息泄露
ata security and computer securityOpenSSLHeartbleedVulnerability analysisInformation disclosure
龙海旭,鹿凯宁,赵凯.基于OpenSSL 1.0.1e源码的OpenSSL Heartbleed漏洞分析[EB/OL].(2014-11-20)[2025-08-21].http://www.paper.edu.cn/releasepaper/content/201411-332.点此复制
评论