Tuesday, April 8, 2014

CVE-2014-0160 - Heartbleed

This year is very interesting in terms of serious SSL bugs. It started with Apple's CVE-2014-1266:

Now we have OpenSSL's CVE-2014-0160. Because of a wrong implementation of the heartbeat extension (around for 2 years) someone can extract a memory snapshot of the process from the server up to 64k. As the memory area is random, it's always different what you can get out, but it can leak possible sensitive information, like private key, username, password, etc... Vulnerable / non-vulnerable versions:
  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable
Here is a writeup about the issue, with technical details: http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html

Test your server: http://filippo.io/Heartbleed
Test your server 2 (you can find here vulnerable servers as well): https://www.ssllabs.com/ssltest/

Snort rules and some more links: http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

Python script for testing made by Jared Stafford (not available from the original site anymore, so use Google cache):

An example for the output of the script:

3 serious SSL bugs within 3 months. I'm really curious how the year will continue.

Update 1: The python script works with TLS 1.1, and it can give false negatives with sites on TLS 1.0. You need to update bytes "03 02" to "03 01" in the heartbeat and the hello in order to work with TLS 1.0.

Update 2: Mass scan results

Update 3: NMAP NSE script also hardcoded to TLS 1.1 (it's based on the original Python script)

Update 4: My updated script went to exploit DB: http://www.exploit-db.com/exploits/32764/
Metasploit module:

No comments: