Heartbleed: OpenSSL TLS Extension Vulnerability (CVE-2014-0160)

April 8, 2014

Summary

A critical information disclosure flaw dubbed "Heartbleed" has been discovered in the OpenSSL library. [1] UC Berkeley Information Security and Policy has already received reports of active attacks and probes exploiting this vulnerability against campus systems.
 
The vulnerability applies to web, email, instant messaging, VPN, and other applications utilizing OpenSSL.
 
The flaw allows an attacker to retrieve private memory of an application that uses a vulnerable version of the OpenSSL library. [2]
 
Sensitive information that may be retrieved using this vulnerability include:
  • Primary key material (secret keys)
  • Secondary key material (user names and passwords used by vulnerable services)
  • Protected content (sensitive data used by vulnerable services)
  • Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)
Exploit code for this vulnerability has been made publicly available.
 
For a detailed explanation of this vulnerability and frequently asked questions, please visit the following web site:

Impact

Successful exploitation can lead to disclosure of sensitive information from vulnerable systems.

Vulnerable

  • OpenSSL versions 1.0.2-beta1, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and 1.0.1 are vulnerable. [3]
  • Web services utilizing OpenSSL (NOTE: Apache and Nginx web servers use OpenSSL as the default cryptographic library)
  • Any service that supports STARTLS (SMTP, IMAP, POP, HTTP) may also be affected

Recommendations

This flaw has been patched in OpenSSL 1.0.1g. A fix for 1.0.2 will be released in 1.0.2-beta2. [3]
  • Affected users should upgrade OpenSSL immediately. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
  • It is strongly recommended that all public-facing websites that deal with Protection Level 1 data [4] and above generate a new private key, a new SSL certificate, and revoke old certificates. The UC Berkeley InCommon Certificate Service [5] provides campus units with SSL certificates at no direct cost.
  • Sensitive systems such as those handling, storing, or facilitating access to Protection Level 1 data [4] and above should also consider changing other secrets such as host SSH private keys and local passwords used by vulnerable services
  • If utilizing vendor software with potentially vulnerable services, contact the vendor directly to see if your product and installation is affected.

Testing Your Systems

The security community has released several tools to freely test your systems for the Heartbleed vulnerability. Please use these tools at
your own discretion and only as a supplement to researching potentially vulnerable systems.
Web-based Heartbleed Test by Filippo Valsorda:
  • http://filippo.io/Heartbleed/
    • Disclaimer: While we have done our best to research this site and believe that it probably does not represent a threat beyond the vulnerability scanning we already are seeing, we have no way of guaranteeing that it is not collecting any data for the use of the site owner.
hb-test.py Python Script by Jared Stafford:

References