OpenSSL ‘heartbleed’ bug live blog


heartbleedA bug has been identified in OpenSSL, all details can be found at heartbleed.com. The bug has been assigned CVE-2014-0160. OpenSSL versions 1.0.1 – 1.0.1f are vulnerable. We advise to upgrade OpenSSL to version 1.0.1g or higher

Test if you are vulnerable

You can test if you are vulnerable by requesting a heartbeat response with a large response. If the server replies your SSL service is probably vulnerable. You can use any of the tests below:

This vulnerability only applies to OpenSSL versions 1.0.1-1.0.1f. Other SSL libraries, such as PolarSSL, are not vulnerable. OpenVPN-NL, which is depending on PolarSSL, is not affected.

Advice

We advise to perform the following steps for every vulnerable SSL service

  • Upgrade the OpenSSL version to 1.0.1g
  • Request revocation of the current SSL certificate
  • Regenerate your private key
  • Request and replace the SSL certificate

Indicator of Compromise

It is possible to detect successful exploitation of this vulnerability by inspecting the network traffic. We have developed 2 sets of Snort signatures to detect succesful exploitation of the ‘heartbleed bug’. The first set has a higher detection rate but also quite a few false positives:

alert tcp any [!80,​!445] -> any [!80,​!445] (msg:"FOX-SRT - Suspicious - Possible SSLv3 Large Heartbeat Response"; flow:established; ssl_version:sslv3; content:"|18 03 00|"; depth:3; byte_test:2,​>,​200,​3; byte_test:2,​<,​17000,​3; threshold:type limit,​ track by_src,​ count 1,​ seconds 600; reference:cve,​2014-0160; classtype:bad-unknown; sid: 21001126; rev:8;)
alert tcp any [!80,​!445] -> any [!80,​!445] (msg:"FOX-SRT - Suspicious - Possible TLSv1 Large Heartbeat Response"; flow:established; ssl_version:tls1.0; content:"|18 03 01|"; depth:3; byte_test:2,​>,​200,​3; byte_test:2,​<,​17000,​3; threshold:type limit,​ track by_src,​ count 1,​ seconds 600; reference:cve,​2014-0160; classtype:bad-unknown; sid: 21001127; rev:8;)
alert tcp any [!80,​!445] -> any [!80,​!445] (msg:"FOX-SRT - Suspicious - Possible TLSv1.1 Large Heartbeat Response"; flow:established; ssl_version:tls1.1; content:"|18 03 02|"; depth:3; byte_test:2,​>,​200,​3; byte_test:2,​<,​17000,​3; threshold:type limit,​ track by_src,​ count 1,​ seconds 600; reference:cve,​2014-0160; classtype:bad-unknown; sid: 21001128; rev:8;)
alert tcp any [!80,​!445] -> any [!80,​!445] (msg:"FOX-SRT - Suspicious - Possible TLSv1.2 Large Heartbeat Response"; flow:established; ssl_version:tls1.2; content:"|18 03 03|"; depth:3; byte_test:2,​>,​200,​3; byte_test:2,​<,​17000,​3; threshold:type limit,​ track by_src,​ count 1,​ seconds 600; reference:cve,​2014-0160; classtype:bad-unknown; sid: 21001129; rev:8;)

The second set has a lower false positive ratio but might also have a slightly lower detection rate:

alert tcp any any -> any any (msg:"FOX-SRT - Flowbit - TLS-SSL Client Hello"; flow:established; dsize:< 500; content:"|16 03|"; depth:2; byte_test:1,​ <=,​ 2,​ 3; byte_test:1,​ !=,​ 2,​ 1; content:"|01|"; offset:5; depth:1; content:"|03|"; offset:9; byte_test:1,​ <=,​ 3,​ 10; byte_test:1,​ !=,​ 2,​ 9; content:"|00 0f 00|"; flowbits:set,​foxsslsession; flowbits:noalert; threshold:type limit,​ track by_src,​ count 1,​ seconds 60; reference:cve,​2014-0160; classtype:bad-unknown; sid: 21001130; rev:10;)
alert_testing tcp any any -> any any (msg:"FOX-SRT - Suspicious - TLS-SSL Large Heartbeat Response"; flow:established; flowbits:isset,​foxsslsession; content:"|18 03|"; depth: 2; byte_test:1,​ <=,​ 3,​ 2; byte_test:1,​ !=,​ 2,​ 1; byte_test:2,​ >,​ 200,​ 3; byte_test:2,​<,​16409,​3; threshold:type limit,​ track by_src,​ count 1,​ seconds 600; reference:cve,​2014-0160; classtype:bad-unknown; sid: 21001131; rev:6;)

Note: if you want to detect vulnerable SMTP servers that are being exploited via STARTTLS, make sure that you do not have “ignore_tls_data” enabled on your SMTP preprocessor.

Impact

An attacker can retrieve a block of memory of the server up to 64kb. There is no limit on the number of attacks that can be performed. The attacker has no control over the memory region where the block is read from. Sensitive information that can be obtained is:

  • SSL private keys
  • Basic authorization strings (username / password combinations)
  • Source code

This bug affects both sides of the connection. Not only will client certificates not save you from having to update your server certificate, they can be read from the client (along with your username, password etc.) by any server you connect to. DNS poisoning, MitM etc. can be used to direct clients to a malicious server – it seems that this vulnerability can be exploited before the server has to authenticate itself.

According to http://www.openssl.org/news/openssl-1.0.1-notes.html the heartbeat extension was introduced in March 2012 with the release of version 1.0.1 of OpenSSL. This implies the vulnerability has been around for 2 years.

Updates

OpenSSL has provided an updated version (1.0.1g) of OpenSSL at https://www.openssl.org/source/.

Linux distributions are providing updates right now, so check your system for updates. Some Linux distributions have backported the fix to previous versions, ie Debian’s OpenSSL 1.0.1e-2+deb7u5 package has incorporated the fix.

Examples

When running the ssltest.py script against yahoo.com we were presented with this (censored) output. It shows clearly that the ‘heartbleed bug’ has serious consequences.

heartbleed example

 

 

 

106 thoughts on “OpenSSL ‘heartbleed’ bug live blog

  1. Pingback: Detecting OpenSSL Heartbleed with Suricata | Inliniac

  2. Please don’t use grey letters on white (or – in the snort-rules – even light grey!) backgrounds for sites with important information.

  3. Pingback: Fears over 'heartbleed' security bug found in software

  4. Pingback: OpenSSL 'Heartbleed' Bug Leaks Sensitive Data | IP tools - On Line

  5. The Script gives me the following error on connection refused:
    Traceback (most recent call last):
    File “./script.py”, line 132, in
    main()
    File “./script.py”, line 120, in main
    typ, ver, pay = recvmsg(s)
    File “./script.py”, line 75, in recvmsg
    hdr = recvall(s, 5)
    File “./script.py”, line 65, in recvall
    data = s.recv(remain)
    socket.error: [Errno 104] Connection reset by peer

  6. Pingback: OpenSSL ‘Heartbleed’ Bug Leaks Sensitive Data | Cyber War News and Information

  7. Pingback: Yahoo!: vulnerabilidade causa vazamento de senhas de usuários | Tecnologia

  8. Pingback: Yahoo!: vulnerabilidade causa vazamento de senhas de usuários | Boa Informação

  9. any idea why the script just stops working and exits after the 8th or 9th hosts?

    f = open(args[0])
    for host in f:
    host = host.strip()
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sys.stdout.flush()
    s.settimeout(5)
    try:
    s.connect((host, opts.port))
    except socket.error, e:
    print host + ‘|’ + str(e)
    continue

  10. Pingback: “Heartbleed”漏洞恐令数十万服务器泄密 - 科技辣

  11. Pingback: “Heartbleed”漏洞恐令数十万服务器泄密 | 国外资讯 | 36氪BLOG

  12. Pingback: Nevermore Protection | OpenSSL ‘Heartbleed’ Bug Leaks Sensitive Data

  13. Pingback: “Heartbleed”漏洞恐令数十万服务器泄密 | Since1991.me

  14. Pingback: "Heartbleed" bug in Web security exposes passwords | EBiz News

  15. Pingback: Heartbleed OpenSSL security bug. Wat je moet weten, wat je kunt doen | Annemarie van Campen

  16. Pingback: « Heartbleed », une énorme faille de sécurité dans de nombreux sites internet | maadi gazette

  17. All, after some testing I found out the test tools test your Apache vulnerable when you have the SPDY module enabled even when you have disabled heartbeats or are running a correct version of OpenSSL. I contacted the developer of the original test tool to see why this happens, but until then to be safe, better disable SPDY.

    • Just got an update from Filippo, and he pointed me out that SPDY is statically linked in most cases (I totally
      missed that). So you are indeed vulnerable if the test tool says so! But next to upgrading openssl, you also need to rebuild/update mod_spdy or disable it until it’s fixed up-stream.

    • To whom it may concern. the problem lies in mod_ssl_with_npn.so in the spdy package. Just checked out the code, only built the mod_ssl_with_npn.so against a fixed openssl version, replaced it and the problem is solved.

  18. Pingback: Blog: Opdater OpenSSL – og dit OS nu | Computer Viden information

  19. Pingback: « Heartbleed », une énorme faille de sécurité OpenSSL dans de nombreux sites internet | Libertes & Internets

  20. Pingback: ウェブ・セキュリティを脅かす重大なバグ「Heartbleed」について知っておくべきこと | ReadWrite Japan

  21. Pingback: » Une énorme faille de sécurité dans de nombreux sites internetConnaissances Informatiques

  22. Pingback: Celent Blog » Is the insurance industry facing a Cyber-Cat? Thousands of websites at risk to heartbleed bug…

  23. Just run the fox py-script against our pfsense with openssl 0.9.8y: It says it is VULNERABLE. Seems to be a false positive isn’t it?

  24. Pingback: Heart Bleed Bug - a Major OpenSSL Security Leak - Egon Sarv Reviews - Egon Sarv Reviews

  25. Pingback: Come funziona la falla Heartbleed | Notizya.it

  26. The ssltest.py script is not accessible for me (the error code below):

    AccessDeniedAccess DeniedAE8C30D9277A61F9so784tBi6TND0n4gX+ys7TxdvPcZU7G4OuTW0ej2lZW8MUR1v34kXm2oiMsM7HAN

  27. Pingback: DR Data Security, LLC » Everything you need to know about the OpenSSL Heartbleed bug.

  28. Pingback: Qué podemos hacer ante el mayor fallo de seguridad de la historia de Internet - TecNoticiero

  29. Pingback: Heartbleed, le bug-catastrophe qui menace nos données

  30. Pingback: Qué podemos hacer ante el mayor fallo de seguridad de la historia de Internet | recolector.de {tecnologia}

  31. Pingback: Qué podemos hacer ante el mayor fallo de seguridad de la historia de Internet | FantecnolFantecnol

  32. Pingback: Qué podemos hacer ante el mayor fallo de seguridad de la historia de Internet - Descubridores de Tecnologia, Motor y Actualidad

  33. Pingback: Snort Rules for OpenSSL's Heartbleed Bug (Will Untangle implement them?)

  34. Pingback: Qué podemos hacer ante el mayor fallo de seguridad de la historia de Internet | TecnoAR Computacion

  35. Pingback: VU#720951: OpenSSL heartbeat extension read overflow discloses sensitive information

  36. Pingback: The Heartbleed Bug | RISC Consulting

  37. What *precisely* could be leaked when a vulnerable client (e.g. Debian stable or unstable) connected to a not vulnerable server (e.g. MirBSD or Debian oldstable)?

  38. Pingback: Critical Vulnerability In OpenSSL – Have You Patched? | Lunarline Blog

  39. Pingback: Qué podemos hacer ante el mayor fallo de seguridad de la historia de Internet | TODOSOBREMOVIL

  40. Pingback: Does the Internet Need One Giant Password Reset? | News In Marketing

  41. Pingback: Heartbleed: Hundreds of thousands of servers at risk from catastrophic bug

  42. Pingback: Heartbleed: Separating FAQ From FUD - MySQL Performance Blog

  43. Pingback: Massive Security Bug Making SA Sites Vulnerable heartbleed | Tropical Post

  44. Pingback: INITCON (Schweiz) GmbH » Schwachstelle in OpenSSL

  45. Pingback: After ‘Catastrophic’ Security Bug, the Internet Needs a Password Reset – Wired | You Buy Computers

  46. Pingback: After ‘Catastrophic’ Security Bug, the Internet Needs a Password Reset – Wired | Top Computer Mart

  47. Pingback: « Heartbleed », l’inquiétante faille de sécurité sur Internet | Nancy Roc

  48. Pingback: After ‘Catastrophic’ Security Bug, the Internet Needs a Password Reset – Wired | Right laptop mart

  49. Pingback: After ‘Catastrophic’ Security Bug, the Internet Needs a Password Reset – Wired | Home Gadget Deals

  50. Pingback: Best laptops online store

  51. Pingback: After ‘Catastrophic’ Security Bug, the Internet Needs a Password Reset – Wired | Top Computers Outlet

  52. Pingback: Heartbleed - What can you do about it? | IT Done RightIT Done Right

  53. Pingback: After ‘Catastrophic’ Security Bug, the Internet Needs a Password Reset

  54. Pingback: Heartbleed Vulnerability: What Should You Do? » Cigital

  55. Pingback: Heartbleed, the OpenSSL vulnerability. What Should I Do? - Koen Van Impe - vanimpe.eu

  56. Pingback: After ‘Catastrophic’ Security Bug, the Internet Needs a Password Reset – Wired | Computers Lookup

  57. Pingback: Que sait-on de « Heartbleed », l’inquiétante faille de sécurité sur Internet ? | Les raisons du citron

  58. Pingback: pfSense : Faille OpenSSL heartbeat ( Heart Bleed bug ) – CVE-2014-0160 | Blog des télécoms

  59. How about advicing users to change their passwords for affected sites after having verified that the OpenSSL library has been patched and that the certificates have been renewed?

  60. Pingback: Heartbleed, jedno z największych naruszeń bezpieczeństwa w historii internetu | Dystopijna przyszłość, w której miasta zostały zniszczone przez potwory

  61. Pingback: Come funziona la falla Heartbleed? Ce lo spiega wired | Tecnologia e ricerca

  62. Pingback: Webbeveiliging blijkt al twee jaar lek - Niks te verbergen

  63. Pingback: Due terzi dei siti web mondiali colpiti | Nadia Germano

  64. Pingback: Heartbleed: Separating FAQ From FUD | InsideMySQL

  65. Pingback: Has the NSA Been Using the Heartbleed Bug as an Internet Peephole? – Wired | Everyday News Update

  66. Pingback: Has the NSA Been Using the Heartbleed Bug as an Internet Peephole? – Wired | Headline News Extra

  67. Pingback: The Heartbleed bug! | Libel

  68. Thanks for sharing these Snort rules.

    As I understand them, you’re only testing the first 5 bytes of the TLS records, hence they should also detect encrypted heartbeat records. Correct?

    To trigger the rule, a heartbeat record has to have more than 200 bytes of data and less than 16385.
    Why do you need this second condition (smaller than 16385)? Isn’t 16384 the maximum size of a TLS record?

  69. Pingback: Heartbleed Check and Fix

  70. Pingback: After ‘Catastrophic’ Security Bug, The Internet Needs A Password Reset | The Quantix Corner

  71. Pingback: Has the NSA Been Using the Heartbleed Bug as an Internet Peephole?Any News from Everywhere

  72. Pingback: » Heartbleed zebrał niezłe żniwo… Jak wygląda internet 2 dni po? Skąd już wyciekły hasła i ciasteczka? -- Niebezpiecznik.pl --

  73. Pingback: Has the NSA Been Using the Heartbleed Bug as an Internet Peephole? - Wired 2014

  74. Pingback: What You Need To Know About Heartbleed

  75. Pingback: Apple: ‘iOS, OS X en webdiensten niet getroffen door Heartbleed’ - iPhoneclub.nl

  76. Pingback: What You Need To Know About Heartbleed, A Really Major Bug That Short-Circuits Web Security | DIGIZENS

  77. Pingback: Heartbleed test for OpenVPN | falstaff – yet another tech blog

  78. Pingback: Heartbleed & NSA Exploits Secure Sockets Layer (SSL), Encryption Protocol | usnewsghost

  79. Pingback: OpenSSL vulnerability lets attackers quietly steal servers' private keys - Pakistan E Magazine

  80. Pingback: Has the NSA been using the Heartbleed Bug as an Internet Peephole? | Tek-Dude Systems

  81. Pingback: IT-Security-Links – Week 14/15 | SWITCH Security-Blog

  82. Pingback: Heartburn….. I mean Heartbleed | EI BlackOps

  83. Pingback: Qué podemos hacer ante "Heartbleed" el mayor fallo de seguridad de la historia de Internet / SGM HostSGM Host

  84. Pingback: La falla di Heartbleed che minaccia 2/3 degli utenti del web

  85. Pingback: Heartbleed Critical Vulnerability in OpenSSL | SecTechno

  86. Pingback: Heartbleed Testing and Detecting - FantaGhost FantaGhost

  87. Pingback: Falla Heartbleed: Cos'è e come proteggersi | GloboGuida

  88. Pingback: OpenSSL ‘heartbleed’ bug | Nathan

  89. Pingback: OpenSSL 'Heartbleed' Bug Leaks Sensitive Data - GeekYet

  90. Pingback: VU#720951: OpenSSL TLS heartbeat extension read overflow discloses sensitive information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s