Thứ Tư, 9 tháng 4, 2014

OpenSSL Heartbleed vulnerability(CVE-2014-0160) allows hackers to leak 64k of memory

OpenSSL Heartbleed vulnerability(CVE-2014-0160) allows hackers to leak 64k of memory


The bug( CVE-2014-0160), dubbed as 'HeartBleed', was independently discovered by Neel Mehta from Google Security team and Codenomicon.  The bug appropriately named HeartBleed because vulnerability is located in HeartBeat extension of OpenSSL and it leads to memory leak.

What versions of the OpenSSL are affected?

    OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
    OpenSSL 1.0.1g is NOT vulnerable
    OpenSSL 1.0.0 branch is NOT vulnerable
    OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Check whether Your server is vulnerable or not:
"http://filippo.io/Heartbleed/" allows to find whether your server is vulnerable to this bug or not.

Details about the Bug:

TLS Heartbeat extension is to ping from one end to another end - a specific message with size of it is being sent from client to server and server responds with the same message.

But, if an attacker send a small size of data(Let's say 1 kilo byte) and claims it's large size(64k), then the server(running vulnerable OpenSSL) will respond with 1 kilo byte of attacker's data + 63 kilobytes of data read from memory of the server.

How to fix it?

If your server is using OpenSSL 1.0.1 and 1.0.1f, then better upgrade to 1.0.1g. If you are using 1.0.0 and 0.9.8, you are not vulnerable to this bug.  As a temporary fix, users can remove HeartBeat extension by recompiling OpenSSL with -DOPENSSL_NO_HEARTBEATS

Technical details of this bug can be found:
http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html
http://heartbleed.com/

Here is POC script written in Python: https://gist.github.com/ixs/10116537
Metasploit Module :
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb

Nessus Plugin:
http://www.tenable.com/plugins/index.php?view=single&id=73404

Nmap Script(NSE):
http://nmap.org/nsedoc/scripts/ssl-heartbleed.html


Share This!


Người đăng: vào lúc
Nhãn:

Không có nhận xét nào:

Đăng nhận xét

Đăng ký: Đăng Nhận xét (Atom)