Difference between revisions of "SECADV 20140407"
From OpenSSLWiki
Jump to navigationJump to search (Initial list of useful links and summary details for heartbeat advisory) |
m (correct page name) |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | = | + | = SECADV_20140407 = |
A missing bounds check in the handling of the TLS heartbeat extension can be | A missing bounds check in the handling of the TLS heartbeat extension can be | ||
| Line 14: | Line 14: | ||
|- | |- | ||
| 07-Apr-2014 | | 07-Apr-2014 | ||
| − | | [https://www.openssl.org/news/secadv_20140407.txt | + | | [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140407] |
| TLS heartbeat read overrun | | TLS heartbeat read overrun | ||
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] | | [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] | ||
| Line 21: | Line 21: | ||
| OpenSSL-1.0.1g | | OpenSSL-1.0.1g | ||
OpenSSL-1.0.2-beta2 | OpenSSL-1.0.2-beta2 | ||
| − | |||
|} | |} | ||
| Line 34: | Line 33: | ||
Either party in an SSL/TLS channel can request a heartbeat response from the peer. | Either party in an SSL/TLS channel can request a heartbeat response from the peer. | ||
| − | This means a client | + | This means a client can send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end. |
== Solutions and Workarounds == | == Solutions and Workarounds == | ||
| Line 60: | Line 59: | ||
:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ] | :* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ] | ||
| − | :* [https://gist.github.com/epixoip/10570627 ''' | + | :* [https://gist.github.com/epixoip/10570627 '''Cloudflare Challenge Writeup'''] Jeremi M Gosney |
:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit] | :* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit] | ||
:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox | :* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox | ||
:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald | :* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald | ||
:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts] | :* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts] | ||
Latest revision as of 23:30, 5 June 2014
SECADV_20140407[edit]
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
| Date | Advisory | Description | CVE | Affected Versions | Fixed In Versions |
|---|---|---|---|---|---|
| 07-Apr-2014 | SECADV_20140407 | TLS heartbeat read overrun | CVE-2014-1060 | OpenSSL-1.0.1a to OpenSSL-1.0.1f
OpenSSL-1.0.2 betas |
OpenSSL-1.0.1g
OpenSSL-1.0.2-beta2 |
Abstract[edit]
Due to a missing / incorrect bounds check in the code it is possible to return chunks of memory from a TLS peer (client or server) by sending invalid requests which are incorrectly processed.
The memory returned may contain sensitive information such as the private key, account names and/or passwords.
Technical Details[edit]
Either party in an SSL/TLS channel can request a heartbeat response from the peer. This means a client can send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.
Solutions and Workarounds[edit]
- Upgrade to OpenSSL 1.0.1g.
- This is the recommended option from the OpenSSL team.
- Rebuild your affected OpenSSL release with the heartbeat feature disabled
- This is as simple as a recompilation with -DOPENSSL_NO_HEARTBEATS
- Block the heartbeat processing in your application code
- heartbeat_block.c Example application code showing msg_cb use to block heartbeat
- Upgrade to OpenSSL 1.0.1g.
Detecting Vulnerability[edit]
- heartbleed.c Rob Stradling
- C code exampling using OpenSSL library to detect if a server is vulnerable. Requires completed handshake prior to sending invalid heartbeat probe.
- check-ssl-heartbleed.pl Steffen Ullrich
- Standalone perl script to detect if a server is vulnerable. Sends a ClientHello message and then an invalid heartbeat probe without waiting for the handshake to complete.
- heartbleed_test.c Mike Bland (git pull request)
- Regression / Unit Test Suite
- Standalone Python script to detect if a server is vulnerable.
References[edit]
- HeartBleed CodeNomicon
- Cloudflare Challenge Writeup Jeremi M Gosney
- RedHat fix commit
- Timeline Mark J Cox
- Heartbleed disclosure timeline: who knew what and when Sydney Morning Herald
- Bugs in Heartbleed detection scripts
