Difference between revisions of "SECADV 20140407"

From OpenSSLWiki
Jump to navigationJump to search
m
m (correct page name)
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= SECADV_2014047 =
+
= SECADV_20140407 =
  
 
A missing bounds check in the handling of the TLS heartbeat extension can be
 
A missing bounds check in the handling of the TLS heartbeat extension can be
Line 14: Line 14:
 
|-
 
|-
 
| 07-Apr-2014  
 
| 07-Apr-2014  
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140477]  
+
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140407]  
 
| TLS heartbeat read overrun
 
| TLS heartbeat read overrun
 
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060]  
 
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060]  
Line 33: Line 33:
  
 
Either party in an SSL/TLS channel can request a heartbeat response from the peer.  
 
Either party in an SSL/TLS channel can request a heartbeat response from the peer.  
This means a client and send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.
+
This means a client can send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.
  
 
== Solutions and Workarounds ==
 
== Solutions and Workarounds ==
Line 59: Line 59:
  
 
:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]
 
:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]
:* [https://gist.github.com/epixoip/10570627 '''Cloudfare Challenge Writeup'''] Jeremi M Gosney
+
:* [https://gist.github.com/epixoip/10570627 '''Cloudflare Challenge Writeup'''] Jeremi M Gosney
 
:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]
 
:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]
 
:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox
 
:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox
 
:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald
 
:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald
 
:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]
 
:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]

Latest revision as of 23:30, 5 June 2014

SECADV_20140407[edit]

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Date Advisory Description CVE Affected Versions Fixed In Versions
07-Apr-2014 SECADV_20140407 TLS heartbeat read overrun CVE-2014-1060 OpenSSL-1.0.1a to OpenSSL-1.0.1f

OpenSSL-1.0.2 betas

OpenSSL-1.0.1g

OpenSSL-1.0.2-beta2

Abstract[edit]

Due to a missing / incorrect bounds check in the code it is possible to return chunks of memory from a TLS peer (client or server) by sending invalid requests which are incorrectly processed.

The memory returned may contain sensitive information such as the private key, account names and/or passwords.

Technical Details[edit]

Either party in an SSL/TLS channel can request a heartbeat response from the peer. This means a client can send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.

Solutions and Workarounds[edit]

  • Upgrade to OpenSSL 1.0.1g.
    • This is the recommended option from the OpenSSL team.
  • Rebuild your affected OpenSSL release with the heartbeat feature disabled
    • This is as simple as a recompilation with -DOPENSSL_NO_HEARTBEATS
  • Block the heartbeat processing in your application code

Detecting Vulnerability[edit]

  • C code exampling using OpenSSL library to detect if a server is vulnerable. Requires completed handshake prior to sending invalid heartbeat probe.
  • Standalone perl script to detect if a server is vulnerable. Sends a ClientHello message and then an invalid heartbeat probe without waiting for the handshake to complete.
  • Regression / Unit Test Suite
  • Standalone Python script to detect if a server is vulnerable.

References[edit]