SECADV 20140407

From OpenSSLWiki
Revision as of 23:29, 5 June 2014 by Tjh (talk | contribs) (moved SECADV 2014047 to SECADV 20140407: get the name right)
Jump to navigationJump to search

SECADV_2014047

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Date Advisory Description CVE Affected Versions Fixed In Versions
07-Apr-2014 SECADV_20140477 TLS heartbeat read overrun CVE-2014-1060 OpenSSL-1.0.1a to OpenSSL-1.0.1f

OpenSSL-1.0.2 betas

OpenSSL-1.0.1g

OpenSSL-1.0.2-beta2

Abstract

Due to a missing / incorrect bounds check in the code it is possible to return chunks of memory from a TLS peer (client or server) by sending invalid requests which are incorrectly processed.

The memory returned may contain sensitive information such as the private key, account names and/or passwords.

Technical Details

Either party in an SSL/TLS channel can request a heartbeat response from the peer. This means a client can send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.

Solutions and Workarounds

  • Upgrade to OpenSSL 1.0.1g.
    • This is the recommended option from the OpenSSL team.
  • Rebuild your affected OpenSSL release with the heartbeat feature disabled
    • This is as simple as a recompilation with -DOPENSSL_NO_HEARTBEATS
  • Block the heartbeat processing in your application code

Detecting Vulnerability

  • C code exampling using OpenSSL library to detect if a server is vulnerable. Requires completed handshake prior to sending invalid heartbeat probe.
  • Standalone perl script to detect if a server is vulnerable. Sends a ClientHello message and then an invalid heartbeat probe without waiting for the handshake to complete.
  • Regression / Unit Test Suite
  • Standalone Python script to detect if a server is vulnerable.

References