Saltar a la navegación Saltar al contenido principal Ir al pie de página

Heartbleed OpenSSL vulnerability

08 abril 2014

By Ollie Whitehouse

Previous current event – v1.8 of post

This was a current event and as such the blog post was subject to change over the course of a couple of days as we performed further supplementary research and analysis.

  • 1.8: Update to include Bro detection and further analysis. This is likely final public release – private analysis will now continue for clients / partners.
  • 1.7: Update to include further Snort signature
  • 1.6: Update to include link to Suricata detecting blog post
  • 1.5: Update to include sample Snort signature to detect attempts over TLS 1.1
  • 1.4: Update to show initial results from Ubuntu patch testing (12.04 LTS)
  • 1.3: Updated to include advice around certificate recreation based on feedback from Ben May and further advice around session termination
  • 1.2: Updated to include link to further checking tool
  • 1.1: Updated to include link to checking tool
  • 1.0: Initial version

Background

The OpenSSL project released a security advisory yesterday (April 7, 2014) for a serious vulnerability which is quickly becoming known as ‘the heartbleed bug’. The vulnerability was named by a co-discover on their website heartbleed.com due to fact that the vulnerability is in the implementation of RFC6520 in OpenSSL (the Heartbeat Extension).

Versions of OpenSSL affected / not affected

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Impact of exploitation

The impact of exploitation of this vulnerability is that memory contents that would otherwise be expected to remain private is leaked to the attacker. The server will not crash or otherwise exhibit suspicious behaviour. Successful exploitation may result in the leakage of usernames, password, web application session cookies or other sensitive information.

Recommendations to customers

NCC Group recommends that customers should in the short term:

  • Identify all Internet exposed systems which support SSL as a matter of urgency including but not limited to:
    • Web servers
    • E-mail servers
    • SSL VPNs
  • VoIP servers which implement SIP-S
  • It is important to include all OpenSSL protocols including those over UDP such as those which implement DTLS.
  • via network interrogation or host inspection firstly confirm if the heartbeat extension is supported on these hosts.
  • If the heartbeat extension is supported perform secondary analysis to identify if the host runs a vulnerable version of OpenSSL.
  • For identified vulnerable hosts consider one of the following courses of short term action:
    • Upgrade immediately if patches are available for the platform / device.
    • Deploy and/or configure network based protective monitoring for systems which cannot be disabled until patches become available.
    • Work with vendors of all affected hardware and software to ensure patches are deployed when made available.
    • Consider deploying a non OpenSSL based accelerator / proxy in front of all affected hosts to cause a protocol break protecting vulnerable hosts.
  • If you suspect you have been attacked prior to upgrading:
    • Consider revoking and creating fresh new SSL certificate private keys.
    • Invalidating all sessions within the context of any applications.

Tools

Detecting with Snort – v1

The official signatures have now been released here : http://vrt-blog.snort.org/2014/04/heartbleed-memory-disclosure-upgrade.html

During the day of April 8, 2014 before they were available NCC Group’s Cyber Threat Defensive Operations group developed the following signatures.

The following signature can be used to detect the use of the ssltest.py script and maybe other using TLS 1.1. No warranty is implied or otherwise etc…

alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"Potential Heartbleed attack with ssltest.py";flow:to_server,established; content:"|18 03 02 00 03 01 40 00|"; rawbytes; isdataat:!1,relative; reference:cve,2014-0160; sid: 6000000; rev:1;)

Please note the following caveats to this detection string:

  • This will only detect ssltest.py specifically
  • The attack can use TLS 1.1 or 1.2 (filippo.io uses 1.2)

Detecting with Snort – v2

We’ve developed further Snort signature that is more generic that will likely catch attempts to exploit the vulnerability that do not use the publically available script:

alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"Potential Heartbleed attack";flow:to_server,established; content:"|18 03|"; rawbytes; depth:2; byte_test:1,  , 3, 0, relative; byte_test:2, >, 200, 3, relative, big; reference:cve,2014-0160; sid: 6000001; rev:2;)

Detecting use Suricata

Details can be found on blog.inliniac.net

Detecting with Bro

The check can be found here however it hasn’t been well tested and you need to be running the topic/bernhard/heartbeat branch.

Ubuntu patching

Ubuntu 1.0.1-4ubuntu5.12 of OpenSSL resolves the issue. However it is important that if you wish to resolve this vulnerability for an Apache install that you also upgrade libssl specifically e.g. apt-get install libssl1.0.0 or you run the risk of upgrading OpenSSL but not actually resolving your exposure.

Technical Points of Interest

Neel Methta one of the original authors took to twitter to detail the risk posed to private SSL key material stating:

Neel Mehta ‏@neelmehta 
Heap allocation patterns make private key exposure unlikely for #heartbleed #dontpanic.

NCC Group research has successfully leaked for the following sensitive information in our testing:

  • URLs
  • Session information such as cookies
  • Credentials
  • VPN protected traffic

Further information

For further information:

Published date:  08 April 2014

Written by:  Ollie Whitehouse

Ollie Whitehouse

Ollie Whitehouse

Formally Group CTO for NCC Group 2017 - 2022