If you are running HTTPS, SFTP, or any other SSL enabled service on the Internet, you *NEED* to know about this!
There! Now that that is out of the way... What is Heartbleed?
Heartbleed in a nutshell, is a bug in the OpenSSL that could allow a malicious attacker to:
- Steal OpenSSL private keys
- Steal OpenSSL secondary keys
- Retrieve up to 64kb of memory from the affected server
- As a result, decrypt all traffic between the server and client(s)
OpenSSL has already committed a fix for this issue here on Github
This flaw/vulnerability will mostly affect UNIX/Linux/BSD and associated services such as Apache Webserver.
Information on common clients:
- Windows (all versions): Probably unaffected (uses SChannel/SSPI), but attention should be paid to the TLS implementations in individual applications. For example, Cygwin users should update their OpenSSL packages.
- OSX and iOS (all versions): Probably unaffected. SANS implies it may be vulnerable by saying "OS X Mavericks has NO PATCH available", but others note that OSX 10.9 ships with OpenSSL 0.9.8y, which is not affected. Apple says: "OpenSSL libraries in OS X are deprecated, and OpenSSL has never been provided as part of iOS"
- Chrome (all platforms except Android): Probably unaffected (uses NSS)
- Chrome on Android: 4.1.1 may be affected (uses OpenSSL). Source. 4.1.2 should be unaffected, as it is compiled with heartbeats disabled. Source.
- Mozilla products (e.g. Firefox, Thunderbird, SeaMonkey, Fennec): Probably unaffected, all use NSS
- Any service that supports STARTLS (imap,smtp,http,pop) may also be affected.
If you are running internal servers protected by OpenSSL, you can validate their vulnerability status by using this python tool: -> Python tool to test internal SSL server
For a full explanation of the Heartbleed flaw in OpenSSL Go read these!
Affected Vendor Information (from CERT)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Debian GNU/Linux | Affected | 07 Apr 2014 | 08 Apr 2014 |
| Fedora Project | Affected | 07 Apr 2014 | 08 Apr 2014 |
| Fortinet, Inc. | Affected | 07 Apr 2014 | 09 Apr 2014 |
| FreeBSD Project | Affected | 07 Apr 2014 | 09 Apr 2014 |
| Gentoo Linux | Affected | 07 Apr 2014 | 08 Apr 2014 |
| Affected | 07 Apr 2014 | 09 Apr 2014 | |
| Juniper Networks, Inc. | Affected | 07 Apr 2014 | 09 Apr 2014 |
| Mandriva S. A. | Affected | 07 Apr 2014 | 07 Apr 2014 |
| NetBSD | Affected | 07 Apr 2014 | 08 Apr 2014 |
| OpenBSD | Affected | 07 Apr 2014 | 08 Apr 2014 |
| openSUSE project | Affected | - | 09 Apr 2014 |
| Red Hat, Inc. | Affected | 07 Apr 2014 | 08 Apr 2014 |
| Slackware Linux Inc. | Affected | 07 Apr 2014 | 07 Apr 2014 |
| Ubuntu | Affected | 07 Apr 2014 | 07 Apr 2014 |
| Infoblox | Not Affected | 07 Apr 2014 | 08 Apr 2014 |
According to OpenSSL:
OpenSSL Security Advisory [07 Apr 2014]
========================================
TLS heartbeat read overrun (CVE-2014-0160)
==========================================
A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley and Bodo Moeller for
preparing the fix.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
1.0.2 will be fixed in 1.0.2-beta2.
And According to US Cert: National Cyber Awareness System:TA14-098A: OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)
04/08/2014 08:46 AM EDT
Original release date: April 08, 2014
Systems Affected
Overview
- OpenSSL 1.0.1 through 1.0.1f
- OpenSSL 1.0.2-beta
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.Description
OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality. This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets. The sensitive information that may be retrieved using this vulnerability include:Exploit code is publicly available for this vulnerability. Additional details may be found in CERT/CC Vulnerability Note VU#720951.
- Primary key material (secret keys)
- Secondary key material (user names and passwords used by vulnerable services)
- Protected content (sensitive data used by vulnerable services)
- Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)
Impact
This flaw allows a remote attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time.
Solution
OpenSSL 1.0.1g has been released to address this vulnerability. Any keys generated with a vulnerable version of OpenSSL should be considered compromised and regenerated and deployed after the patch has been applied.
US-CERT recommends system administrators consider implementing Perfect Forward Secrecy to mitigate the damage that may be caused by future private key disclosures.
References:
http://heartbleed.com/
Heartbleed Check Site: Validate status of Internet facing servers
Python tool to test internal SSL server
TA14-098A: OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)
CERT: Vulnerability Note VU#720951
http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities
https://www.openssl.org/news/secadv_20140407.txt
OpenSSL fix on Github
http://www.ubuntu.com/usn/usn-2165-1/
https://rhn.redhat.com/errata/RHSA-2014-0376.html
http://security.stackexchange.com/questions/55119/does-the-heartbleed-vulnerability-affect-clients-as-severely
http://tools.cisco.com/security/center/viewAlert.x?alertId=33695
