“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
Security Advisory: https://www.openssl.org/news/secadv_20140407.txt
Patch: https://github.com/openssl/openssl/commit/96db9023b881d7cd9f379b0c154650d6c108e9a3
Manual Test: (Change yourdomain.com)
$ echo -e "quit\n" | openssl s_client -connect yourdomain.com:443 -tlsextdebug 2>&1| grep 'TLS server extension "heartbeat" (id=15), len=1'
Online Test: type a url into the form here: http://filippo.io/Heartbleed/
What should hosts do? http://security.stackexchange.com/questions/55076/what-should-a-website-operator-do-about-the-heartbleed-openssl-exploit
PoC exploit:
- http://www.exploit-db.com/exploits/32745/
- http://s3.jspenguin.org/ssltest.py
- https://gist.github.com/takeshixx/10107280
https://www.us-cert.gov/ncas/alerts/TA14-098A
Systems Affected
OpenSSL 1.0.1 through 1.0.1f
OpenSSL 1.0.2-betaOverview
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.
DescriptionOpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality. This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets. The sensitive information that may be retrieved using this vulnerability include:
Primary key material (secret keys)
Secondary key material (user names and passwords used by vulnerable services)
Protected content (sensitive data used by vulnerable services)
Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)Exploit code is publicly available for this vulnerability. Additional details may be found in CERT/CC Vulnerability Note VU#720951.
ImpactThis flaw allows a remote attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time.
SolutionOpenSSL 1.0.1g has been released to address this vulnerability. Any keys generated with a vulnerable version of OpenSSL should be considered compromised and regenerated and deployed after the patch has been applied.
US-CERT recommends system administrators consider implementing Perfect Forward Secrecy to mitigate the damage that may be caused by future private key disclosures.
References
MORE INFO:
http://www.kb.cert.org/vuls/id/720951