OpenSSL Heartbeat Vulnerability Can Lead to Private Information Disclosure
OpenSSL is a popular cryptographic software library used to provide SSL/TLS encryption services on the Internet. It is widely used and deployed to secure web servers, VPN remote access systems, and a number of other protected applications and web services.
In early April 2014, a serious vulnerability was disclosed in the implementation of the TLS/DTLS heartbeat function in certain versions of the OpenSSL software. The flaw allows an attacker to remotely retrieve the contents of private memory in use by the vulnerable SSL server. This private memory space often includes highly sensitive information, and the attacker may repeatedly connect to the server to collect information from memory such as:
- Private keys used to secure SSL transactions (can be used to decrypt protected information)
- Usernames and passwords used to secure vulnerable services
- Sensitive data sent to or from the server that is being secured by SSL
Exploit code exists for this vulnerability. In many cases, it is not easy to determine if an attacker has accessed or is accessing your system to exploit this vulnerability. If you have any SSL-protected systems, you should ensure that they are not vulnerable to this flaw as soon as is possible.
Details of the Issue
Versions of OpenSSL between 1.0.1 and 1.01f (including 1.0.1f) contain a flaw in the implementation of the TLS/DTLS heartbeat extension (RFC 6520). When this flaw is exploited it causes the server to leak the contents of memory from the server to the client. The vulnerability is referred to as the Heartbleed bug, because memory is leaked due to a flaw in the heartbeat extension.
Remote attackers can connect to a vulnerable server and access up to 64kB of the memory space of the vulnerable server. However, this 64kB limit only applies to a single heartbeat request. An attacker may request any number of 64kB memory chunks in order to obtain as much information as possible.
This vulnerability is especially dangerous because it allows a remote attacker to collect potentially sensitive information from a server’s memory in an ongoing manner, and it is difficult to know that these requests are being made.
The following versions of OpenSSL are affected:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) ARE vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
OpenSSL 1.0.1g was released on April 7, 2014 to address the vulnerability.
Note: Many commercial product vendors such as Juniper and Cisco utilize OpenSSL software in their products. It is important for you to not only verify that your web servers are secure, but also consider other systems that utilize SSL such as SSL VPNs, web proxies, load balancers, application delivery controllers, etc.
Security researchers at Codenomicon discovered this vulnerability and have posted a FAQ that addresses many common questions. Please visit the FAQ for additional details on the vulnerability, including information on how to address it: http://heartbleed.com/
The information below provides a list of some actions that you should consider in order to protect your systems and networks. This list is not comprehensive and there may be other actions that you choose to take. This is just a sample of some common techniques that can be used to address this OpenSSL vulnerability.
Find Vulnerable Systems It is important to identify vulnerable systems that need to be fixed. Start by checking systems that you believe are running SSL server software (web applications, SSL VPNs, etc.) to determine if they are vulnerable to this flaw. It is also important to look for not-so-obvious systems as well. There may be vulnerable systems on your network that you don’t know could be impacted. You should scan your network to find systems that are running vulnerable SSL implementations. If you have a vulnerability scanner (Nessus, NeXpose, Qualys, McAfee Vulnerability Manager, etc.) use it to scan your networks to identify vulnerable systems. You can also use a scanner such as nmap to identify servers using SSL, and then manually check for their vulnerability.
Update OpenSSL Server Software This issue is addressed in OpenSSL 1.0.1g. Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items.
Disable OpenSSL heartbeat support Generally, it is advisable to update to the latest version of the OpenSSL (or vendor-provided) software to address the vulnerability. However, if you cannot perform this update, but you do have access to compile your own version OpenSSL software from the source code, you can disable support for the heartbeat function by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag.
Identify and Block Attack Traffic It may be possible to use IDS/IPS systems to identify and block attack traffic attempting to exploit this vulnerability. Please check for the availability of signatures for your IDS/IPS system.
Check Cloud Applications After you have confirmed that your own systems are protected, don’t forget to pay attention to external systems (cloud applications) used to conduct business. Consider both enterprise applications and personal web sites. If the site was vulnerable, it may have been possible for an attacker to steal your login credentials and use them to access your data. You may need to consider changing login credentials for sites that were vulnerable and have now been fixed. The links below contain information on commonly used cloud applications and web sites and their current status:
- https://isc.sans.edu/diary/%2A+Patch+Now%3A+OpenSSL+%22Heartbleed%22+Vulnerability/17921 www.kb.cert.org/vuls/id/720951
- V1.0 (April 8, 2014): Advisory published.
- V1.1 (April 15, 2014): Updated with information on cloud applications.