Tuesday, April 8, 2014

OpenSSL heartbeat information disclosure

Overview

OpenSSL 1.0.1 contains a vulnerability that could disclose private information to an attacker.

Description

OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality (RFC6520). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets. The sensitive information that may be retrieved using this vulnerability include:
  • Primary key material (secret keys)
  • Secondary key material (user names and passwords used by vulnerable services)
  • Protected content (sensitive data used by vulnerable services)
  • Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)

Please see the Heartbleed website for more details. Exploit code for this vulnerability is publicly available. Any service that supports STARTLS (imap,smtp,http,pop) may also be affected.

Impact

By attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.

Solution

Apply an update

This issue is addressed in OpenSSL 1.0.1g. Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items.

Reports indicate that the use of mod_spdy can prevent the updated OpenSSL library from being utilized, as mod_spdy uses its own copy of OpenSSL. Please see https://code.google.com/p/mod-spdy/issues/detail?id=85 for more details.
Disable OpenSSL heartbeat support

This issue can be addressed by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the changes to take effect.

Use Perfect Forward Secrecy (PFS)

PFS can help minimize the damage in the case of a secret key leak by making it more difficult to decrypt already-captured network traffic. However, if a ticket key is leaked, then any sessions that use that ticket could be compromised. Ticket keys may only be regenerated when a web server is restarted.

Vendor Information 


VendorStatusDate NotifiedDate Updated
Check Point Software TechnologiesAffected07 Apr 201408 Apr 2014
Debian GNU/LinuxAffected07 Apr 201408 Apr 2014
Fedora ProjectAffected07 Apr 201408 Apr 2014
FreeBSD ProjectAffected07 Apr 201408 Apr 2014
Gentoo LinuxAffected07 Apr 201408 Apr 2014
Mandriva S. A.Affected07 Apr 201407 Apr 2014
NetBSDAffected07 Apr 201408 Apr 2014
OpenBSDAffected07 Apr 201408 Apr 2014
OpenSUSEAffected-08 Apr 2014
Red Hat, Inc.Affected07 Apr 201408 Apr 2014
Slackware Linux Inc.Affected07 Apr 201407 Apr 2014
UbuntuAffected07 Apr 201407 Apr 2014
InfobloxNot Affected07 Apr 201408 Apr 2014
m0n0wallNot Affected07 Apr 201408 Apr 2014
PeplinkNot Affected07 Apr 201408 Apr 2014
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)