Professional Documents
Culture Documents
Official txt file from http://www.openssl.org/news/secadv_20140407.txt: \OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2.
It's time to update your passwords to various sites affected by the Heartbleed bug. Image: Mashable composite. iStockphoto, SoberP
By Mashable Team2 days ago An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services ones you might use every day, like Gmail and Facebook and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years. But it hasn't always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We've rounded up their responses below. See also: How to Protect Yourself From the Heartbleed Bug Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure. Although changing your password regularly is always good practice, if a site or service hasn't yet patched the problem, your information will still be vulnerable. Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you'll need to change the password everywhere. It's not a good idea to use the same password across multiple sites, anyway. We'll keep updating the list as new information comes in. Last update: April 11, 6:14 p.m. ET
Social Networks
Do you need to Was it Is there a change affected? patch? your password? Facebook Unclear Yes Yes Yes
Instagram Yes
Yes
Yes Yes
No
No
No
Yes
Yes
Yes Yes
Tumblr
Yes
Yes
Yes Yes
No
Yes
Unclear
"We added protections for Facebooks implementation of OpenSSL before this issue was publicly disclosed. We havent detected any signs of suspicious account activity, but we encourage people to ... set up a unique password." "Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed. But because this event impacted many services across the web, we recommend you update your password on Instagram and other sites, particularly if you use the same password on multiple sites. "We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties." "We fixed the issue on Pinterest.com, and didnt find any evidence of mischief. To be extra careful, we emailed Pinners who may have been impacted, and encouraged them to change their passwords." "We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue." Twitter wrote that OpenSSL "is widely used across the internet and at Twitter. We were able to determine that [our] servers were not affected by this vulnerability. We are continuing to monitor the situation." While reiterating that they were unaffected, Twitter told Mashable that they did apply a patch.
Other Companies
Do you need to Was it Is there a change affected? patch? your password? Apple Amazon Google No No Yes No No Yes No No What did they say?
"iOS and OS X never incorporated the vulnerable software and key web-based services were not affected." "Amazon.com is not affected."
patches to key Google services. Search, Gmail, YouTube, Wallet, Play, Apps and App Engine were affected; Google Chrome and Chrome OS were not. *Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry. Microsoft services were not running OpenSSL, according to LastPass. "As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now." Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr were patched. More patches to come, Yahoo says.
Microsoft No
No
No
Yahoo
Yes
Yes
Yes Yes
Email
Do you need to Was it Is there a change affected? patch? your password? AOL No No No What did they say?
AOL told Mashable it was not running the vulnerable version of the software. We have assessed the SSL vulnerability and applied patches to key Google services. passwords, but because of the previous vulnerability, better safe than sorry. Microsoft services were not running OpenSSL, according to LastPass. "As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now."
Gmail
Yes
Yes
No Yes
No Yes Yes
Do you need to Was it Is there a change affected? patch? your password? Amazon No No No
Yes
Yes Yes
eBay
No
No
No
Etsy
Yes*
Yes
Yes Yes
GoDaddy
Yes
Yes
Yes Yes
Groupon
No
No
No
Nordstrom
No
No
No
PayPal
No
No
No
Target
No
No
No
Walmart
No
No
No
Minecraft Yes
Netflix
Yes
Yes
Yes Yes
SoundCloud Yes
Yes
Yes Yes
"As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now." No comment provided. "We were forced to temporary suspend all of our services. ... The exploit has been fixed. We can not guarantee that your information wasn't compromised." More Information "Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact. Its a good practice to change passwords from time to time, now would be a good time to think about doing so. " SoundCloud emphasized that there were no indications of any foul play and that the company's actions were simply precautionary. We have assessed the SSL vulnerability and applied patches to key Google services. passwords, but because of the previous vulnerability, better safe than sorry.
YouTube
Yes
Yes
Do you need to Was it Is there a change affected? patch? your password? Bank of America No Barclays Capital One Chase Citigroup E*Trade Fidelity PNC Schwab Scottrade No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No
"A majority of our platforms do NOT use OpenSSL, and the ones that do, we have confirmed no vulnerabilities." No comment provided. "Capital One uses a version of encryption that is not vulnerable to Heartbleed." "These sites dont use the encryption software that is vulnerable to the Heartbleed bug." Citigroup does not use Open SSL in "customerfacing retail banking and credit card sites and mobile apps" E*Trade is still investigating. "We have multiple layers of security in place to protect our customer sites and services." "We have tested our online and mobile banking systems and confirmed that they are not vulnerable to the Heartbleed bug." "Efforts to date have not detected this vulnerability on Schwab.com or any of our online channels." "Scottrade does not use the affected version of OpenSSL on any of our client-facing platforms." TD Ameritrade "doesn't use the versions of openSSL that were vulnerable." "We're currently taking precautions and steps to protect customer data from this threat and have no reason to believe any customer data has been compromised in the past." "The T. Rowe Price websites are not vulnerable to the Heartbleed SSL bug nor were they vulnerable in the past." "We do not use OpenSSL for customer-facing, Internet banking channels, so U.S. Bank customer data is NOT at risk." "We are not using, and have not used, the vulnerable version of OpenSSL." No reason provided.
TD Ameritrade No TD Bank No
No No No No
No No No No
No No No No
Do you need to Was it Is there a change affected? patch? your password? 1040.com No No No No No
FileYour Taxes.com No
No No
No No
No No
Intuit (TurboTax)
No
No
No
IRS
No
No
No
TaxACT USAA
No Yes
No Yes
No Yes Yes
"We're not vulnerable to the Heartbleed bug, as we do not use OpenSSL." "We continuously patch our servers to keep them updated. However, the version we use was not affected by the issue, so no action was taken." "We are reviewing our systems and currently have found no risk to client data from this issue." "Healthcare.gov consumer accounts are not affected by this vulnerability." Turbotax wrote that "engineers have verified TurboTax is not affected by Heartbleed." The company has issued new certificates anyway, and said it's not "proactively advising" users to change their passwords. "The IRS continues to accept tax returns as normal ... and systems continue operating and are not affected by this bug. We are not aware of any security vulnerabilities related to this situation." "Customers can update their passwords at any time, although we are not proactively advising them to do so at this time." USAA said that it has "already taken measures to help prevent a data breach and implemented a patch earlier this week."
Other
Do you need to Was it Is there a What did they change affected? patch? say? your password? Box Yes Yes Yes Yes
"We're currently working with our customers to proactively reset passwords and are
Do you need to Was it Is there a What did they change affected? patch? say? your password?
also reissuing new SSL certificates for added protection." On Twitter: "Weve patched all of our userfacing services & will continue to work to make sure your stuff is always safe." "Evernote's service, Evernote apps, and Evernote websites ... all use nonOpenSSL implementations of SSL/TLS to encrypt network communications." Full Statement GitHub said it has patched all its systems, deployed new SSL certificates and revoked old ones. GitHub is asking all users to change password, enable two-factor authentication and "revoke and recreate personal access and application tokens." IFTTT emailed all its users and logged them out, prompting them to change their
Dropbox
Yes
Yes
Yes Yes
Evernote
No
No
No
GitHub
Yes
Yes
Yes Yes
IFTTT
Yes
Yes
Yes Yes
Do you need to Was it Is there a What did they change affected? patch? say? your password?
password on the site. "We, like most of the Internet, were stunned that such a serious bug has existed for so long and was so widespread." Sites do not use OpenSSL. Spideroak said it patched its servers, but the desktop client doesn't use a vulnerable version of OpenSSL, so "customers do not need to take any special action." Wordpress tweeted that it has taken "immediate steps" and "addressed the Heartbleed OpenSSL exploit," but it's unclear if the issue is completely solder. When someone asked Matt Mullenweg, WordPress' founding developer, when the site's SSL certificates will be replaced and when users will be able to reset
OKCupid
Yes
Yes
Yes Yes
No
No
SpiderOak
Yes
Yes
No
Wordpress
Unclear
Unclear
Unclear
Do you need to Was it Is there a What did they change affected? patch? say? your password?
passwords, he simply answered: "soon." "Youll have to simply log back into Wunderlist. We also strongly recommend that you reset your password for Wunderlist." Full Statement
Wunderlist
Yes
Yes
Yes Yes
Password Managers
Do you need to Was it Is there a change affected? patch? your password? 1Password No No No What did they say?
Dashlane
Yes
Yes
No
LastPass
Yes
Yes
No
1Password said in a blog post that its technology "is not built upon SSL/TLS in general, and not upon OpenSSL in particular." So users don't need to change their master password. Dashlane said in a blog post users' accounts were not impacted and the master password is safe as it is never transmitted. The site does use OpenSSL when syncing data with its servers but Dashlane said it has patched the bug, issued new SSL certificates and revoked previous ones. "Though LastPass employs OpenSSL, we have multiple layers of encryption to protect our users and never have access to those encryption keys." Users don't need to change their master passwords because they're never sent to the server. But passwords for other sites stored in LastPass might need to be changed.
Reporters who contributed to this story include Samantha Murphy Kelly, Lorenzo FrancheschiBicchierai, Seth Fiegerman, Adario Strange and Kurt Wagner.
What other sites are you concerned about? Let us know in the comments. BONUS: What Is the Heartbleed Bug? Topics: Apps and Software, banks, Facebook, Heartbleed Bug, Mashable Must Reads, Mobile, security, Tech, Twitter, U.S., World, Yahoo
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Whatleaksinpractice?
We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.
Howtostoptheleak?
As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.
Q&A WhatistheCVE20140160?
CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently went public with the CVE-2014-0160 identifier.
WhyitiscalledtheHeartbleedBug?
Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
WhatmakestheHeartbleedBugunique?
Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.
IsthisadesignflawinSSL/TLSprotocolspecification?
No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.
Whatisbeingleaked?
Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material, 2) secondary key material and 3) protected content and 4) collateral.
Whatisleakedprimarykeymaterialandhowtorecover?
These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.
Whatisleakedsecondarykeymaterialandhowtorecover?
These are for example the user credentials (user names and passwords) used in the vulnerable services. Recovery from this leaks requires owners of the service first to restore trust to the service according to steps described above. After this users can start changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised. All session keys and session cookies should be invalided and considered compromised.
Whatisleakedprotectedcontentandhowtorecover?
This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly. Most important thing is to restore trust to the primary and secondary key material as described above. Only this enables safe use of the compromised services in the future.
Whatisleakedcollateralandhowtorecover?
Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.
Recoverysoundslaborious,isthereashortcut?
After seeing what we saw by "attacking" ourselves, with ease, we decided to take this very seriously. We have gone laboriously through patching our own critical services and are in progress of dealing with possible compromise of our primary and secondary key material. All this just in case we were not first ones to discover this and this could have been exploited in the wild already.
Howrevocationandreissuingofcertificatesworksinpractice?
If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.
AmIaffectedbythebug?
You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.
Howwidespreadisthis?
Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft's April 2014 Web Server Survey. Furthermore OpenSSL is used to protect for example email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most. Furthermore OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.
WhatversionsoftheOpenSSLareaffected?
Status of different versions:
OpenSSL 1. 0. 1t hr ough 1. 0. 1f( i ncl usi ve)ar e vul ner abl e OpenSSL 1. 0. 1g i s NOT vul ner abl e OpenSSL 1. 0. 0 br anch i s NOT vul ner abl e OpenSSL 0. 9. 8 br anch i s NOT vul ner abl e
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
HowcommonarethevulnerableOpenSSLversions?
The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).
Howaboutoperatingsystems?
Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
Debi an W heezy ( st abl e) ,OpenSSL 1. 0. 1e2+deb7u4 Ubunt u 12. 04. 4 LTS,OpenSSL 1. 0. 14ubunt u5. 11 Cent OS 6. 5,OpenSSL 1. 0. 1e15 Fedor a 18,OpenSSL 1. 0. 1e4 OpenBSD 5. 3( OpenSSL 1. 0. 1c 10 M ay 2012)and 5. 4( OpenSSL 1. 0. 1c 10 M ay 2012) Fr eeBSD 10. 0 -OpenSSL 1. 0. 1e 11 Feb 2013 Net BSD 5. 0. 2( OpenSSL 1. 0. 1e) OpenSUSE 12. 2( OpenSSL 1. 0. 1c)
Debi an Squeeze ( ol dst abl e) ,OpenSSL 0. 9. 8o4squeeze14 SUSE Li nux Ent er pr i se Ser ver Fr eeBSD 8. 4 -OpenSSL 0. 9. 8y 5 Feb 2013 Fr eeBSD 9. 2 -OpenSSL 0. 9. 8y 5 Feb 2013 Fr eeBSD 10. 0p1 -OpenSSL 1. 0. 1g ( At8 Apr18: 27: 46 2014 UTC) Fr eeBSD Por t s -OpenSSL 1. 0. 1g ( At7 Apr21: 46: 40 2014 UTC) HowcanOpenSSLbefixed?
Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so latest fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.
Shouldheartbeatberemovedtoaidindetectionofvulnerable services?
Recovery from this bug could benefit if the new version of the OpenSSL would both fix the bug and disable heartbeat temporarily until some future version. It appears that majority if not almost
all TLS implementations that respond to the heartbeat request today are vulnerable versions of OpenSSL. If only vulnerable versions of OpenSSL would continue to respond to the heartbeat for next few months then large scale coordinated response to reach owners of vulnerable services would become more feasible.
CanIdetectifsomeonehasexploitedthisagainstme?
Exploitation of this bug leaves no traces of anything abnormal happening to the logs.
CanIDS/IPSdetectorblockthisattack?
Although the content of the heartbeat request is encrypted it has its own record type in the protocol. This should allow intrusion detection and prevention systems (IDS/IPS) to be trained to detect use of the heartbeat request. Due to encryption differentiating between legitimate use and attack can not be based on the content of the request, but the attack may be detected by comparing the size of the request against the size of the reply. This seems to imply that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.
Hasthisbeenabusedinthewild?
We don't know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.
Canattackeraccessonly64kofthememory?
There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.
IsthisaMITMbuglikeApple'sgotofailbugwas?
No this doesn't require a man in the middle attack (MITM). Attacker can directly contact the vulnerable service or attack any user connecting to a malicious service. However in addition to direct threat the theft of the key material allows man in the middle attackers to impersonate compromised services.
DoesTLSclientcertificateauthenticationmitigatethis?
No, heartbeat request can be sent and is replied to during the handshake phase of the protocol. This occurs prior to client certificate authentication.
DoesOpenSSL'sFIPSmodemitigatethis?
No, OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable heartbeat functionality.
DoesPerfectForwardSecrecy(PFS)mitigatethis?
Use of Perfect Forward Secrecy (PFS), which is unfortunately rare but powerful, should protect past communications from retrospective decryption. Please see https://twitter.com/ivanristic/status/453280081897467905 how leaked tickets may affect this.
CanheartbeatextensionbedisabledduringtheTLShandshake?
No, vulnerable heartbeat extension code is activated regardless of the results of the handshake phase negotiations. Only way to protect yourself is to upgrade to fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the code.
WhofoundtheHeartbleedBug?
This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.
WhatistheDefensicsSafeGuard?
The SafeGuard feature of the Codenomicon's Defensics security testtools automatically tests the target system for weaknesses that compromise the integrity, privacy or safety. The SafeGuard is systematic solution to expose failed cryptographic certificate checks, privacy leaks or authentication bypass weaknesses that have exposed the Internet users to man in the middle attacks and eavesdropping. In addition to the Heartbleed bug the new Defensics TLS Safeguard feature can detect for instance the exploitable security flaw in widely used GnuTLS open source software implementing SSL/TLS functionality and the "goto fail;" bug in Apple's TLS/SSL implementation that was patched in February 2014.
Whocoordinatesresponsetothisvulnerability?
NCSC-FI took up the task of reaching out to the authors of OpenSSL, software, operating system and appliance vendors, which were potentially affected. However, this vulnerability was found and details released independently by others before this work was completed. Vendors should be notifying their users and service providers. Internet service providers should be notifying their end users where and when potential action is required.
Isthereabrightsidetoallthis?
For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.
Wheretofindmoreinformation?
This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt. NCSC-FI published an advisory at https://www.cert.fi/en/reports/2014/vulnerability788210.html. Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.
References
CVE20140160 NCSCFIcase# 788210 OpenSSL Secur i t y Advi sor y( publ i shed 7t h ofApr i l2014,~17: 30 UTC) Cl oudFl ar e:St ayi ng ahead ofOpenSSL vul ner abi l i t i es ( publ i shed 7t h ofApr i l2014,
~18: 00 UTC)
hear t bl eed. com ( publ i shed 7t h ofApr i l2014,~19: 00 UTC) Ubunt u / Secur i t y Not i ce USN21651 Fr eshPor t s / openssl1. 0. 1_10 TorPr oj ect/ OpenSSL bug CVE20140160 RedHat/ RHSA2014: 03761 Cent OS / CESA2014: 0376 Fedor a / St at us on CVE20140160 CERT/CC ( USA) NCSCFI( Fi nl and) CERT. at( Aust r i a) CI RCL ( Luxem bour g) CERTFR ( Fr ance) J PCERT/CC ( J apan) CERTSE ( Sweden) Nor CERT ( Nor way) NCSCNL ( Net her l ands) CNCERT/CC ( Peopl e' s Republ i c ofChi na) Publ i c Saf et y Canada LI TNET CERT ( Li t huani a) M yCERT ( M al aysi a) UNAM CERT ( M exi co)
OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2.
Today a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160). We fixed this vulnerability
last week before it was made public. All sites that use CloudFlare for SSL have received this fix and are automatically protected. OpenSSL is the core cryptographic library CloudFlare uses for SSL/TLS connections. If your site is on CloudFlare, every connection made to the HTTPS version of your site goes through this library. As one of the largest deployments of OpenSSL on the Internet today, CloudFlare has a responsibility to be vigilant about fixing these types of bugs before they go public and attackers start exploiting them and putting our customers at risk. We encourage everyone else running a server that uses OpenSSL to upgrade to version 1.0.1g to be protected from this vulnerability. For previous versions of OpenSSL, re-compiling with the OPENSSL_NO_HEARTBEATS flag enabled will protect against this vulnerability. OpenSSL 1.0.2 will be fixed in 1.0.2-beta2. This bug fix is a successful example of what is called responsible disclosure. Instead of disclosing the vulnerability to the public right away, the people notified of the problem tracked down the appropriate stakeholders and gave them a chance to fix the vulnerability before it went public. This model helps keep the Internet safe. A big thank you goes out to our partners for disclosing this vulnerability to us in a safe, transparent, and responsible manner. We will announce more about our responsible disclosure policy shortly. Just another friendly reminder that CloudFlare is on top of things and making sure your sites stay as safe as possible.
opensslvulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
OpenSSL could be made to expose sensitive information over the network, possibly including private keys.
Softwaredescription
Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160) Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076)
Updateinstructions
The problem can be corrected by updating your system to the following package version:
Ubunt u 13. 10: 0. 1e3ubunt u1. 2 l i bssl 1. 0. 0 1. Ubunt u 12. 10: l i bssl 1. 0. 0 1. 0. 1c3ubunt u2. 7 Ubunt u 12. 04 LTS: l i bssl 1. 0. 0 1. 0. 14ubunt u5. 12
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them.
References
CVE-2014-0076, CVE-2014-0160
A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which can be used to reveal memory to a connected client or server. If you're using an older OpenSSL version, you're safe. Note that this bug affects way more programs than just Tor expect everybody who runs an https webserver to be scrambling today. If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle. Here are our first thoughts on what Tor components are affected: 1. Clients: The browser part of Tor Browser shouldn't be affected, since it uses libnss rather than openssl. But the Tor client part is: Tor clients could possibly be induced to send sensitive information like "what sites you visited in this session" to your entry guards. If you're using TBB we'll have new bundles out shortly; if you're using your operating system's Tor package you should get a new OpenSSL package and then be sure to manually restart your Tor. 2. Relays and bridges: Tor relays and bridges could maybe be made to leak their mediumterm onion keys (rotated once a week), or their long-term relay identity keys. An attacker who has your relay identity key can publish a new relay descriptor indicating that you're at a new location (not a particularly useful attack). An attacker who has your relay identity key, has your onion key, and can intercept traffic flows to your IP address can impersonate your relay (but remember that Tor's multi-hop design means that attacking just one relay in the client's path is not very useful). In any case, best practice would be to update your OpenSSL package, discard all the files in keys/ in your DataDirectory, and
3.
4.
5. 6. 7.
restart your Tor to generate new keys. (You will need to update your MyFamily torrc lines if you run multiple relays.) Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays. Like the last big OpenSSL bug, this shouldn't allow an attacker to identify the location of the hidden service [edit: if it's your entry guard that extracted your key, they know where they got it from]. Also, an attacker who knows the hidden service identity key can impersonate the hidden service. Best practice would be to move to a new hidden-service address at your convenience. Directory authorities: In addition to the keys listed in the "relays and bridges" section above, Tor directory authorities might leak their medium-term authority signing keys. Once you've updated your OpenSSL package, you should generate a new signing key. Long-term directory authority identity keys are offline so should not be affected (whew). More tricky is that clients have your relay identity key hard-coded, so please don't rotate that yet. We'll see how this unfolds and try to think of a good solution there. Tails is still tracking Debian oldstable, so it should not be affected by this bug. Orbot looks vulnerable; they have some new packages available for testing. The webservers in the https://www.torproject.org/ rotation needed (and got) upgrades. Maybe we'll need to throw away our torproject SSL web cert and get a new one too. arma's blog
RHSA-2014:0376-1 Security Advisory Important 2014-04-08 2014-04-08 Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server AUS (v. 6.5) Red Hat Enterprise Linux Server EUS (v. 6.5.z) Red Hat Enterprise Linux Workstation (v. 6) CVEs (cve.mitre.org): CVE-2014-0160 Advisory: Type: Severity: Issued on: Last updated on: Affected Products:
Details
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
Updated packages
IA-32: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d
b5b40
openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm
openssl-perl-1.0.1e16.el6_5.7.i686.rpm
x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40
openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm
MD5: 5c399d655138be5a4b5da773e3b1af6c openssl-perl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f1 m 7cafc MD5: b8e2eb964b0b4f4d9fc6ea9676aba257 openssl-static-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0 m 4f8e1
x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40
openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm
2e9ee MD5: 5c399d655138be5a4b5da773e3b1af6c openssl-perl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f1 m 7cafc MD5: b8e2eb964b0b4f4d9fc6ea9676aba257 openssl-static-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0 m 4f8e1
openssl-perl-1.0.1e16.el6_5.7.i686.rpm
openssl-perl-1.0.1e16.el6_5.7.ppc64.rp m
openssl-debuginfo1.0.1e16.el6_5.7.s390.rpm openssl-debuginfo1.0.1e16.el6_5.7.s390x.rp m
MD5: 5478d41f8af69e0c21468ff90d49f750 SHA-256: 1e9693397028bfca10fed84ba85a3981e835213adf75ab032ac05ef0798 f3013 MD5: 2a36a3495e5b933db6fa16cc89c43f98 SHA-256: ad3cd9120e80eee4e72a97882e1241cb1f70c84bf867f055727d585c026 f4cf8 MD5: 9a6237cb10297cb39334212839902b94
openssl-perl-1.0.1e16.el6_5.7.s390x.rp m
x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40
openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm
MD5: 7cade331d0b12f7cfa0bb303b8784f37
Red Hat Enterprise Linux Server AUS (v. 6.5) SRPMS: openssl-1.0.1e16.el6_5.7.src.rpm
MD5: bd8cd18d0d76eeca5d08781b5b6712b8 SHA-256: dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2b c90d1
x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40
openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm
Red Hat Enterprise Linux Server EUS (v. 6.5.z) SRPMS: openssl-1.0.1e16.el6_5.7.src.rpm
MD5: bd8cd18d0d76eeca5d08781b5b6712b8 SHA-256: dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2b c90d1
openssl-perl-1.0.1e16.el6_5.7.i686.rpm
a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91 eb353
MD5: c1709822e20782dc8c503e04ee788df9
openssl-perl-1.0.1e16.el6_5.7.ppc64.rp m
s390x:
MD5: ba5e1e1f5be9e2cccb0b3bc445b55ccb SHA-256: 413bf4dbb9b49a69e2cd9dcae4a857f28dd9157ea05734728420860c4ba d6555 MD5: ae631cd74f8859e205c04012bf7f19ee SHA-256: ba01c34c8cb72a5b3f1912bb078432f78a3114cbbe74c4c0c46b795f118 a7dfa MD5: 5478d41f8af69e0c21468ff90d49f750 SHA-256: 1e9693397028bfca10fed84ba85a3981e835213adf75ab032ac05ef0798 f3013 MD5: 2a36a3495e5b933db6fa16cc89c43f98 SHA-256: ad3cd9120e80eee4e72a97882e1241cb1f70c84bf867f055727d585c026 f4cf8 MD5: 9a6237cb10297cb39334212839902b94
openssl-perl-1.0.1e16.el6_5.7.s390x.rp m
x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40
openssl-debuginfo-
MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e
1.0.1e16.el6_5.7.i686.rpm
MD5: 7cade331d0b12f7cfa0bb303b8784f37
openssl-perl-1.0.1e16.el6_5.7.i686.rpm
x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40
openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm
openssl-static-1.0.1e-
MD5: b8e2eb964b0b4f4d9fc6ea9676aba257
4f8e1
(The unlinked packages above are only available from the Red Hat Network)
References
https://www.redhat.com/security/data/cve/CVE-2014-0160.html https://access.redhat.com/security/updates/classification/#important
Previous message: [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround Next message: [CentOS-announce] CESA-2014:0383 Moderate CentOS 6 samba4 Update Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
CentOS Errata and Security Advisory 2014:0376 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 1.0.1e-16.el6_5.7.i686.rpm ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba devel-1.0.1e-16.el6_5.7.i686.rpm 5724d24708d8b62ee48585ea530d379c258a9dd537ce3d350a61af4489c11ea5 perl-1.0.1e-16.el6_5.7.i686.rpm 601108f27b4716355d972d70e8711b6ff53f4375962b3d6e81321736c6709b90 static-1.0.1e-16.el6_5.7.i686.rpm
opensslopensslopensslopenssl-
x86_64: 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 1.0.1e-16.el6_5.7.i686.rpm 42cdc321aa3d46889c395c5d6dc11961ed86be5f4d98af0d6399d6c4e1233712 1.0.1e-16.el6_5.7.x86_64.rpm ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba devel-1.0.1e-16.el6_5.7.i686.rpm 3328f32f211b2e136c25ec8538c768049f288f0b410932b31880fa4b4de8e73b devel-1.0.1e-16.el6_5.7.x86_64.rpm 89cdbaed00f8348a6a6d567c6c1eb8aba9f94578653be475e826e24c51f10594 perl-1.0.1e-16.el6_5.7.x86_64.rpm 9222db08c5cbf4fded04fd7d060f5b91ed396665e2baa4c899fc2aa8aa9297d0 static-1.0.1e-16.el6_5.7.x86_64.rpm Source: 3a08cda99f54b97c027ed32758e7b1ddcff635be5c3737c1e9084321561a015d 1.0.1e-16.el6_5.7.src.rpm
opensslopensslopensslopensslopensslopenssl-
openssl-
Next message: Status on CVE-2014-0160, aka "Heartbleed" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings, Fedora community: We're aware of the recently disclosed CVE-2014-0160 (aka "Heartbleed"): https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl) https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl) The issue affects the currently supported Fedora 19 and Fedora 20 releases. Updates for openssl packages are available now, and mirrors near you will receive them shortly. If you do not want to wait for your local mirror to get updates, you can retrieve and install packages directly: For Fedora 19 x86_64:
yum -y install koji koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1 yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm For Fedora 20 x86_64: yum -y install koji koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1 yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20 only). Package updates for mingw-openssl will receive fixes shortly and we'll update the community when they are available. Note that Fedora 18, which is no longer supported by the Fedora community, is also affected by this issue. Fedora 17 and previous releases, also no longer supported, are not affected by this issue. Fedora Release Engineering is currently regenerating AMIs and qcow2/kvm images to include the fix. The Fedora Infrastructure team is working to assess any additional impact, and will update the community as we develop more information. Thanks for your patience as we work on this issue. ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing package updates, and Major Hayden for providing the manual update guidance above.
-Robyn Bergeron
Overview
OpenSSL 1.0.1 contains a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed."
Description
OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality (RFC6520). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of up to 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to increase the chances that a leaked chunk contains the intended secrets. The sensitive information that may be retrieved using this vulnerability include:
Pr i m ar y key m at er i al( secr etkeys) Secondar y key m at er i al( usernam es and passwor ds used by vul ner abl e ser vi ces) Pr ot ect ed cont ent( sensi t i ve dat a used by vul ner abl e ser vi ces) Col l at er al( m em or y addr esses and cont entt hatcan be l ever aged t o bypass expl oi tm i t i gat i ons)
t ef orm or e det ai l s.Expl oi tcode f ort hi s Pl ease see t he Hear t bl eed websi vul ner abi l i t yi s publ i cl y avai l abl e.Any ser vi ce t hatsuppor t s STARTTLS ( i m ap, sm t p, ht t p, pop)m ay al so be af f ect ed. Impact
By attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.
Solution
Apply an update This issue is addressed in OpenSSL 1.0.1g. Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items. Old keys should be revoked. Reports indicate that the use of mod_spdy can prevent the updated OpenSSL library from being utilized, as mod_spdy uses its own copy of OpenSSL. Please see https://code.google.com/p/modspdy/issues/detail?id=85 for more details. Disable OpenSSL heartbeat support
This issue can be addressed by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the changes to take effect. Use Perfect Forward Secrecy (PFS) PFS can help minimize the damage in the case of a secret key leak by making it more difficult to decrypt already-captured network traffic. However, if a ticket key is leaked, then any sessions that use that ticket could be compromised. Ticket keys may only be regenerated when a web server is restarted.
Dat e Not i f i ed -
Dat e Updat ed 09 Apr 2014 09 Apr 2014 09 Apr 2014 09 Apr 2014 10 Apr 2014 08 Apr 2014 09 Apr 2014 08 Apr 2014
Bee W ar e
07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014
Bl ue CoatSyst em s
Fedor a Pr oj ect
Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed
07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014
09 Apr 2014 09 Apr 2014 08 Apr 2014 09 Apr 2014 11 Apr 2014 09 Apr 2014 07 Apr 2014
Fr eeBSD Pr oj ect
Gent oo Li nux
Googl e
I BM Cor por at i on
M andr i va S.A.
I fyou ar e a vendorand yourpr oducti s af f ect ed,l etus know. Vi ew M or e CVSSMetrics(LearnMore) Sc Gr oup Vect or or e Base Tem por al Envi r on m ent al References
6. 4 5. 3 7. 5
E: F/RL: OF/RC: C
ht t p: //secl i st s. or g/osssec/2014/q2/22 ht t p: //gi t . openssl . or g/gi t web/?p=openssl . gi t ; a=com m i t di f f ; h=96db902 ht t ps: //t ool s. i et f . or g/ht ml /r f c6520 ht t p: //www. openssl . or g/news/openssl 1. 0. 1not es. ht ml ht t p: //bl og. cr ypt ogr aphyengi neer i ng. com /2014/04/at t ackof weekopenssl hear t bl eed. ht ml ht t p: //bl og. f oxi t . com /2014/04/08/openssl hear t bl eedbugl i vebl og/ ht t ps: //www. cer t . f i /en/r epor t s/2014/vul ner abi l i t y788210. ht ml ht t ps: //code. googl e. com /p/m odspdy/i ssues/det ai l ?i d=85 ht t p: //www. expl oi t db. com /expl oi t s/32745/ ht t ps: //access. r edhat . com /secur i t y/cve/CVE20140160 ht t p: //www. ubunt u. com /usn/usn21651/ ht t p: //www. f r eshpor t s. or g/secur i t y/openssl / ht t ps: //bl og. t or pr oj ect . or g/bl og/openssl bugcve20140160 Credit
This vulnerability was reported by OpenSSL, who in turn credits Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security. This document was written by Will Dormann.
OtherInformation
CVE I Ds:CVE20140160 Dat e Publ i c:07 Apr2014 Dat e Fi r stPubl i shed:07 Apr2014 Dat e LastUpdat ed:11 Apr2014 Docum entRevi si on:125 Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
- other - remote Access Vector - no user interaction required - no authentication required - breach of confidentiality Impact - security bypass - fix provided by vendor Remediation - problem mitigation
Details
A vulnerability has been found in the heartbeat protocol implementation of TLS (Transport Layer Security) and DTLS (Datagram TLS) of OpenSSL. OpenSSL replies a requested amount upto 64kB of random memory content as a reply to a heartbeat request. Sensitive data such as message contents, user credentials, session keys and server private keys have been observed within the reply contents. More memory contents can be acquired by sending more requests. The attacks have not been observed to leave traces in application logs.
Vendor Information
OpenSSL versions from 1.0.1 to 1.0.1f. The vulnerability has been fixed in OpenSSL 1.0.1g.
Red Hat Enterprise Linux 6.5 (OpenSSL 1.0.1e) Debian Wheezy (fixed in version 1.0.1e-2+deb7u5) Ubuntu 12.04 LTS, 13.04 and 13.10 Gentoo Linux Slackware 14.0, 14.1 and current OpenBSD 5.3 ja 5.4 FreeBSD, versions 10.x NetBSD, versions 6.1 - 6.1.3 ja 6.0 - 6.0.4 DragonflyBSD 3.6 Mandriva Business Server 1
Cisco AnyConnect Secure Mobility Client for iOS Cisco Desktop Collaboration Experience DX650 Cisco Unified 7800 series IP Phones Cisco Unified 8961 IP Phone Cisco Unified 9951 IP Phone Cisco Unified 9971 IP Phone Cisco TelePresence Video Communication Server (VCS) Cisco IOS XECisco UCS B-Series (Blade) Servers Cisco UCS C-Series (Stand alone Rack) Servers Cisco Unified Communication Manager (UCM) 10.0 FortiGate FortiOS 5.0.5 ja 5.0.6 Junos OS 13.3R1 Juniper Odyssey client 5.6r5 and newer Juniper SSL VPN (IVEOS) 7.4r1 and newer Juniper SSL VPN (IVEOS) 8.0r1 and newer Juniper UAC 4.4r1 and newer Juniper UAC 5.0r1 and newer Juniper Junos Pulse (Desktop) 5.0r1 and newer Juniper Junos Pulse (Desktop) 4.0r5 and newer Juniper Network Connect (windows) versions 7.4R5 - 7.4R9.1 & 8.0R1 to 8.0R3.1 Juniper Junos Pulse (Mobile) on Android 4.2R1 and newer Juniper Junos Pulse (Mobile) on iOS 4.2R1 F5 BIG-IP LTM versions 11.5.0 - 11.5.1 F5 BIG-IP AAM versions 11.5.0 - 11.5.1 F5 BIG-IP AFM versions 11.5.0 - 11.5.1 F5 BIG-IP Analytics versions 11.5.0 - 11.5.1 F5 BIG-IP APM versions 11.5.0 - 11.5.1 F5 BIG-IP ASM versions 11.5.0 - 11.5.1 F5 BIG-IP GTM versions 11.5.0 - 11.5.1 F5 BIG-IP Link Controller 11.5.0 - 11.5.1 F5 BIG-IP PEM versions 11.5.0 - 11.5.1 F5 BIG-IP PSM versions 11.5.0 - 11.5.1 F5 BIG-IP Edge Clients for Apple iOS versions 2.0.0 - 2.0.1 ja 1.0.5 F5 BIG-IP Edge Clients for Linux versions 7080 - 7101 F5 BIG-IP Edge Clients for MAC OS X versions 7080 - 7101 ja 6035 - 7071 F5 BIG-IP Edge Clients for Windows versions 7080 - 7101 ja 6035 - 7071 OpenVPN 2.3-rc2-I001 - 2.3.2-I003 Aruba ArubaOS versions 6.3.x, 6.4.x Aruba ClearPass versions 6.1.x, 6.2.x, 6.3.x Viscosity before version 1.4.8 WatchGuard XTM ja XCS before version 11.8.3 CSP Blue Coat Content Analysis System versions 1.1.1.1 - 1.1.5.1 Blue Coat Malware Analysis Appliance version 1.1.1 Blue Coat ProxyAV versions 3.5.1.1 - 3.5.1.6
Blue Coat ProxySG versions 6.5.1.1 - 6.5.3.5 Blue Coat SSL Visibility 3.7.0 Jolla F-Secure F-Secure Messaging Secure Gateway 7.5 F-Secure Protection Service for Email 7.5 F-Secure Anti-Theft Portal
Remediation
Patch the vulnerable software components according to the guidance published by the vendor. Restart affected services after the update. The vulnerability can be mitigated by disabling the affected components. This can be done by compiling OpenSSL with the configuration option -DNO_OPENSSL_HEARTBEATS.
References
Updates http://lists.centos.org/pipermail/centos-announce/2014April/020248.html http://koji.fedoraproject.org/koji/buildinfo?buildid=509741 https://www.debian.org/security/2014/dsa-2896 https://access.redhat.com/security/cve/CVE-2014-0160 http://www.ubuntu.com/usn/usn-2165-1/ http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml http://www.slackware.com/security/viewer.php?l=slackwaresecurity&y=2014&m=slackware-security.533622 http://www.openbsd.org/errata53.html#014_openssl http://www.openbsd.org/errata54.html#007_openssl http://www.freebsd.org/security/advisories/FreeBSD-SA14:06.openssl.asc http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSDSA2014-004.txt.asc http://lists.dragonflybsd.org/pipermail/commits/2014April/269894.html
o o o o o o o o o o o o
o o o o o o o o o o o o
http://www.mandriva.com/en/support/security/advisories/mbs1/ MDVSA-2014:067/ http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10 623 http://tools.cisco.com/security/center/content/CiscoSecurityAdvi sory/cisco-sa-20140409-heartbleed https://supportcenter.checkpoint.com/supportcenter/portal?even tSubmit_dogoviewsolutiondetails=&solutionid=sk100173 http://support.f5.com/kb/enus/solutions/public/15000/100/sol15159.html https://community.openvpn.net/openvpn/wiki/heartbleed http://www.arubanetworks.com/support/alerts/aid-040814.asc https://www.sparklabs.com/viscosity/releasenotes/ http://watchguardsecuritycenter.com/2014/04/08/theheartbleed-openssl-vulnerability-patch-openssl-asap/ http://kb.bluecoat.com/index?page=content&id=SA79 https://together.jolla.com/question/38508/release-notes-software-version-10516paarlampi/ http://www.f-secure.com/en/web/labs_global/fsc-2014-1
Contact Information
NCSC-FI Vulnerability Coordination can be contacted as follows: Email: vulncoord@ficora.fi Please quote the advisory reference [FICORA #788210] in the subject line Telephone: +358 295 390 230 Monday - Friday 08:00 - 16:15 (EEST: UTC+2) Fax : +358 295 390 270 Post: Vulnerability Coordination FICORA/CERT-FI P.O. Box 313 FI-00181 Helsinki FINLAND CERT-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at
Revision History
8 Apr 2013, 07:45 UTC: Published 10 Apr 2014, 11:07 UTC: Updated vendor list and references 10 Apr 2014, 12:12 UTC: Removed erroneously added CheckPoint products from listing 10 Apr 2014, 13:27 UTC: Fixed affected FreeBSD versions 11 Apr 2014, 17:27 UTC: Update vendor list and references (Jolla, F-Secure)
Beschreibung
Durch einen Fehler in OpenSSL knnen Angreifer Teile des Hauptspeichers eines betroffenen Systems (in Schritten von 64kB) lesen. Dadurch ist es den Angreifern mglich, an diverse Informationen, unter Umstnden inklusive der "Private" Keys/X.509 Zertifikate, zu gelangen. Eine ausfhrliche Beschreibung des Problems findet sich auf http://heartbleed.com/ (englisch). Eintrag in der CVE-Datenbank: CVE-2014-0160.
Auswirkungen
Da davon auszugehen ist, dass Angreifer ber die Private Keys von mit verwundbaren OpenSSLVersionen gesicherten Services verfgen, sind prinzipiell alle ber solche Services bermittelten Informationen als kompromittiert zu betrachten. Falls die Services mit "Perfect Forward Secrecy" konfiguriert sind, knnen Angreifer allerdings nicht Informationen aus in der Vergangenheit mitprotokollierten Sitzungen entschlsseln. Aktuell bertragene Informationen sind trotzdem betroffen.
Betroffene Systeme
Der Fehler betrifft alle OpenSSL Versionen von 1.0.1 bis inklusive 1.0.1f, die erste verwundbare Version 1.0.1 wurde am 14. Mrz 2012 verffentlicht. Das sind beispielsweise Systeme mit folgenden Betriebssystem-Versionen (Achtung, Liste ist nicht vollstndig):
Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c) NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c)
Update 10. April 2014 Wir mchten hier auch nochmals ausdrcklich darauf hinweisen, dass dieses Problem nicht nur Webserver/Webseiten betrifft, sondern alle Software die auf OpenSSL aufsetzt und TLS verwendet. Aber natrlich sind auch alle Systeme/Services betroffen, auf denen eigens kompilierte/installierte Versionen von OpenSSL eingesetzt werden. Auch Installationen von zB "SSL-VPN"-Services knnen betroffen sein. Nicht betroffen sind:
Systeme, auf denen OpenSSL 0.9.x eingesetzt wird weiters Installationen von OpenSSL, in denen die "Heartbeat"-Funktion durch einen entsprechende Parameter (-DOPENSSL_NO_HEARTBEATS) beim Kompilieren ausgeschaltet wurde Update 10. April 2014: OpenSSH ist nicht betroffen, da es zwar OpenSSL aber nicht TLS (und damit auch nicht die verwundbare "Heartbeat"-Extension) verwendet
Abhilfe
Es wird dringend empfohlen, die von den Betriebssystemen bereitgestellten Patches zu installieren. Wo dies nicht mglich ist, sollten betroffene OpenSSL-Versionen so konfiguriert werden, dass die "Heartbeat"-Funktion nicht untersttzt wird (Parameter DOPENSSL_NO_HEARTBEATS beim Kompilieren). Weiters sind alle Private Keys als kompromittiert zu betrachten, und es sollten nach Einspielen entsprechender Patches neue erzeugt, und gegebenenfalls bei den genutzten Certificate Authorities zur Signierung vorgelegt, werden. Wie zB Heise Security formuliert: Auerdem besteht natrlich die Gefahr, dass Angreifer mit guten technischen Ressourcen den Fehler bereits kannten und massenhaft Schlssel geklaut haben. Auch sollten die "alten" Keys fr ungltig erklrt (revoked) werden. Fr Firmenumgebungen mit IDS/IPS-Installationen sind auch bereits erste Signaturen erhltlich, mit denen Versuche dieses Problem auszunutzen, erkannt werden knnen. Da dies aber nicht retroaktiv mglich ist, sind auch dort alle Private Keys als kompromittiert zu betrachten. Update (2014-04-10): Benutzer von Linux-Systemen mit iptables knnen ein Ausnutzen dieser Lcke mit entsprechenden Rules (wie unter http://www.securityfocus.com/archive/1/531779 beschrieben) verhindern bzw. erkennen. Auch Endbenutzer sollten ihre Systeme auf Verwendung von verwundbaren OpenSSLVersionen berprfen, dies betrifft auch besonders Benutzer von mobilen Gerten wie Smartphones/Tablets. Update (2014-04-10): Ob die eigenen Services betroffen sind, lsst sich beispielsweise mit folgenden Methoden herausfinden:
Online-Test: http://filippo.io/Heartbleed/ o Der Code zu diesem Online-Test ist auch fr eigene Benutzung verfgbar: https://github.com/FiloSottile/Heartbleed Plugin fr den bekannten Security-Scanner nmap: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
Alle diese Tests knnen natrlich ein Patchen/Umkonfigurieren/Schtzen der eigenen Systeme nicht ersetzen - Falscheinschtzungen sind auch hier mglich.
Hinweis
Generell empfiehlt CERT.at, wo mglich die "automatisches Update"-Features von Software zu nutzen, parallel Firewall-Software aktiv und den Virenschutz aktuell zu halten. Informationsquelle(n): OpenSSL Security Advisory (englisch)
https://www.openssl.org/news/secadv_20140407.txt Detaillierte Beschreibung des Problems (englisch) http://heartbleed.com/ Debian Security Advisory DSA-2896-1 (englisch) https://www.debian.org/security/2014/dsa-2896 Redhat Security Advisory RHSA-2014:0376-1 (englisch) https://rhn.redhat.com/errata/RHSA-2014-0376.html Meldung bei Heise Security (deutsch) http://www.heise.de/security/meldung/Der-GAU-fuer-Verschluesselung-im-Web-Horror-Bug-inOpenSSL-2165517.html
1. Over vi ew 2. Recom m endat i ons 3. How t ot estyourTLS/SSL ser ver ? 4. Det ect i ng OpenSSL Hear t bl eed wi t h NI DS 5. Ar et he ser vi ces l i ke SM TP,XM PP,I M AP,SSL VPN usi ng TLS af f ect ed? 6. Ar e OpenSSL cl i ent s vul ner abl et oo? 7. W hatar et he unaf f ect ed sof t war e orpr ot ocol s by CVE20140160? 8. Ref er ences 9. Cont act 10. Cl assi f i cat i on oft hi s docum ent 11.Revi si on
You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.
Overview
OpenSSL software is vulnerable to memory leakage to the connected client or server. In other words, anyone can remotely retrieve sensitive information (e.g. secret keys, passwords, confidential document) from the memory of the remote servers without leaving traces. This is a critical vulnerability and you must patch your OpenSSL software as soon as possible. OpenSSL version 1.0.1 and 1.0.2-beta releases are affected by this vulnerability including 1.0.1f and 1.0.2-beta1. Prior version are not vulnerable to this vulnerability. After patching, all sensitive information need to be evaluated especially private keys or credentials. We recommend, at least, to regenerate the X.509 key materials and do an impact assessment on the potentially leaked information.
Recommendations
You should apply the OpenSSL updates provided by the software distributors:
Ubunt u USN21651:OpenSSL vul ner abi l i t i es Ubunt u CVE20140160 det ai l ed i nf or m at i on perr el ease Debi an DSA28961 openssl secur i t y updat e Red HatRHSA2014: 03761 Red HatEnt er pr i se Li nux 6 Red HatRHSA2014: 03771 Red HatSt or age Nat i ve Cl i entf orRed Hat Ent er pr i se Li nux Cent OS 6 CVE20140160 Cent OS 6 opensslhear t bl eed wor kar ound Gent oo gl sa20140407 OpenSSL:I nf or m at i on Di scl osur e Novel l /Suse SUSE Li nux Ent er pr i se Ser ver11 and ol derver si ons wi t h openssl0. 9. 8 ar e notaf f ect ed.Onl y openSUSE 12. 3 and 13. 1 ar e shi ppi ng af f ect ed ver si ons cur r ent l y. Torcom ponent s af f ect ed by OpenSSL bug CVE20140160 m od_spdy bi nar y bugf i xr el ease ( v0. 9. 4. 2) st unnelOpenSSL DLLs updat ed t o ver si on 1. 0. 1g.Thi s ver si on m i t i gat es TLS hear t beatr ead over r un ( CVE20140160) Fedor a 19 Updat e:openssl 1. 0. 1e37. f c19. 1 Fedor a 20 Updat e:openssl 1. 0. 1e37. f c20. 1 Fr eeBSDSA14: 06. opensslOpenSSL m ul t i pl e vul ner abi l i t i es OpenBSD 5. 5 er r at a 2,Apr8,2014 OpenBSD 5. 4 er r at a 7,Apr8,2014 OpenBSD 5. 3 er r at a 14,Apr8,2014 Fr eeRADI US ver si on 2 and Ver si on 3 ofFr eeRADI US ar e vul ner abl et ot he at t ack OpenVPN Access Ser ver1. 8. 4 > 2. 0. 5
Its important to note that some distributions use their own version numbering scheme for the OpenSSL package. If the distribution backports functionalities from OpenSSL into older versions, you might be vulnerable too. You may not have realized that Canonical changed its policy regarding the support length of non-LTS releases. The first release concerned by the new policy is Ubunty 13.04 (Raring Ringtail) and do not receive any support since 2014-01-27, which means that all the running instances you might have are vulnerable to Heartbeat and will not be patched. The procedure to update Ubuntu 13.04 by recompiling OpenSSL is the following:
apt-get build-dep openssl apt-get source openssl cd openssl-1.0.1c/ vi Configure add -DOPENSSL_NO_HEARTBEATS to $debian_cflags (line 109) dpkg-buildpackage -uc -b cd .. Look at the installed openssl packages: dpkg -l | grep -w 'libssl\|openssl' Install the required packages with dpkg: dpkg -i *.deb
If you cannot upgrade your OpenSSL directly, you can recompile your OpenSSL with the DOPENSSL_NO_HEARTBEATS option to disable the feature having the vulnerability. Dont forget to restart your services and ensure that the adequate libraries are loaded. All the services you will see by running this command are still using the old and vulnerable library and have to be restarted:
lsof -n | grep DEL | grep libssl
To verify which running processes/binaries use OpenSSL, you can do the following:
lsof | grep libssl
Det ect i ng OpenSSL Hear t bl eed wi t h Sur i cat a I ndi cat orofCom pr om i se t o det ectsuccessf ulexpl oi t at i on wi t h Snor t
Are the services like SMTP, XMPP, IMAP, SSL VPN using TLS affected?
If the service is using TLS/SSL and relies on vulnerable OpenSSL with the heartbeat extension, the service is probably vulnerable to data leakage. You should contact your software vendor as soon as possible to get a fix. Dont forget to renew credentials and cryptographic key materials that might have leaked in that context. The vulnerability is not limited to HTTP over TLS but applicable to all protocols relying on TLS.
OpenSSH and SSH i s notvul ner abl et o CVE20140160.OpenSSH r el i es on som e cr ypt ogr aphi cf unct i ons f r om OpenSSL butnott he TLS par t .The SSH pr ot ocolcont ai ns i t s own keepal i ve pr ot ocoland doesn tr el y on TLS.
References
CVE20140160 The ( 1)TLS and ( 2)DTLS i m pl em ent at i ons i n OpenSSL 1. 0. 1 bef or e 1. 0. 1g do notpr oper l y handl e Hear t bear tExt ensi on packet s The Hear t bl eed Bug OpenSSL Secur i t y Advi sor y -TLS hear t beatr ead over r un ( CVE20140160) Di agnosi s oft he OpenSSL Hear t bl eed Bug
Contact
If you have any question about this vulnerability, feel free to contact us.
Revision
Ver si on 1. 3 Apr i l10,2014 Cl i entsi de vul ner abi l i t y added ( TLP: W HI TE) Ver si on 1. 2 Apr i l9,2014 I nf or m at i on aboutaddi t i onalsof t war e vul ner abl e added ( TLP: W HI TE) Ver si on 1. 1 Apr i l8,2014 I ni t i alver si on ( TLP: W HI TE)
Gestion du document
Tableau 1: Gestion du document Rfrence Titre CERTFR-2014-ALE-003 Vulnrabilit dans OpenSSL
Date de la premire version 08 avril 2014 Date de la dernire version Source(s) Pice(s) jointe(s) Bulletin de scurit OpenSSL du 07 avril 2014 Aucune
1 - Risque(s)
2 - Systmes affect(s)
3 - Rsum
Une vulnrabilit a t dcouverte dans OpenSSL. Elle permet un attaquant de provoquer un contournement de la politique de scurit et une atteinte la confidentialit des donnes.
4 - Recommandations
Un correctif d'OpenSSL est disponible. Le CERT-FR recommande de mettre jour les installations d'OpenSSL vulnrables. De plus, il est ncessaire de relancer les services susceptibles d'employer une ancienne version de la bibliothque (notamment les serveurs Web et de messagerie lectronique). Aprs mise jour d'OpenSSL, pour dterminer les services redmarrer, il est possible d'employer sous Linux la commande ci-aprs : lsof | grep libssl | grep DEL Nanmoins, cette commande ne permet pas de reprer les ventuels services compils avec OpenSSL en statique. Il est galement recommand, en cas de suspicion de compromission, de rvoquer les certificats utiliss et de gnrer de nouvelles cls de chiffrement. De plus, les hbergeurs de services potentiellement compromis sont encourags demander leurs utilisateurs de mettre jour leurs mots de passe.
5 - Documentation
Description de la vulnrabilit
http://heartbleed.com/
Avis du CERT-FR
http://www.cert.ssi.gouv.fr/site/CERTFR-2014-AVI-156/
CERT-FR 2014-04-10
OpenSSL
JPCERT-AT-2014-0013 JPCERT/CC 2014-04-08() 2014-04-11() <<< JPCERT/CC Alert 2014-04-08 >>> OpenSSL https://www.jpcert.or.jp/at/2014/at140013.html
I. OpenSSL Project OpenSSL heartbeat OpenSSL OpenSSL Project OpenSSL Project OpenSSL Security Advisory [07 Apr 2014] - TLS heartbeat read overrun (CVE-2014-0160) https://www.openssl.org/news/secadv_20140407.txt *** : 20140411 ***************************************** III. **********************************************************************
II.
- OpenSSL 1.0.1 1.0.1f - OpenSSL 1.0.2-beta 1.0.2-beta1 *** : 20140411 ***************************************** OpenSSL **********************************************************************
III. OpenSSL Project OpenSSL OpenSSL 1.0.2-beta 201448 - OpenSSL 1.0.1g Tarballs http://www.openssl.org/source/ - -DOPENSSL_NO_HEARTBEATS OpenSSL OpenSSL USN-2165-1: OpenSSL vulnerabilities http://www.ubuntu.com/usn/usn-2165-1/ Important: openssl security update https://rhn.redhat.com/errata/RHSA-2014-0376.html Debian Security Advisory DSA-2896-1 openssl -- security update http://www.debian.org/security/2014/dsa-2896 *** : 20140411 ***************************************** OpenSSL **********************************************************************
*** : 20140411 ***************************************** CERT/CC Vulnerability Note VU#720951 OpenSSL heartbeat information disclosure https://www.kb.cert.org/vuls/id/720951 (IPA) OpenSSL (CVE-2014-0160) https://www.ipa.go.jp/security/ciadr/vul/20140408-openssl.html @Police OpenSSL https://www.npa.go.jp/cyberpolice/detect/pdf/20140410.pdf **********************************************************************
________ 2014-04-08 2014-04-11 I. II. III. IV. ====================================================================== JPCERT (JPCERT/CC) MAIL: info@jpcert.or.jp TEL:03-3518-4600 FAX: 03-3518-4602 https://www.jpcert.or.jp/
Top
59
<<
Det finns ett antal sjlvtestverktyg upplagda p ntet nu. CERT-SE vet inte vem som str bakom dessa och hur effektiva de r. Har ni har behov av att testa era system och bedmer den eventuella risken med att testsajten kartlgger era srbarheter som godtagbar s kan ni anvnda fljande: https://www.ssllabs.com/ssltest/ http://possible.lv/tools/hb/ Och hr r en lnk till ett skript som ocks testar fr srbarheten, med ppen kod som ni kan verifiera sjlva https://github.com/titanous/heartbleeder NCSC-FI har skapat en uppdaterad lista ver leverantrer eller produkter som r drabbade: https://www.cert.fi/en/reports/2014/vulnerability788210.html SANS ISC har gjort detsamma: https://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929
Senaste nyheter
Fr att hitta ldre nyheter anvnd Nyhetsarkivet eller vr skfunktion. 2014-04-11 15:38
CERTSE:sveckobrevv.15 Bl andade i nsl ag f r n veckan som gt t .M ed t anke p m edi aexponer i ngen av Hear t bl eed s harvim i ni m er atant al etsdana l nkariveckobr evet .
2014-04-10 13:58
Adobeuppdaterarflashplayer Adobe haruppdat er atf l ashpl ayert i l lver si on 13. 0. 0. 182 f rwi ndows sam t
2014-04-08 21:39
ChromeUppdaterad Nu harGoogl e chr om e t eam etsl pptsi n chr om e ver si on 34 som r t t art i l l Pr enum er er a p RSS/At om
avlytte kommunikasjon stjele data direkte fra tjenestene og brukere utgi seg for tjenester og brukere.
Srbarheten tillater angriper hente ut deler p 64KB fra minnet til server eller klient som kjrer den srbare versjonen av OpenSSL. Denne metoden kan repeteres, dette vil si at man teoretisk kan dumpe minnet rundt prosessen, samt all trafikk som gr gjennom TLS-tunellen.
Test-utnyttelser av denne srbarheten tilsier at det vil vre mulig for angriper omg alle TLSbeskyttelsesmekanismer. Tidligere utnyttelse av denne srbarheten ser ikke ut til kunne avdekkes, fordi denne type trafikk ikke loggfres. Srbare versjoner: OpenSSL 1.0.1 til og med 1.0.1f er srbar. Versjon 1.0.1 ble utgitt i 2012. Srbarheten er fikset i versjon 1.0.1g som ble utgitt 7. april 2014. Versjoner eldre enn 1.0.1 er ikke srbare. Kjente distribusjoner og pakkeversjoner som har denne srbarheten inkluderer:
Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) og 5.4 (OpenSSL 1.0.1c 10 May 012) FreeBSD 8.4 (OpenSSL 1.0.1e) og 9.1 (OpenSSL 1.0.1c) NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c)
sjekke om det finnes oppdaterte pakker til deres system oppdatere om ndvendig Man kan kompilere OpenSSL uten heartbeat-extension.
Vi anbefaler ogs at tjenesteleverandrer som har srbarheten, og som har kunder med innloggingstjenester p den ene eller andre mten, oppdaterer, varsler brukerne, og anbefaler bytte av passord. For privatpersoner:
Det er viktig at du oppdaterer programvaren p PC-en din umiddelbart nr du fr varsel om dette. Ikke utsett - gjr det n. Ha et bevisst forhold til hvilke passord du bruker - n som alltid.
Er du i tvil, spr de tjenesteleverandrer du bruker, og hr p hva slags eventuelle beskjeder du fr fra dem.
NSM NorCERT er ikke kjent med at denne srbarheten utnyttes "in-the-wild", men dette kan ikke utelukkes. Se veileder fra Difi for hvordan offentlige virksomheter kan gjre egne vurderinger og hndtere srbarheten. Se informasjon fra NorSIS om srbarheten. Se fire effektive tiltak mot dataangrep fra NSM. Mer informasjon om Heartbleed, hvordan feilen fungerer og kan stoppes, samt en omfattende liste med Sprsml og svar finnes p heartbleed.com. Her anbefales det revokere nkler forbundet med servere med OpenSSL installert.
Deze ernstige kwetsbaarheid kan worden weggenomen door de server of het andere apparaat te upgraden naar een versie van OpenSSL die niet kwetsbaar is. Daarnaast is het raadzaam certificaten en de bijbehorende geheime sleutels te vervangen als deze op een kwetsbare server of ander apparaat gebruikt zijn. Versie 1.1 - update - Niet alleen servers, ook andere apparaten die OpenSSL gebruiken zijn kwetsbaar. - Een aanval is alleen te zien in het netwerkverkeer, niet in de serverlogs. - Het 'rekeyen' van certificaten is een goed en mogelijk goedkoper alternatief voor het aanschaffen van nieuwe certificaten.
Download
FactsheetHeartbleed:ErnstigekwetsbaarheidinOpenSSL
PDF, klik op de titel om te openen | 276,08 kB
OpenSSL Vulnerability
Number: AV14-017 Date: 8 April 2014
Purpose
The purpose of this advisory is to bring attention to a vulnerability in OpenSSL which can be used to expose private data to an attacker.
Assessment
CCIRC is aware of a vulnerability in OpenSSL that could expose private data to a remote, unauthenticated attacker through an incorrect memory handling function in the TLS heartbeat extension. This could allow a remote attacker to decrypt secure traffic and expose credentials and secret keys. OpenSSL is a popular application commonly used in web browsing, emails and instant messaging to provide security and privacy. CVE Reference: CVE-2014-0160 CVSS Score: 9.4
Suggested action
CCIRC recommends that system administrators test and deploy the vendor released updates to affected platforms accordingly. For clients unable to immediately upgrade can consider disabling OpenSSL Heartbeat support.
References
OpenSSL news: http://www.openssl.org/news/secadv_20140407.txt OpenSSL version 1.0.1g: http://www.openssl.org/source/ Affected platforms and patch availability: http://www.kb.cert.org/vuls/id/720951 Heartbleed: http://heartbleed.com/
Note to Readers
The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident. For general information, please contact Public Safety Canada's Public Affairs division at: Telephone: 613-944-4875 or 1-800-830-3118 Fax: 613-998-9589 E-mail: communications@ps-sp.gc.ca Date modified 2014-04-08
J s esat e i a:Pr adi a / Dokum ent ai/ Hear t bl eed OpenSSL paei di am um as
Paeidiamoperacinisistemsraas
o o o o o o o o
Debi an W heezy ( st abl e) ,OpenSSL 1. 0. 1e2+deb7u4 Ubunt u 12. 04. 4 LTS,OpenSSL 1. 0. 14ubunt u5. 11 Cent OS 6. 5,OpenSSL 1. 0. 1e15 Fedor a 18,OpenSSL 1. 0. 1e4 OpenBSD 5. 3( OpenSSL 1. 0. 1c 10 M ay 2012)and 5. 4( OpenSSL 1. 0. 1c 10 M ay 2012) Fr eeBSD 10. 0 -OpenSSL 1. 0. 1e 11 Feb 2013 Net BSD 5. 0. 2( OpenSSL 1. 0. 1e) OpenSUSE 12. 2( OpenSSL 1. 0. 1c)
Kaippasitikrinti
Kaip jau minta paeidiamos OpenSSL versijos yra 1.0.1 ir 1.0.2-beta, skaitant ir 1.0.1f bei 1.0.2-beta1. Senesns ir naujesns akos nra paeidiamos. Pasitikrinti OpenSSL versij galima "openssl" komanda, pvz:
-user@host (~) $ openssl version OpenSSL 1.0.1c 10 May 2012
1. 0. 1c ver si j a yr a nesaugi ,nes j iyr a ankst esn neivi r uj em i n t a 1. 0. 1f , t od lpasl augos,naudoj an i os i bi bl i ot ek ,yr a paei di am os. OpenSSL paket pat i kr i ni m ui ,pr i kl ausom ainuo oper aci n s si st em os,gal i b t inaudoj am os t oki os kom andos ( Red Hati rDebi an t i po paket si st em om s) :
rpm -q openssl dpkg-query -W openssl
Patikrinti vieai prieinam paslaug taip pat galite naudodami puslap: http://filippo.io/Heartbleed/
Sistemosatnaujinimas
Dauguma populiari operacini sistem jau ileido OpenSSL pataisas, todl rekomenduojama atsinaujinti standartiniais bdais. Po sistemos atnaujinimo reikt:
1. Darkar t a pat i kr i nt iOpenSSL ver si ji r si t i ki nt i ,kad vi skas vyko skl andi ai . 2. Per l ei st ivi sas OpenSSL naudoj an i as pasl augas,kad b t pr ad t a naudot i nauj a bi bl i ot ekos ver si j a( senoj ipo at nauj i ni m o dargal il i kt iat mi nt yj e) . Papr as i ausi as b das b t t i esi og per kr aut ioper aci n si st em . 3. ver t i nus gal i m aiat skl ei st duom en r i zi k i nauj o susi gener uot i pr i va i us r akt us beiser t i f i kat us,o senus at aukt i /panai ki nt i ,kai p buvo mi n t a vi r uj e.
Nuorodos
http://heartbleed.com/ - originalus altinis https://www.openssl.org/news/secadv_20140407.txt - OpenSSL praneimas http://www.ubuntu.com/usn/usn-2165-1/ - Ubuntu praneimas
http://heartbleed.honeynet.org.my
If your version of OpenSSL is affected by this vulnerability, you may refer to the below recommendations: 3.1 Apply an update This vulnerability issue is addressed in OpenSSL 1.0.1g. User may contact their respective software vendor to check for availability of updates.
3.2 Disable OpenSSL heartbeat support Another recommendation is to recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the chanages to take effect. End users may contact their respective software vendor to recompile the OpenSSL. MyCERT generally advise users of this product to keep themselves updated with the latest security announcements by the vendor. If users have any enquiries on this matter, please reach us through the following channels: E-mail : cyber999@cybersecurity.my Phone : 1-300-88-2999 (monitored during business hours) Fax : +603 89453442 Handphone : +60 19 2665850 (24x7 on call incident reporting) SMS : CYBER999 REPORT to 15888 Business Hours : Mon - Fri 09:00 -18:00 MYT Web: http://www.mycert.org.my 4.0 Reference
Fecha de Li ber aci n:9Abr 2014 Ul t i m a Revi si n:9Abr 2014 Fuent e: Ri esgo Cr t i co Pr obl em a de Vul ner abi l i dad Rem ot o Ti po de Vul ner abi l i dad Val i daci n i napr opi ada SistemasAfectados O 1. 0.
penSSL O penSSL
1 1. 0. 1f
Ll aves pr i vadas Nom br es de usuar i o y cont r aseas Ot r os dat os sensi bl es ut i l i zados en l os ser vi ci os que ut i l i cen l a bi bl i ot eca vul ner abl e de OpenSSL
Es importante tener en cuenta que OpenSSL se utiliza en diversos servicios como mecanismo para cifrar el medio de comunicacin, por ejemplo:
o o o o
W eb ( ht t ps) Cor r eo el ect r ni co ( i m aps,pops,sm t ps) Ser vi ci os de di r ect or i o( l daps) Redes Pr i vadas Vi r t ual es ( VPN)
2. Impacto
Esta falla permite a un atacante acceder desde un sitio remoto a memoria privada de una aplicacin que utiliza la biblioteca OpenSSL vulnerable en bloques de 64k.
3. Solucin
Act ual i zara l a ver si n OpenSSL 1. 0. 1g que cor r i ge est e vul ner abi l i dad.Todas l as l l aves gener adas con una ver si n vul ner abl e de OpenSSL deber an consi der ar se com pr om et i das,por
l o que deber an sergener adas e i nst al adas nuevam ent e,una vez que elpar che haya si do apl i cado. o Recom pi l arl os bi nar i os y bi bl i ot ecas de OpenSSL con l a opci n DOPENSSL_NO_HEARTBEATS par a no i ncl ui rl af unci onal i dad af ect ada. o Se r ecom i enda consi der arl ai m pl em ent aci n de Per f ectFor war d Secr ecy par am i t i gareldao que podr a pr ovocarl ar evel aci n de l l aves pr i vadas. 4. Verificacin
Para identificar si un sitio es vulnerable, pueden utilizarse las siguientes herramientas:
o o
ht t p: //hear t bl eed. f i l i ppo. i o/ -W eb ht t p: //f oxi t secur i t y. f i l es. wor dpr ess. com /2014/04/f ox_hear t bl eed t est . zi p -L nea de com andos
5. Referencias
o o o o
The Hear t bl eed Bug -ht t p: //hear t bl eed. com / OpenSSL Secur i t y Advi sor yht t ps: //www. openssl . or g/news/secadv_20140407. t xt USCERT OpenSSL ' Hear t bl eed'vul ner abi l i t y -ht t p: //www. uscer t . gov/ncas/al er t s/TA14098A RFC2409 Sect i on 8 Per f ectFor war d Secr ecy ht t p: //t ool s. i et f . or g/ht ml /r f c2409#sect i on8
La Subdireccin de Seguridad de la Informacin/UNAM-CERT agradece el apoyo en la elaboracin traduccin y revisin de ste Documento a:
UNAM-CERT Equipo de Respuesta a Incidentes UNAM Subdireccin de Seguridad de la Informacin incidentes at seguridad.unam.mx phishing at seguridad.unam.mx http://www.cert.org.mx http://www.seguridad.unam.mx
Published on Wednesday, 09 April 2014 13:05 [ Background ] A serious bug has been discovered in OpenSSL, a cryptographic software library. A bug was discovered in OpenSSL which could lead to unauthorised access to confidential data. Some examples of information that could be stolen include secret keys for the X.509 certificates, usernames and passwords. [ Affected Software ]
All versions of OpenSSL 1.0.1 prior to 1.0.1g All versions of OpenSSL 1.0.2-beta prior to 1.0.2-beta2
[ Recommendations ] For Website Owners Upgrade OpenSSL to to OpenSSL 1.0.1g (for websites using OpenSSL 1.0.1) or OpenSSL 1.0.2beta2 (for websites using OpenSSL 1.0.2-beta) immediately. If upgrading OpenSSL is not possible, website owners are to recompile OpenSSL using DOPENSSL_NO_HEARTBEATS switch. Website owners should also check with their IDS/IPS vendors if signatures are available to detect/block such attacks. For End Users Users are advised to heed the instructions of your service providers (e.g. email) or ISPs if contacted to take precautionary or remediation actions.
[ References ]