Wednesday, April 9, 2014

The Heartbleed Bug


The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected by the SSL encryption used to secure the Internet. SSL provides security and privacy for applications such as web, email, instant messaging (IM) and virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the user names and passwords, instant messages, emails and business critical documents and communication protected by the vulnerable versions of the OpenSSL software. It compromises the secret keys used to identify the service providers and to encrypt the traffic. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. 

Operating system distributions that have shipped with the vulnerable OpenSSL version:
Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) 
OpenBSD 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions that are not vulnerable:
Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
SUSE Linux Enterprise Server
FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)

This was published as a follow-up to the OpenSSL advisory on 7th of April 2014. 

The OpenSSL project has made a statement at
https://www.openssl.org/news/secadv_20140407.txt.

NCSC-FI published an advisory at
https://www.cert.fi/en/reports/2014/vulnerability788210.html. 

Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.

References:
CVE-2014-0160
NCSC-FI case# 788210
http://www.openssl.org/news/secadv_20140407.txt 
(published 7th of April 2014, ~17:30 UTC)
http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities 
(published 7th of April 2014, ~18:00 UTC)
http://heartbleed.com
(published 7th of April 2014, ~19:00 UTC)
http://www.ubuntu.com/usn/usn-2165-1/
http://www.freshports.org/security/openssl/
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://rhn.redhat.com/errata/RHSA-2014-0376.html
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html
http://www.kb.cert.org/vuls/id/720951
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://www.cert.at/warnings/all/20140408.html
http://www.circl.lu/pub/tr-21/


OpenSSL released an bug advisory about a 64kb memory leak patch in their library. The bug has been assigned CVE-2014-0160 TLS heartbeat read overrun.

According to OpenSSL, the heartbeat extension was introduced in March 2012 with the release of version 1.0.1 of OpenSSL. This implies that the vulnerability has been around for just over 2 years. This is a very serious vulnerability that will allow protected information to be stolen even with the use of SSL/TLS encryption.

Since the announcement, there has been buzz around the underground and malicious actors have been actively leaking software library data and using one of the several provided PoC code to attack the massive amount of services available on the internet. Only versions 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. The targets are mostly port 443. With this, an attacker is able to leak previously allocated data. This can and does include plaintext credentials, session cookies, private keys (to arbitrarily decrypt SSL/TLS communication), and more. OpenSSH does not seem to be susceptible to the vulnerability as OpenSSL is used for key generation, but not communication.

Heartbleed.com mentions a web based tool and a couple of scripts for testing to see if you are vulnerable to this latest exploit:

A Python script to test for the vulnerability from the command line. If you want to scan multiple sites, you can use a modified version with easily parseable output. This post has done an excellent job explaining, in code, exactly what has happened and what the vulnerability is. Now, as an attacker with simple PoC, this is what we are able to do:

1. while [ 1 ]; do python poc.py server.com 443; done
2. ngrep -i "password_field_value" -d any host victim.org and port 443 -q

This allows us to spam the PoC for recently allocated data and use ngrep to grab the field in which passwords are being sent across. Using these two commands, we have been able to grab a large amount of passwords given over https as plaintext. As you can see, this breaks a large variety of web applications which include online emails (yahoo), banks, and a large variety of other targets.

One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large Linux flavors. Meaning there was a large time-window between the OpenSSL’s patch and when various flavors of Linux can provide the patch to its users base. OpenSSL.org has provided an updated version of OpenSSL (1.0.1g) here. Once you have updated to the most recent version you must then regenerate your private key(s) and SSL certificate(s). We would also recommend resetting all passwords for usernames that were used during the timeframe that you were vulnerable. We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection.

alert tcp !$HOME_NET any -> $HOME_NET 443 (msg:"SSLv3 OpenSSL Heartbeat Memory Leak"; content:"|18 03 00|"; depth:3; byte_test:2,>,199,3; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid:1006054; tag:session,5,packets; rev:1;)

alert tcp !$HOME_NET any -> $HOME_NET 443 (msg:"TLSv1 OpenSSL Heartbeat Memory Leak"; content:"|18 03 01|"; depth:3; byte_test:2,>,199,3; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid:1006055; tag:session,5,packets; rev:1;)

alert tcp !$HOME_NET any -> $HOME_NET 443 (msg:"TLSv1.1 OpenSSL Heartbeat Memory Leak"; content:"|18 03 02|"; depth:3; byte_test:2,>,199,3; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid:1006056; tag:session,5,packets; rev:1;)

alert tcp !$HOME_NET any -> $HOME_NET 443 (msg:"TLSv1.2 OpenSSL Heartbeat Memory Leak"; content:"|18 03 03|"; depth:3; byte_test:2,>,199,3; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid:1006057; tag:session,5,packets; rev:1;)


Stephen Coty, Chief Security Evangelist at Alert Logic.