Vulnerability Note VU#720951

OpenSSL TLS heartbeat extension read overflow discloses sensitive information

Original Release date: 07 Apr 2014 | Last revised: 27 May 2014

Overview

OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed."

Description

OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2 beta through 1.0.2-beta1 contain a flaw in its implementation of the TLS/DTLS heartbeat functionality (RFC6520). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of up to 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to increase the chances that a leaked chunk contains the intended secrets. The sensitive information that may be retrieved using this vulnerability include:

  • Primary key material (secret keys)
  • Secondary key material (user names and passwords used by vulnerable services)
  • Protected content (sensitive data used by vulnerable services)
  • Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)

Please see the Heartbleed website for more details. Exploit code for this vulnerability is publicly available. Any service that supports STARTTLS (imap,smtp,http,pop) may also be affected.

Impact

By attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.

Solution

Apply an update

This issue is addressed in OpenSSL 1.0.1g. Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items. Old keys should be revoked.

Reports indicate that the use of mod_spdy can prevent the updated OpenSSL library from being utilized, as mod_spdy uses its own copy of OpenSSL. Please see https://code.google.com/p/mod-spdy/issues/detail?id=85 for more details.

Disable OpenSSL heartbeat support

This issue can be addressed by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the changes to take effect.

Use Perfect Forward Secrecy (PFS)

PFS can help minimize the damage in the case of a secret key leak by making it more difficult to decrypt already-captured network traffic. However, if a ticket key is leaked, then any sessions that use that ticket could be compromised. Ticket keys may only be regenerated when a web server is restarted.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
AmazonAffected-09 Apr 2014
Arch LinuxAffected-15 Apr 2014
Aruba Networks, Inc.Affected-09 Apr 2014
AttachmateAffected-29 Apr 2014
Bee WareAffected-09 Apr 2014
Blue Coat SystemsAffected07 Apr 201409 Apr 2014
CA TechnologiesAffected07 Apr 201425 Apr 2014
Cisco Systems, Inc.Affected07 Apr 201410 Apr 2014
Debian GNU/LinuxAffected07 Apr 201408 Apr 2014
Extreme NetworksAffected07 Apr 201416 Apr 2014
F5 Networks, Inc.Affected07 Apr 201409 Apr 2014
Fedora ProjectAffected07 Apr 201408 Apr 2014
Fortinet, Inc.Affected07 Apr 201409 Apr 2014
FreeBSD ProjectAffected07 Apr 201409 Apr 2014
Gentoo LinuxAffected07 Apr 201408 Apr 2014
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N
Temporal 4.1 E:F/RL:OF/RC:C
Environmental 6.5 CDP:LM/TD:H/CR:H/IR:H/AR:ND

References

Credit

This vulnerability was reported by OpenSSL, who in turn credits Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2014-0160
  • Date Public: 07 Apr 2014
  • Date First Published: 07 Apr 2014
  • Date Last Updated: 27 May 2014
  • Document Revision: 173

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.