Heartbleed OpenSSL vulnerability
Previous current event – v1.8 of post
This was a current event and as such the blog post was subject to change over the course of a couple of days as we performed further supplementary research and analysis.
- 1.8: Update to include Bro detection and further analysis. This is likely final public release – private analysis will now continue for clients / partners.
- 1.7: Update to include further Snort signature
- 1.6: Update to include link to Suricata detecting blog post
- 1.5: Update to include sample Snort signature to detect attempts over TLS 1.1
- 1.4: Update to show initial results from Ubuntu patch testing (12.04 LTS)
- 1.3: Updated to include advice around certificate recreation based on feedback from Ben May and further advice around session termination
- 1.2: Updated to include link to further checking tool
- 1.1: Updated to include link to checking tool
- 1.0: Initial version
The OpenSSL project released a security advisory yesterday (April 7, 2014) for a serious vulnerability which is quickly becoming known as ‘the heartbleed bug’. The vulnerability was named by a co-discover on their website heartbleed.com due to fact that the vulnerability is in the implementation of RFC6520 in OpenSSL (the Heartbeat Extension).
Versions of OpenSSL affected / not affected
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
Impact of exploitation
The impact of exploitation of this vulnerability is that memory contents that would otherwise be expected to remain private is leaked to the attacker. The server will not crash or otherwise exhibit suspicious behaviour. Successful exploitation may result in the leakage of usernames, password, web application session cookies or other sensitive information.
Recommendations to customers
NCC Group recommends that customers should in the short term:
- Identify all Internet exposed systems which support SSL as a matter of urgency including but not limited to:
- Web servers
- E-mail servers
- SSL VPNs
- VoIP servers which implement SIP-S
- It is important to include all OpenSSL protocols including those over UDP such as those which implement DTLS.
- via network interrogation or host inspection firstly confirm if the heartbeat extension is supported on these hosts.
- If the heartbeat extension is supported perform secondary analysis to identify if the host runs a vulnerable version of OpenSSL.
- For identified vulnerable hosts consider one of the following courses of short term action:
- Upgrade immediately if patches are available for the platform / device.
- Deploy and/or configure network based protective monitoring for systems which cannot be disabled until patches become available.
- Work with vendors of all affected hardware and software to ensure patches are deployed when made available.
- Consider deploying a non OpenSSL based accelerator / proxy in front of all affected hosts to cause a protocol break protecting vulnerable hosts.
- If you suspect you have been attacked prior to upgrading:
- Consider revoking and creating fresh new SSL certificate private keys.
- Invalidating all sessions within the context of any applications.
- NMAP detection:
- On-line service to verify vulnerability: http://filippo.io/Heartbleed/
- Code to above tool: https://github.com/FiloSottile/Heartbleed
- Python script to verity exploitability: http://s3.jspenguin.org/ssltest.py
Detecting with Snort – v1
The official signatures have now been released here : http://vrt-blog.snort.org/2014/04/heartbleed-memory-disclosure-upgrade.html
During the day of April 8, 2014 before they were available NCC Group’s Cyber Threat Defensive Operations group developed the following signatures.
The following signature can be used to detect the use of the ssltest.py script and maybe other using TLS 1.1. No warranty is implied or otherwise etc...
alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"Potential Heartbleed attack with ssltest.py";flow:to_server,established; content:"|18 03 02 00 03 01 40 00|"; rawbytes; isdataat:!1,relative; reference:cve,2014-0160; sid: 6000000; rev:1;)<br><br>
Please note the following caveats to this detection string:
- This will only detect ssltest.py specifically
- The attack can use TLS 1.1 or 1.2 (filippo.io uses 1.2)
Detecting with Snort - v2
We’ve developed further Snort signature that is more generic that will likely catch attempts to exploit the vulnerability that do not use the publically available script:
alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"Potential Heartbleed attack";flow:to_server,established; content:"|18 03|"; rawbytes; depth:2; byte_test:1, &, 3, 0, relative; byte_test:2, >, 200, 3, relative, big; reference:cve,2014-0160; sid: 6000001; rev:2;)<br><br>
Detecting use Suricata
Details can be found on blog.inliniac.net
Detecting with Bro
The check can be found here however it hasn’t been well tested and you need to be running the topic/bernhard/heartbeat branch.
Ubuntu 1.0.1-4ubuntu5.12 of OpenSSL resolves the issue. However it is important that if you wish to resolve this vulnerability for an Apache install that you also upgrade libssl specifically e.g. apt-get install libssl1.0.0 or you run the risk of upgrading OpenSSL but not actually resolving your exposure.
Technical Points of Interest
Neel Methta one of the original authors took to twitter to detail the risk posed to private SSL key material stating:
Neel Mehta @neelmehta
Heap allocation patterns make private key exposure unlikely for #heartbleed #dontpanic.
NCC Group research has successfully leaked for the following sensitive information in our testing:
- Session information such as cookies
- VPN protected traffic
For further information:
- Follow us on twitter @NCCGroupInfosec for notifications of updates to this page
- Read heartbleed.com
- Read the OpenSSL projects security advisory
- If you’re an existing customer please contact your account manager if you required tailored advice and consultancy
Published date: 08 April 2014
Written by: Ollie Whitehouse