Back

Ollie Whitehouse

Threat Intelligence

Vulnerability

April 8, 2014

4 mins read

Heartbleed OpenSSL vulnerability

Previous current event – v1.8 of post

This was a current event and as such the blog post was subject to change over the course of a couple of days as we performed further supplementary research and analysis.

1.8: Update to include Bro detection and further analysis. This is likely final public release – private analysis will now continue for clients / partners.
1.7: Update to include further Snort signature
1.6: Update to include link to Suricata detecting blog post
1.5: Update to include sample Snort signature to detect attempts over TLS 1.1
1.4: Update to show initial results from Ubuntu patch testing (12.04 LTS)
1.3: Updated to include advice around certificate recreation based on feedback from Ben May and further advice around session termination
1.2: Updated to include link to further checking tool
1.1: Updated to include link to checking tool
1.0: Initial version

Background

The OpenSSL project released a security advisory yesterday (April 7, 2014) for a serious vulnerability which is quickly becoming known as ‘the heartbleed bug’. The vulnerability was named by a co-discover on their website heartbleed.com due to fact that the vulnerability is in the implementation of RFC6520 in OpenSSL (the Heartbeat Extension).

Versions of OpenSSL affected / not affected

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

Impact of exploitation

The impact of exploitation of this vulnerability is that memory contents that would otherwise be expected to remain private is leaked to the attacker. The server will not crash or otherwise exhibit suspicious behaviour. Successful exploitation may result in the leakage of usernames, password, web application session cookies or other sensitive information.

Recommendations to customers

NCC Group recommends that customers should in the short term:

Identify all Internet exposed systems which support SSL as a matter of urgency including but not limited to:
- Web servers
- E-mail servers
- SSL VPNs
VoIP servers which implement SIP-S
It is important to include all OpenSSL protocols including those over UDP such as those which implement DTLS.
via network interrogation or host inspection firstly confirm if the heartbeat extension is supported on these hosts.
If the heartbeat extension is supported perform secondary analysis to identify if the host runs a vulnerable version of OpenSSL.
For identified vulnerable hosts consider one of the following courses of short term action:
- Upgrade immediately if patches are available for the platform / device.
- Deploy and/or configure network based protective monitoring for systems which cannot be disabled until patches become available.
- Work with vendors of all affected hardware and software to ensure patches are deployed when made available.
- Consider deploying a non OpenSSL based accelerator / proxy in front of all affected hosts to cause a protocol break protecting vulnerable hosts.
If you suspect you have been attacked prior to upgrading:
- Consider revoking and creating fresh new SSL certificate private keys.
- Invalidating all sessions within the context of any applications.

Tools

NMAP detection:
- https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
- http://nmap.org/nsedoc/scripts/ssl-heartbleed.html
On-line service to verify vulnerability: http://filippo.io/Heartbleed/
Code to above tool: https://github.com/FiloSottile/Heartbleed
Python script to verity exploitability: http://s3.jspenguin.org/ssltest.py

Detecting with Snort – v1

The official signatures have now been released here : http://vrt-blog.snort.org/2014/04/heartbleed-memory-disclosure-upgrade.html

During the day of April 8, 2014 before they were available NCC Group’s Cyber Threat Defensive Operations group developed the following signatures.

The following signature can be used to detect the use of the ssltest.py script and maybe other using TLS 1.1. No warranty is implied or otherwise etc...

alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"Potential Heartbleed attack with ssltest.py";flow:to_server,established; content:"|18 03 02 00 03 01 40 00|"; rawbytes; isdataat:!1,relative; reference:cve,2014-0160; sid: 6000000; rev:1;)<br><br>

Please note the following caveats to this detection string:

This will only detect ssltest.py specifically
The attack can use TLS 1.1 or 1.2 (filippo.io uses 1.2)

Detecting with Snort - v2

We’ve developed further Snort signature that is more generic that will likely catch attempts to exploit the vulnerability that do not use the publically available script:

alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"Potential Heartbleed attack";flow:to_server,established; content:"|18 03|"; rawbytes; depth:2; byte_test:1, &, 3, 0, relative; byte_test:2, >, 200, 3, relative, big; reference:cve,2014-0160; sid: 6000001; rev:2;)<br><br>

Detecting use Suricata

Details can be found on blog.inliniac.net

Detecting with Bro

The check can be found here however it hasn’t been well tested and you need to be running the topic/bernhard/heartbeat branch.

Ubuntu patching

Ubuntu 1.0.1-4ubuntu5.12 of OpenSSL resolves the issue. However it is important that if you wish to resolve this vulnerability for an Apache install that you also upgrade libssl specifically e.g. apt-get install libssl1.0.0 or you run the risk of upgrading OpenSSL but not actually resolving your exposure.

Technical Points of Interest

Neel Methta one of the original authors took to twitter to detail the risk posed to private SSL key material stating:

Neel Mehta ‏@neelmehta
Heap allocation patterns make private key exposure unlikely for #heartbleed #dontpanic.

NCC Group research has successfully leaked for the following sensitive information in our testing:

URLs
Session information such as cookies
Credentials
VPN protected traffic

Further information

For further information:

Follow us on twitter @NCCGroupInfosec for notifications of updates to this page
Read heartbleed.com
Read the OpenSSL projects security advisory
If you’re an existing customer please contact your account manager if you required tailored advice and consultancy

Published date: 08 April 2014

Written by: Ollie Whitehouse

Published by Ollie Whitehouse

View all posts by Ollie Whitehouse ->

Here are some related articles you may find interesting

Ghidra nanoMIPS ISA module

Introduction In late 2023 and early 2024, the NCC Group Hardware and Embedded Systems practice undertook an engagement to reverse engineer baseband firmware on several smartphones. This included MediaTek 5G baseband firmware based on the nanoMIPS architecture. While we were aware of some nanoMIPS modules for Ghidra having been developed…

Hardware & Embedded Systems

Reverse Engineering

Tool Release

May 7, 2024

6 mins read

Sifting through the spines: identifying (potential) Cactus ransomware victims

Authored by Willem Zeeman and Yun Zheng Hu This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. To view all of them please check the central blog by Dutch…

Digital Forensics and Incident Response (DFIR)

Fox-IT and European Research

Vulnerability Research

April 25, 2024

7 mins read

Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis

During the spring of 2024, Google engaged NCC Group to conduct a design review of Confidential Mode for Hyperdisk (CHD) architecture in order to analyze how the Data Encryption Key (DEK) that encrypts data-at-rest is protected. The project was 10 person days and the goal is to validate that the…

Public Reports

April 12, 2024

1 min read

View articles by category

Most recent posts

Call us before you need us.

Our experts will help you.

Get in touch