SSL/TLS heartbeat read overrun aka 64kb memory leak (CVE-2014-0160)

OpenSSL released a bug advisory about a 64kb memory leak patch [1] in their library. The bug has been assigned CVE-2014-0160 SSL/TLS heartbeat read overrun (Technical: 64kb memory leak). According to http://www.openssl.org/news/openssl-1.0.1-notes.html the heartbeat extension was introduced in March 2012 with the release of version 1.0.1 of OpenSSL. This implies that the vulnerability has been around for just over 2 years. This is a very serious vulnerability that will allow protected information to be stolen from SSL/TLS encrypted communication. 

Since the announcement, there has been buzz around the underground and malicious actors have been actively leaking data and using one of the several provided PoC code [2] to attack the massive amount of services available on the internet. Only versions 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. The targets are mostly port 443. With this, an attacker is able to leak previously allocated data. This can and does include plaintext credentials, session cookies, private keys (to arbitrarily decrypt ssl/tls communication), and more. OpenSSH does not seem to be susceptible to the vulnerability as OpenSSL is used for key generation, but not communication.

The bug itself deals with heartbeat checks. As there is already an excellent post on the technical details, I will simply refer you to:

http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html

We have found a web based tool and a python script for testing to see if you are vulnerable to this latest exploit.

http://filippo.io/Heartbleed/  – a web based test
https://docs.google.com/file/d/0Bw4_BgIkljcbRjZkZ2VDMmpiVnM/edit?pli=1  – a python script to test for the vulnerability from the command line. 
The existentialize.com post has done an excellent job explaining, in code, exactly what has happened and what the vulnerability is. Now, as an attacker with simple PoC, this is what we are able to do:

1.) while [ 1 ]; do python poc.py server.com 443; done
2.) ngrep -i “password_field_value” -d any host victim.org and port 443 -q

This allows us to spam the PoC for recently allocated data and use ngrep to grab the field in which passwords are being sent across. Using these two commands, we have been able to grab a large amount of passwords given over https as plaintext. As you can see, this breaks a large variety of web applications which include online emails (yahoo), banks, and a large variety of other targets. A large compiled list of vulnerable sites are posted at this link by NetCraft http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html

One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large linux flavors. Meaning there was a large time-window between the OpenSSL’s patch and when various flavors of Linux can provide the patch to its userbase. OpenSSL.org has provided an updated version of OpenSSL (1.0.1g) at https://www.openssl.org/source/. Once you have updated to the most recent version you must then regenerate your private key(s) and SSL certificate(s). We would also recommend resetting all passwords for usernames that were used during the timeframe that you were vulnerable.

We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection. There are additional signatures that have been created that cover other services (SMTPS,IMAPS, ETC.).

alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:”SSLv3 OpenSSL Heartbeat Memory Leak”; content:”|18 03 00|”; depth:3; byte_test:2,>,128,3; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid:1006054; tag:session,5,packets; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:”TLSv1 OpenSSL Heartbeat Memory Leak”; content:”|18 03 01|”; depth:3; byte_test:2,>,128,3; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid:1006055; tag:session,5,packets; rev:1;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:”TLSv1.1 OpenSSL Heartbeat Memory Leak”; content:”|18 03 02|”; depth:3; byte_test:2,>,128,3; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid:1006056; tag:session,5,packets; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:”TLSv1.2 OpenSSL Heartbeat Memory Leak”; content:”|18 03 03|”; depth:3; byte_test:2,>,128,3; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid:1006057; tag:session,5,packets; rev:1;)  

We have implemented coverage to all our customers and are currently analyzing and escalating incidents. We have also verified that our appliances and corporate resources have been patched appropriately.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
[2] https://gist.githubusercontent.com/takeshixx/10107280/raw/8052d8479ad0c6150464748d639b0f5e877e8c37/hb-test.py