TR-21 - OpenSSL Heartbeat Critical Vulnerability

Overview

OpenSSL software is vulnerable to memory leakage to the connected client or server. In other words, anyone can remotely retrieve sensitive information (e.g. secret keys, passwords, confidential document) from the memory of the remote servers without leaving traces. This is a critical vulnerability and you must patch your OpenSSL software as soon as possible.

OpenSSL version 1.0.1 and 1.0.2-beta releases are affected by this vulnerability including 1.0.1f and 1.0.2-beta1. Prior version are not vulnerable to this vulnerability.

After patching, all sensitive information need to be evaluated especially private keys or credentials. We recommend, at least, to regenerate the X.509 key materials and do an impact assessment on the potentially leaked information.

Recommendations

You should apply the OpenSSL updates provided by the software distributors:

It’s important to note that some distributions use their own version numbering scheme for the OpenSSL package. If the distribution backports functionalities from OpenSSL into older versions, you might be vulnerable too.

You may not have realized that Canonical changed its policy regarding the support length of non-LTS releases. The first release concerned by the new policy is Ubunty 13.04 (Raring Ringtail) and do not receive any support since 2014-01-27, which means that all the running instances you might have are vulnerable to Heartbeat and will not be patched.

The procedure to update Ubuntu 13.04 by recompiling OpenSSL is the following:

apt-get build-dep openssl
apt-get source openssl
cd openssl-1.0.1c/
vi Configure
add -DOPENSSL_NO_HEARTBEATS to $debian_cflags (line 109)
dpkg-buildpackage -uc -b
cd ..
Look at the installed openssl packages:
dpkg -l | grep -w 'libssl\|openssl'
Install the required packages with dpkg:
dpkg -i *.deb

If you cannot upgrade your OpenSSL directly, you can recompile your OpenSSL with the DOPENSSL_NO_HEARTBEATS option to disable the feature having the vulnerability. Don’t forget to restart your services and ensure that the adequate libraries are loaded.

All the services you will see by running this command are still using the old and vulnerable library and have to be restarted:

lsof -n | grep DEL | grep libssl

To verify which running processes/binaries use OpenSSL, you can do the following:

lsof | grep libssl

How to test your TLS/SSL server?

A checker tool and a web site is available to test if a TLS server is vulnerable.

Metasploit framework provides a module that implements the OpenSSL Heartbleed issue.

If you have an access to your system, you can run the following OpenSSL command to get its version:

$ openssl 
OpenSSL> version
OpenSSL 1.0.1 14 Mar 2012
OpenSSL>

Detecting OpenSSL Heartbleed with NIDS

Are the services like SMTP, XMPP, IMAP, SSL VPN using TLS affected?

If the service is using TLS/SSL and relies on vulnerable OpenSSL with the heartbeat extension, the service is probably vulnerable to data leakage. You should contact your software vendor as soon as possible to get a fix. Don’t forget to renew credentials and cryptographic key materials that might have leaked in that context. The vulnerability is not limited to HTTP over TLS but applicable to all protocols relying on TLS. Don’t forget that other protocols than TCP like UDP or encapsulated TLS over custom protocols are also vulnerable.

Are OpenSSL clients vulnerable too?

OpenSSL clients are also vulnerable. So a malicious server could abuse a vulnerable OpenSSL client to trigger the vulnerability and dump the memory of the client. There is a tool to abuse OpenSSL clients available showing the practicality of the exploitation.

If you use OpenSSL as a client (usually bundled/used by many tools like curl, wget on Unix and Windows), you have to patch your client software as well.

What are the unaffected software or protocols by CVE-2014-0160?

  • OpenSSH and SSH is not vulnerable to CVE-2014-0160. OpenSSH relies on some cryptographic functions from OpenSSL but not the TLS part. The SSH protocol contains its own keepalive protocol and doesn’t rely on TLS.

References

Contact

If you have any question about this vulnerability, feel free to contact us.

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.7 April 18, 2014 ICS-CERT advisory for ICS system (TLP:WHITE)
  • Version 1.6 April 18, 2014 Additional vulnerable software (TLP:WHITE)
  • Version 1.5 April 14, 2014 Additional vulnerable software (TLP:WHITE)
  • Version 1.4 April 13, 2014 Additional vulnerable software added + protocol notes (TLP:WHITE)
  • Version 1.3 April 10, 2014 Client side vulnerability added (TLP:WHITE)
  • Version 1.2 April 9, 2014 Information about additional vulnerable software added (TLP:WHITE)
  • Version 1.1 April 8, 2014 Initial version (TLP:WHITE)