You are on page 1of 76

The Heartbleed Hit List: The Passwords You Need to Change Right Now

Official txt file from http://www.openssl.org/news/secadv_20140407.txt: \OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2.

Share on Facebook Share on Twitter What's This?

It's time to update your passwords to various sites affected by the Heartbleed bug. Image: Mashable composite. iStockphoto, SoberP

By Mashable Team2 days ago An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services ones you might use every day, like Gmail and Facebook and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years. But it hasn't always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We've rounded up their responses below. See also: How to Protect Yourself From the Heartbleed Bug Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure. Although changing your password regularly is always good practice, if a site or service hasn't yet patched the problem, your information will still be vulnerable. Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you'll need to change the password everywhere. It's not a good idea to use the same password across multiple sites, anyway. We'll keep updating the list as new information comes in. Last update: April 11, 6:14 p.m. ET

Social Networks

Do you need to Was it Is there a change affected? patch? your password? Facebook Unclear Yes Yes Yes

What did they say?

Instagram Yes

Yes

Yes Yes

LinkedIn

No

No

No

Pinterest

Yes

Yes

Yes Yes

Tumblr

Yes

Yes

Yes Yes

Twitter

No

Yes

Unclear

"We added protections for Facebooks implementation of OpenSSL before this issue was publicly disclosed. We havent detected any signs of suspicious account activity, but we encourage people to ... set up a unique password." "Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed. But because this event impacted many services across the web, we recommend you update your password on Instagram and other sites, particularly if you use the same password on multiple sites. "We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties." "We fixed the issue on Pinterest.com, and didnt find any evidence of mischief. To be extra careful, we emailed Pinners who may have been impacted, and encouraged them to change their passwords." "We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue." Twitter wrote that OpenSSL "is widely used across the internet and at Twitter. We were able to determine that [our] servers were not affected by this vulnerability. We are continuing to monitor the situation." While reiterating that they were unaffected, Twitter told Mashable that they did apply a patch.

Other Companies
Do you need to Was it Is there a change affected? patch? your password? Apple Amazon Google No No Yes No No Yes No No What did they say?

"iOS and OS X never incorporated the vulnerable software and key web-based services were not affected." "Amazon.com is not affected."

Yes Yes* We have assessed the SSL vulnerability and applied

Do you need to Was it Is there a change affected? patch? your password?

What did they say?

patches to key Google services. Search, Gmail, YouTube, Wallet, Play, Apps and App Engine were affected; Google Chrome and Chrome OS were not. *Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry. Microsoft services were not running OpenSSL, according to LastPass. "As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now." Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr were patched. More patches to come, Yahoo says.

Microsoft No

No

No

Yahoo

Yes

Yes

Yes Yes

Email
Do you need to Was it Is there a change affected? patch? your password? AOL No No No What did they say?

AOL told Mashable it was not running the vulnerable version of the software. We have assessed the SSL vulnerability and applied patches to key Google services. passwords, but because of the previous vulnerability, better safe than sorry. Microsoft services were not running OpenSSL, according to LastPass. "As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now."

Gmail

Yes

Yes

Yes Yes* *Google said users do not need to change their

Hotmail / Outlook No Yahoo Mail Yes

No Yes

No Yes Yes

Stores and Commerce

Do you need to Was it Is there a change affected? patch? your password? Amazon No No No

What did they say?


"Amazon.com is not affected." Most services were unaffected or Amazon was already able to apply mitigations (see advisory note here). Elastic Load Balancing, Amazon EC2, Amazon Linux AMI, Red Hat Enterprise Linux, Ubuntu, AWS OpsWorks, AWS Elastic Beanstalk and Amazon CloudFront were patched. "eBay.com was never vulnerable to this bug because we were never running a vulnerable version of OpenSSL." Etsy said that only a small part of its infrastructure was vulnerable, and they have patched it. "Weve been updating GoDaddy

Amazon Web Services (for website operators) Yes

Yes

Yes Yes

eBay

No

No

No

Etsy

Yes*

Yes

Yes Yes

GoDaddy

Yes

Yes

Yes Yes

Do you need to Was it Is there a change affected? patch? your password?

What did they say?


services that use the affected OpenSSL version." Full Statement "Groupon.com does not utilize a version of the OpenSSL library that is susceptible to the Heartbleed bug." "Nordstrom websites do not use OpenSSL encryption." "Your PayPal account details were not exposed in the past and remain secure." Full Statement "[We] launched a comprehensive review of all external facing aspects of Target.com... and do not currently believe that any external-facing aspects of our sites are impacted by the OpenSSL vulnerability." "We do not use that technology so we have not

Groupon

No

No

No

Nordstrom

No

No

No

PayPal

No

No

No

Target

No

No

No

Walmart

No

No

No

Do you need to Was it Is there a change affected? patch? your password?

What did they say?


been impacted by this particular breach."

Videos, Photos, Games & Entertainment


Do you need to Was it Is there a change affected? patch? your password? Flickr Hulu Yes No Yes No Yes Yes Yes No Yes Yes What did they say?

Minecraft Yes

Netflix

Yes

Yes

Yes Yes

SoundCloud Yes

Yes

Yes Yes

"As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now." No comment provided. "We were forced to temporary suspend all of our services. ... The exploit has been fixed. We can not guarantee that your information wasn't compromised." More Information "Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact. Its a good practice to change passwords from time to time, now would be a good time to think about doing so. " SoundCloud emphasized that there were no indications of any foul play and that the company's actions were simply precautionary. We have assessed the SSL vulnerability and applied patches to key Google services. passwords, but because of the previous vulnerability, better safe than sorry.

YouTube

Yes

Yes

Yes Yes* *Google said users do not need to change their

Banks and Brokerages


All the banks we contacted (see below) said they were unaffected by Heartbleed, but U.S. regulators have warned banks to patch their systems.

Do you need to Was it Is there a change affected? patch? your password? Bank of America No Barclays Capital One Chase Citigroup E*Trade Fidelity PNC Schwab Scottrade No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No

What did they say?

"A majority of our platforms do NOT use OpenSSL, and the ones that do, we have confirmed no vulnerabilities." No comment provided. "Capital One uses a version of encryption that is not vulnerable to Heartbleed." "These sites dont use the encryption software that is vulnerable to the Heartbleed bug." Citigroup does not use Open SSL in "customerfacing retail banking and credit card sites and mobile apps" E*Trade is still investigating. "We have multiple layers of security in place to protect our customer sites and services." "We have tested our online and mobile banking systems and confirmed that they are not vulnerable to the Heartbleed bug." "Efforts to date have not detected this vulnerability on Schwab.com or any of our online channels." "Scottrade does not use the affected version of OpenSSL on any of our client-facing platforms." TD Ameritrade "doesn't use the versions of openSSL that were vulnerable." "We're currently taking precautions and steps to protect customer data from this threat and have no reason to believe any customer data has been compromised in the past." "The T. Rowe Price websites are not vulnerable to the Heartbleed SSL bug nor were they vulnerable in the past." "We do not use OpenSSL for customer-facing, Internet banking channels, so U.S. Bank customer data is NOT at risk." "We are not using, and have not used, the vulnerable version of OpenSSL." No reason provided.

TD Ameritrade No TD Bank No

T. Rowe Price U.S. Bank Vanguard Wells Fargo

No No No No

No No No No

No No No No

Government and Taxes

Do you need to Was it Is there a change affected? patch? your password? 1040.com No No No No No

What did they say?

FileYour Taxes.com No

H&R Block Healthcare .gov

No No

No No

No No

Intuit (TurboTax)

No

No

No

IRS

No

No

No

TaxACT USAA

No Yes

No Yes

No Yes Yes

"We're not vulnerable to the Heartbleed bug, as we do not use OpenSSL." "We continuously patch our servers to keep them updated. However, the version we use was not affected by the issue, so no action was taken." "We are reviewing our systems and currently have found no risk to client data from this issue." "Healthcare.gov consumer accounts are not affected by this vulnerability." Turbotax wrote that "engineers have verified TurboTax is not affected by Heartbleed." The company has issued new certificates anyway, and said it's not "proactively advising" users to change their passwords. "The IRS continues to accept tax returns as normal ... and systems continue operating and are not affected by this bug. We are not aware of any security vulnerabilities related to this situation." "Customers can update their passwords at any time, although we are not proactively advising them to do so at this time." USAA said that it has "already taken measures to help prevent a data breach and implemented a patch earlier this week."

Other
Do you need to Was it Is there a What did they change affected? patch? say? your password? Box Yes Yes Yes Yes
"We're currently working with our customers to proactively reset passwords and are

Do you need to Was it Is there a What did they change affected? patch? say? your password?
also reissuing new SSL certificates for added protection." On Twitter: "Weve patched all of our userfacing services & will continue to work to make sure your stuff is always safe." "Evernote's service, Evernote apps, and Evernote websites ... all use nonOpenSSL implementations of SSL/TLS to encrypt network communications." Full Statement GitHub said it has patched all its systems, deployed new SSL certificates and revoked old ones. GitHub is asking all users to change password, enable two-factor authentication and "revoke and recreate personal access and application tokens." IFTTT emailed all its users and logged them out, prompting them to change their

Dropbox

Yes

Yes

Yes Yes

Evernote

No

No

No

GitHub

Yes

Yes

Yes Yes

IFTTT

Yes

Yes

Yes Yes

Do you need to Was it Is there a What did they change affected? patch? say? your password?
password on the site. "We, like most of the Internet, were stunned that such a serious bug has existed for so long and was so widespread." Sites do not use OpenSSL. Spideroak said it patched its servers, but the desktop client doesn't use a vulnerable version of OpenSSL, so "customers do not need to take any special action." Wordpress tweeted that it has taken "immediate steps" and "addressed the Heartbleed OpenSSL exploit," but it's unclear if the issue is completely solder. When someone asked Matt Mullenweg, WordPress' founding developer, when the site's SSL certificates will be replaced and when users will be able to reset

OKCupid

Yes

Yes

Yes Yes

Spark Networks (JDate, Christian Mingle) No

No

No

SpiderOak

Yes

Yes

No

Wordpress

Unclear

Unclear

Unclear

Do you need to Was it Is there a What did they change affected? patch? say? your password?
passwords, he simply answered: "soon." "Youll have to simply log back into Wunderlist. We also strongly recommend that you reset your password for Wunderlist." Full Statement

Wunderlist

Yes

Yes

Yes Yes

Password Managers
Do you need to Was it Is there a change affected? patch? your password? 1Password No No No What did they say?

Dashlane

Yes

Yes

No

LastPass

Yes

Yes

No

1Password said in a blog post that its technology "is not built upon SSL/TLS in general, and not upon OpenSSL in particular." So users don't need to change their master password. Dashlane said in a blog post users' accounts were not impacted and the master password is safe as it is never transmitted. The site does use OpenSSL when syncing data with its servers but Dashlane said it has patched the bug, issued new SSL certificates and revoked previous ones. "Though LastPass employs OpenSSL, we have multiple layers of encryption to protect our users and never have access to those encryption keys." Users don't need to change their master passwords because they're never sent to the server. But passwords for other sites stored in LastPass might need to be changed.

Reporters who contributed to this story include Samantha Murphy Kelly, Lorenzo FrancheschiBicchierai, Seth Fiegerman, Adario Strange and Kurt Wagner.

What other sites are you concerned about? Let us know in the comments. BONUS: What Is the Heartbleed Bug? Topics: Apps and Software, banks, Facebook, Heartbleed Bug, Mashable Must Reads, Mobile, security, Tech, Twitter, U.S., World, Yahoo

The Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Whatleaksinpractice?
We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

Howtostoptheleak?
As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

Q&A WhatistheCVE20140160?
CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently went public with the CVE-2014-0160 identifier.

WhyitiscalledtheHeartbleedBug?
Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.

WhatmakestheHeartbleedBugunique?
Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

IsthisadesignflawinSSL/TLSprotocolspecification?
No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.

Whatisbeingleaked?
Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material, 2) secondary key material and 3) protected content and 4) collateral.

Whatisleakedprimarykeymaterialandhowtorecover?
These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.

Whatisleakedsecondarykeymaterialandhowtorecover?
These are for example the user credentials (user names and passwords) used in the vulnerable services. Recovery from this leaks requires owners of the service first to restore trust to the service according to steps described above. After this users can start changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised. All session keys and session cookies should be invalided and considered compromised.

Whatisleakedprotectedcontentandhowtorecover?
This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly. Most important thing is to restore trust to the primary and secondary key material as described above. Only this enables safe use of the compromised services in the future.

Whatisleakedcollateralandhowtorecover?
Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.

Recoverysoundslaborious,isthereashortcut?
After seeing what we saw by "attacking" ourselves, with ease, we decided to take this very seriously. We have gone laboriously through patching our own critical services and are in progress of dealing with possible compromise of our primary and secondary key material. All this just in case we were not first ones to discover this and this could have been exploited in the wild already.

Howrevocationandreissuingofcertificatesworksinpractice?
If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.

AmIaffectedbythebug?
You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.

Howwidespreadisthis?
Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft's April 2014 Web Server Survey. Furthermore OpenSSL is used to protect for example email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most. Furthermore OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.

WhatversionsoftheOpenSSLareaffected?
Status of different versions:

OpenSSL 1. 0. 1t hr ough 1. 0. 1f( i ncl usi ve)ar e vul ner abl e OpenSSL 1. 0. 1g i s NOT vul ner abl e OpenSSL 1. 0. 0 br anch i s NOT vul ner abl e OpenSSL 0. 9. 8 br anch i s NOT vul ner abl e

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

HowcommonarethevulnerableOpenSSLversions?
The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).

Howaboutoperatingsystems?
Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

Debi an W heezy ( st abl e) ,OpenSSL 1. 0. 1e2+deb7u4 Ubunt u 12. 04. 4 LTS,OpenSSL 1. 0. 14ubunt u5. 11 Cent OS 6. 5,OpenSSL 1. 0. 1e15 Fedor a 18,OpenSSL 1. 0. 1e4 OpenBSD 5. 3( OpenSSL 1. 0. 1c 10 M ay 2012)and 5. 4( OpenSSL 1. 0. 1c 10 M ay 2012) Fr eeBSD 10. 0 -OpenSSL 1. 0. 1e 11 Feb 2013 Net BSD 5. 0. 2( OpenSSL 1. 0. 1e) OpenSUSE 12. 2( OpenSSL 1. 0. 1c)

Operating system distribution with versions that are not vulnerable:


Debi an Squeeze ( ol dst abl e) ,OpenSSL 0. 9. 8o4squeeze14 SUSE Li nux Ent er pr i se Ser ver Fr eeBSD 8. 4 -OpenSSL 0. 9. 8y 5 Feb 2013 Fr eeBSD 9. 2 -OpenSSL 0. 9. 8y 5 Feb 2013 Fr eeBSD 10. 0p1 -OpenSSL 1. 0. 1g ( At8 Apr18: 27: 46 2014 UTC) Fr eeBSD Por t s -OpenSSL 1. 0. 1g ( At7 Apr21: 46: 40 2014 UTC) HowcanOpenSSLbefixed?

Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so latest fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.

Shouldheartbeatberemovedtoaidindetectionofvulnerable services?
Recovery from this bug could benefit if the new version of the OpenSSL would both fix the bug and disable heartbeat temporarily until some future version. It appears that majority if not almost

all TLS implementations that respond to the heartbeat request today are vulnerable versions of OpenSSL. If only vulnerable versions of OpenSSL would continue to respond to the heartbeat for next few months then large scale coordinated response to reach owners of vulnerable services would become more feasible.

CanIdetectifsomeonehasexploitedthisagainstme?
Exploitation of this bug leaves no traces of anything abnormal happening to the logs.

CanIDS/IPSdetectorblockthisattack?
Although the content of the heartbeat request is encrypted it has its own record type in the protocol. This should allow intrusion detection and prevention systems (IDS/IPS) to be trained to detect use of the heartbeat request. Due to encryption differentiating between legitimate use and attack can not be based on the content of the request, but the attack may be detected by comparing the size of the request against the size of the reply. This seems to imply that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.

Hasthisbeenabusedinthewild?
We don't know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.

Canattackeraccessonly64kofthememory?
There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.

IsthisaMITMbuglikeApple'sgotofailbugwas?
No this doesn't require a man in the middle attack (MITM). Attacker can directly contact the vulnerable service or attack any user connecting to a malicious service. However in addition to direct threat the theft of the key material allows man in the middle attackers to impersonate compromised services.

DoesTLSclientcertificateauthenticationmitigatethis?
No, heartbeat request can be sent and is replied to during the handshake phase of the protocol. This occurs prior to client certificate authentication.

DoesOpenSSL'sFIPSmodemitigatethis?
No, OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable heartbeat functionality.

DoesPerfectForwardSecrecy(PFS)mitigatethis?
Use of Perfect Forward Secrecy (PFS), which is unfortunately rare but powerful, should protect past communications from retrospective decryption. Please see https://twitter.com/ivanristic/status/453280081897467905 how leaked tickets may affect this.

CanheartbeatextensionbedisabledduringtheTLShandshake?
No, vulnerable heartbeat extension code is activated regardless of the results of the handshake phase negotiations. Only way to protect yourself is to upgrade to fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the code.

WhofoundtheHeartbleedBug?
This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.

WhatistheDefensicsSafeGuard?
The SafeGuard feature of the Codenomicon's Defensics security testtools automatically tests the target system for weaknesses that compromise the integrity, privacy or safety. The SafeGuard is systematic solution to expose failed cryptographic certificate checks, privacy leaks or authentication bypass weaknesses that have exposed the Internet users to man in the middle attacks and eavesdropping. In addition to the Heartbleed bug the new Defensics TLS Safeguard feature can detect for instance the exploitable security flaw in widely used GnuTLS open source software implementing SSL/TLS functionality and the "goto fail;" bug in Apple's TLS/SSL implementation that was patched in February 2014.

Whocoordinatesresponsetothisvulnerability?
NCSC-FI took up the task of reaching out to the authors of OpenSSL, software, operating system and appliance vendors, which were potentially affected. However, this vulnerability was found and details released independently by others before this work was completed. Vendors should be notifying their users and service providers. Internet service providers should be notifying their end users where and when potential action is required.

Isthereabrightsidetoallthis?
For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.

Wheretofindmoreinformation?
This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt. NCSC-FI published an advisory at https://www.cert.fi/en/reports/2014/vulnerability788210.html. Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.

References

CVE20140160 NCSCFIcase# 788210 OpenSSL Secur i t y Advi sor y( publ i shed 7t h ofApr i l2014,~17: 30 UTC) Cl oudFl ar e:St ayi ng ahead ofOpenSSL vul ner abi l i t i es ( publ i shed 7t h ofApr i l2014,
~18: 00 UTC)

hear t bl eed. com ( publ i shed 7t h ofApr i l2014,~19: 00 UTC) Ubunt u / Secur i t y Not i ce USN21651 Fr eshPor t s / openssl1. 0. 1_10 TorPr oj ect/ OpenSSL bug CVE20140160 RedHat/ RHSA2014: 03761 Cent OS / CESA2014: 0376 Fedor a / St at us on CVE20140160 CERT/CC ( USA) NCSCFI( Fi nl and) CERT. at( Aust r i a) CI RCL ( Luxem bour g) CERTFR ( Fr ance) J PCERT/CC ( J apan) CERTSE ( Sweden) Nor CERT ( Nor way) NCSCNL ( Net her l ands) CNCERT/CC ( Peopl e' s Republ i c ofChi na) Publ i c Saf et y Canada LI TNET CERT ( Li t huani a) M yCERT ( M al aysi a) UNAM CERT ( M exi co)

Si ngCERT ( Si ngapor e) QCERT ( Qat ar )

OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2.

Staying ahead of OpenSSL vulnerabilities


Published on April 07, 2014 11:00AM by Nick Sullivan. inShare190

Today a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160). We fixed this vulnerability

last week before it was made public. All sites that use CloudFlare for SSL have received this fix and are automatically protected. OpenSSL is the core cryptographic library CloudFlare uses for SSL/TLS connections. If your site is on CloudFlare, every connection made to the HTTPS version of your site goes through this library. As one of the largest deployments of OpenSSL on the Internet today, CloudFlare has a responsibility to be vigilant about fixing these types of bugs before they go public and attackers start exploiting them and putting our customers at risk. We encourage everyone else running a server that uses OpenSSL to upgrade to version 1.0.1g to be protected from this vulnerability. For previous versions of OpenSSL, re-compiling with the OPENSSL_NO_HEARTBEATS flag enabled will protect against this vulnerability. OpenSSL 1.0.2 will be fixed in 1.0.2-beta2. This bug fix is a successful example of what is called responsible disclosure. Instead of disclosing the vulnerability to the public right away, the people notified of the problem tracked down the appropriate stakeholders and gave them a chance to fix the vulnerability before it went public. This model helps keep the Internet safe. A big thank you goes out to our partners for disclosing this vulnerability to us in a safe, transparent, and responsible manner. We will announce more about our responsible disclosure policy shortly. Just another friendly reminder that CloudFlare is on top of things and making sure your sites stay as safe as possible.

USN-2165-1: OpenSSL vulnerabilities


Ubuntu Security Notice USN-2165-1
7th April, 2014

opensslvulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

Ubunt u 13. 10 Ubunt u 12. 10 Ubunt u 12. 04 LTS Summary

OpenSSL could be made to expose sensitive information over the network, possibly including private keys.

Softwaredescription

openssl-Secur e SocketLayer( SSL)cr ypt ogr aphi cl i br ar y and t ool s Details

Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160) Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076)

Updateinstructions
The problem can be corrected by updating your system to the following package version:

Ubunt u 13. 10: 0. 1e3ubunt u1. 2 l i bssl 1. 0. 0 1. Ubunt u 12. 10: l i bssl 1. 0. 0 1. 0. 1c3ubunt u2. 7 Ubunt u 12. 04 LTS: l i bssl 1. 0. 0 1. 0. 14ubunt u5. 12
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them.

References
CVE-2014-0076, CVE-2014-0160

ht t p: //www. f r eshpor t s. or g/secur i t y/open ssl /. . .m ul t i pl e pages . . . OpenSSL bug CVE-2014-0160


Posted April 7th, 2014 by arma in

openssl security advisory

A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which can be used to reveal memory to a connected client or server. If you're using an older OpenSSL version, you're safe. Note that this bug affects way more programs than just Tor expect everybody who runs an https webserver to be scrambling today. If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle. Here are our first thoughts on what Tor components are affected: 1. Clients: The browser part of Tor Browser shouldn't be affected, since it uses libnss rather than openssl. But the Tor client part is: Tor clients could possibly be induced to send sensitive information like "what sites you visited in this session" to your entry guards. If you're using TBB we'll have new bundles out shortly; if you're using your operating system's Tor package you should get a new OpenSSL package and then be sure to manually restart your Tor. 2. Relays and bridges: Tor relays and bridges could maybe be made to leak their mediumterm onion keys (rotated once a week), or their long-term relay identity keys. An attacker who has your relay identity key can publish a new relay descriptor indicating that you're at a new location (not a particularly useful attack). An attacker who has your relay identity key, has your onion key, and can intercept traffic flows to your IP address can impersonate your relay (but remember that Tor's multi-hop design means that attacking just one relay in the client's path is not very useful). In any case, best practice would be to update your OpenSSL package, discard all the files in keys/ in your DataDirectory, and

3.

4.

5. 6. 7.

restart your Tor to generate new keys. (You will need to update your MyFamily torrc lines if you run multiple relays.) Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays. Like the last big OpenSSL bug, this shouldn't allow an attacker to identify the location of the hidden service [edit: if it's your entry guard that extracted your key, they know where they got it from]. Also, an attacker who knows the hidden service identity key can impersonate the hidden service. Best practice would be to move to a new hidden-service address at your convenience. Directory authorities: In addition to the keys listed in the "relays and bridges" section above, Tor directory authorities might leak their medium-term authority signing keys. Once you've updated your OpenSSL package, you should generate a new signing key. Long-term directory authority identity keys are offline so should not be affected (whew). More tricky is that clients have your relay identity key hard-coded, so please don't rotate that yet. We'll see how this unfolds and try to think of a good solution there. Tails is still tracking Debian oldstable, so it should not be affected by this bug. Orbot looks vulnerable; they have some new packages available for testing. The webservers in the https://www.torproject.org/ rotation needed (and got) upgrades. Maybe we'll need to throw away our torproject SSL web cert and get a new one too. arma's blog

Important: openssl security update

RHSA-2014:0376-1 Security Advisory Important 2014-04-08 2014-04-08 Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server AUS (v. 6.5) Red Hat Enterprise Linux Server EUS (v. 6.5.z) Red Hat Enterprise Linux Workstation (v. 6) CVEs (cve.mitre.org): CVE-2014-0160 Advisory: Type: Severity: Issued on: Last updated on: Affected Products:

Details
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6) SRPMS: openssl-1.0.1e16.el6_5.7.src.rpm


MD5: bd8cd18d0d76eeca5d08781b5b6712b8 SHA-256: dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2b c90d1

IA-32: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d

b5b40

openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm

MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140 MD5: 7cade331d0b12f7cfa0bb303b8784f37

openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05 MD5: 7806105fddd82ebb77421a0c16374ca4 SHA-256: a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91 eb353 MD5: c1709822e20782dc8c503e04ee788df9

openssl-perl-1.0.1e16.el6_5.7.i686.rpm

openssl-static-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 4055110c07d6c18b5542e1dd0af53d501de96eae9317a4b8bec05e2c54e


aedc6

x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40

MD5: 6fcf4efe58746a7b25a7654982b0e3d2 openssl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a m 4b0d2

openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm

MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140

openssl-debuginfoMD5: 7f8eb8ea7db416e34afeaa6e7d10380a SHA-256: 1.0.1e1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b3234789 16.el6_5.7.x86_64.rp 1637a m openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05 MD5: b23db98a10a6e58ef4a829367496e9dc openssl-devel-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b1 m 2e9ee MD5: 7cade331d0b12f7cfa0bb303b8784f37

MD5: 5c399d655138be5a4b5da773e3b1af6c openssl-perl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f1 m 7cafc MD5: b8e2eb964b0b4f4d9fc6ea9676aba257 openssl-static-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0 m 4f8e1

Red Hat Enterprise Linux HPC Node (v. 6) SRPMS: openssl-1.0.1e16.el6_5.7.src.rpm


MD5: bd8cd18d0d76eeca5d08781b5b6712b8 SHA-256: dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2b c90d1

x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40

MD5: 6fcf4efe58746a7b25a7654982b0e3d2 openssl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a m 4b0d2

openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm

MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140

openssl-debuginfoMD5: 7f8eb8ea7db416e34afeaa6e7d10380a SHA-256: 1.0.1e1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b3234789 16.el6_5.7.x86_64.rp 1637a m openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05 MD5: 7cade331d0b12f7cfa0bb303b8784f37

openssl-devel-1.0.1eMD5: b23db98a10a6e58ef4a829367496e9dc SHA-256: 16.el6_5.7.x86_64.rp 6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b1 m

2e9ee MD5: 5c399d655138be5a4b5da773e3b1af6c openssl-perl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f1 m 7cafc MD5: b8e2eb964b0b4f4d9fc6ea9676aba257 openssl-static-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0 m 4f8e1

Red Hat Enterprise Linux Server (v. 6) SRPMS: openssl-1.0.1e16.el6_5.7.src.rpm


MD5: bd8cd18d0d76eeca5d08781b5b6712b8 SHA-256: dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2b c90d1

IA-32: openssl-1.0.1e16.el6_5.7.i686.rpm openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm


MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40 MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140 MD5: 7cade331d0b12f7cfa0bb303b8784f37

openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05 MD5: 7806105fddd82ebb77421a0c16374ca4 SHA-256: a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91 eb353 MD5: c1709822e20782dc8c503e04ee788df9

openssl-perl-1.0.1e16.el6_5.7.i686.rpm

openssl-static-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 4055110c07d6c18b5542e1dd0af53d501de96eae9317a4b8bec05e2c54e


aedc6

PPC: openssl-1.0.1e16.el6_5.7.ppc.rpm openssl-1.0.1e16.el6_5.7.ppc64.rp m openssl-debuginfo1.0.1e16.el6_5.7.ppc.rpm openssl-debuginfo1.0.1e16.el6_5.7.ppc64.rp m


MD5: 9551056f251da05b82149947bbd7e344 SHA-256: 6d2c3e4b013cf3342d90583003ebbe5d914fa2c7a4d918a62144d67f300 0d72a MD5: 0004165d7fb96e29ac8c329ceabf206c SHA-256: 888878deb04e6401f1cefb13574d338d1a6a0d6d0a4bd6a78b8a4602a9d ba834 MD5: 0cd21f6343e2747c89d2fa718eeded54 SHA-256: b1a9f23d57660fadc3c1a94b89cb15ae4a4ec07d77bd79b46ffa5cf1d39 e5189 MD5: 2cf3b892db2d9c8d4d6173f5346acbed SHA-256: e2efd8d8bc77a3cce6c99ff36f2b7d1575409c26484c9c532b448fc24d7 ab69a MD5: cc24300338edb3ebd79b45c7ae25d5a8

openssl-devel-1.0.1eSHA-256: 80081191dcd705b73c2fdec8c595ba67a0592fca3073fc13a337ed98de5 16.el6_5.7.ppc.rpm


24526 MD5: dabd894e8c12d8099c5cd2600ec0dea4 openssl-devel-1.0.1eSHA-256: 16.el6_5.7.ppc64.rp ebcb2520d935ac75dafbf775b9e8396a1b80fd7162076b98b68d33d8a81 m 5b0c5

openssl-perl-1.0.1e16.el6_5.7.ppc64.rp m

MD5: 1f17c100afee814a07d9ab3f1c90f938 SHA-256: f4f826e23f73c111716c3d6d7db0c62deb3144f02ac7632094b3bdcc680 42c5b

MD5: 7ee0ad9aec6b79d02d8238fa9cc2fe91 openssl-static-1.0.1eSHA-256: 16.el6_5.7.ppc64.rp 73268cf53f8778fa6be668bd663739b7ac7adc499cb83c437947ebbb239 m f58bb

s390x: openssl-1.0.1e16.el6_5.7.s390.rpm openssl-1.0.1e16.el6_5.7.s390x.rp m


MD5: ba5e1e1f5be9e2cccb0b3bc445b55ccb SHA-256: 413bf4dbb9b49a69e2cd9dcae4a857f28dd9157ea05734728420860c4ba d6555 MD5: ae631cd74f8859e205c04012bf7f19ee SHA-256: ba01c34c8cb72a5b3f1912bb078432f78a3114cbbe74c4c0c46b795f118 a7dfa

openssl-debuginfo1.0.1e16.el6_5.7.s390.rpm openssl-debuginfo1.0.1e16.el6_5.7.s390x.rp m

MD5: 5478d41f8af69e0c21468ff90d49f750 SHA-256: 1e9693397028bfca10fed84ba85a3981e835213adf75ab032ac05ef0798 f3013 MD5: 2a36a3495e5b933db6fa16cc89c43f98 SHA-256: ad3cd9120e80eee4e72a97882e1241cb1f70c84bf867f055727d585c026 f4cf8 MD5: 9a6237cb10297cb39334212839902b94

openssl-devel-1.0.1eSHA-256: 16.el6_5.7.s390.rpm 5c89453fa1dbc9757b9e5f8576a7c0714bae3f9bea1ec72c9bf5996f39c


6e680 MD5: 4ffd801bce5975aa66f84cfa8670b5ff openssl-devel-1.0.1eSHA-256: 16.el6_5.7.s390x.rp 18aca876de0b4240ca143cb25b4e62f382c91f0bd4de7b0237a7272e8b2 m 39e99

openssl-perl-1.0.1e16.el6_5.7.s390x.rp m

MD5: 5ef579945625921d123248623f9e16a5 SHA-256: aa3ff1b08837eda40b16af1eb54e5334f3ab0cbf3e926230ed71efbd85b 2a7bb

MD5: e31ad0c92b9cf260e79b25c28cb6143b openssl-static-1.0.1eSHA-256: 16.el6_5.7.s390x.rp 7f0a5f27786f7c2d375a805cf63bed410e5ea1df014f2cb89becde19adb m 596ba

x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40

MD5: 6fcf4efe58746a7b25a7654982b0e3d2 openssl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a m 4b0d2

openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm

MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140

openssl-debuginfoMD5: 7f8eb8ea7db416e34afeaa6e7d10380a SHA-256: 1.0.1e1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b3234789 16.el6_5.7.x86_64.rp 1637a m

openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05 MD5: b23db98a10a6e58ef4a829367496e9dc openssl-devel-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b1 m 2e9ee MD5: 5c399d655138be5a4b5da773e3b1af6c openssl-perl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f1 m 7cafc MD5: b8e2eb964b0b4f4d9fc6ea9676aba257 openssl-static-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0 m 4f8e1

MD5: 7cade331d0b12f7cfa0bb303b8784f37

Red Hat Enterprise Linux Server AUS (v. 6.5) SRPMS: openssl-1.0.1e16.el6_5.7.src.rpm
MD5: bd8cd18d0d76eeca5d08781b5b6712b8 SHA-256: dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2b c90d1

x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40

MD5: 6fcf4efe58746a7b25a7654982b0e3d2 openssl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a m 4b0d2

openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm

MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140

MD5: 7f8eb8ea7db416e34afeaa6e7d10380a openssl-debuginfoSHA-256: 1.0.1e1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b3234789 16.el6_5.7.x86_64.rp 1637a

m openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05 MD5: b23db98a10a6e58ef4a829367496e9dc openssl-devel-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b1 m 2e9ee MD5: 5c399d655138be5a4b5da773e3b1af6c openssl-perl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f1 m 7cafc MD5: b8e2eb964b0b4f4d9fc6ea9676aba257 openssl-static-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0 m 4f8e1 MD5: 7cade331d0b12f7cfa0bb303b8784f37

Red Hat Enterprise Linux Server EUS (v. 6.5.z) SRPMS: openssl-1.0.1e16.el6_5.7.src.rpm
MD5: bd8cd18d0d76eeca5d08781b5b6712b8 SHA-256: dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2b c90d1

IA-32: openssl-1.0.1e16.el6_5.7.i686.rpm openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm


MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40 MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140 MD5: 7cade331d0b12f7cfa0bb303b8784f37

openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05

openssl-perl-1.0.1e16.el6_5.7.i686.rpm

MD5: 7806105fddd82ebb77421a0c16374ca4 SHA-256:

a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91 eb353

openssl-static-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 4055110c07d6c18b5542e1dd0af53d501de96eae9317a4b8bec05e2c54e


aedc6

MD5: c1709822e20782dc8c503e04ee788df9

PPC: openssl-1.0.1e16.el6_5.7.ppc.rpm openssl-1.0.1e16.el6_5.7.ppc64.rp m openssl-debuginfo1.0.1e16.el6_5.7.ppc.rpm openssl-debuginfo1.0.1e16.el6_5.7.ppc64.rp m


MD5: 9551056f251da05b82149947bbd7e344 SHA-256: 6d2c3e4b013cf3342d90583003ebbe5d914fa2c7a4d918a62144d67f300 0d72a MD5: 0004165d7fb96e29ac8c329ceabf206c SHA-256: 888878deb04e6401f1cefb13574d338d1a6a0d6d0a4bd6a78b8a4602a9d ba834 MD5: 0cd21f6343e2747c89d2fa718eeded54 SHA-256: b1a9f23d57660fadc3c1a94b89cb15ae4a4ec07d77bd79b46ffa5cf1d39 e5189 MD5: 2cf3b892db2d9c8d4d6173f5346acbed SHA-256: e2efd8d8bc77a3cce6c99ff36f2b7d1575409c26484c9c532b448fc24d7 ab69a MD5: cc24300338edb3ebd79b45c7ae25d5a8

openssl-devel-1.0.1eSHA-256: 80081191dcd705b73c2fdec8c595ba67a0592fca3073fc13a337ed98de5 16.el6_5.7.ppc.rpm


24526 MD5: dabd894e8c12d8099c5cd2600ec0dea4 openssl-devel-1.0.1eSHA-256: 16.el6_5.7.ppc64.rp ebcb2520d935ac75dafbf775b9e8396a1b80fd7162076b98b68d33d8a81 m 5b0c5

openssl-perl-1.0.1e16.el6_5.7.ppc64.rp m

MD5: 1f17c100afee814a07d9ab3f1c90f938 SHA-256: f4f826e23f73c111716c3d6d7db0c62deb3144f02ac7632094b3bdcc680 42c5b

MD5: 7ee0ad9aec6b79d02d8238fa9cc2fe91 openssl-static-1.0.1eSHA-256: 16.el6_5.7.ppc64.rp 73268cf53f8778fa6be668bd663739b7ac7adc499cb83c437947ebbb239 m f58bb

s390x:

openssl-1.0.1e16.el6_5.7.s390.rpm openssl-1.0.1e16.el6_5.7.s390x.rp m openssl-debuginfo1.0.1e16.el6_5.7.s390.rpm openssl-debuginfo1.0.1e16.el6_5.7.s390x.rp m

MD5: ba5e1e1f5be9e2cccb0b3bc445b55ccb SHA-256: 413bf4dbb9b49a69e2cd9dcae4a857f28dd9157ea05734728420860c4ba d6555 MD5: ae631cd74f8859e205c04012bf7f19ee SHA-256: ba01c34c8cb72a5b3f1912bb078432f78a3114cbbe74c4c0c46b795f118 a7dfa MD5: 5478d41f8af69e0c21468ff90d49f750 SHA-256: 1e9693397028bfca10fed84ba85a3981e835213adf75ab032ac05ef0798 f3013 MD5: 2a36a3495e5b933db6fa16cc89c43f98 SHA-256: ad3cd9120e80eee4e72a97882e1241cb1f70c84bf867f055727d585c026 f4cf8 MD5: 9a6237cb10297cb39334212839902b94

openssl-devel-1.0.1eSHA-256: 16.el6_5.7.s390.rpm 5c89453fa1dbc9757b9e5f8576a7c0714bae3f9bea1ec72c9bf5996f39c


6e680 MD5: 4ffd801bce5975aa66f84cfa8670b5ff openssl-devel-1.0.1eSHA-256: 16.el6_5.7.s390x.rp 18aca876de0b4240ca143cb25b4e62f382c91f0bd4de7b0237a7272e8b2 m 39e99

openssl-perl-1.0.1e16.el6_5.7.s390x.rp m

MD5: 5ef579945625921d123248623f9e16a5 SHA-256: aa3ff1b08837eda40b16af1eb54e5334f3ab0cbf3e926230ed71efbd85b 2a7bb

MD5: e31ad0c92b9cf260e79b25c28cb6143b openssl-static-1.0.1eSHA-256: 16.el6_5.7.s390x.rp 7f0a5f27786f7c2d375a805cf63bed410e5ea1df014f2cb89becde19adb m 596ba

x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40

MD5: 6fcf4efe58746a7b25a7654982b0e3d2 openssl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a m 4b0d2

openssl-debuginfo-

MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e

1.0.1e16.el6_5.7.i686.rpm

SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140

openssl-debuginfoMD5: 7f8eb8ea7db416e34afeaa6e7d10380a SHA-256: 1.0.1e1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b3234789 16.el6_5.7.x86_64.rp 1637a m openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05 MD5: b23db98a10a6e58ef4a829367496e9dc openssl-devel-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b1 m 2e9ee MD5: 5c399d655138be5a4b5da773e3b1af6c openssl-perl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f1 m 7cafc MD5: b8e2eb964b0b4f4d9fc6ea9676aba257 openssl-static-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0 m 4f8e1 MD5: 7cade331d0b12f7cfa0bb303b8784f37

Red Hat Enterprise Linux Workstation (v. 6) SRPMS: openssl-1.0.1e16.el6_5.7.src.rpm


MD5: bd8cd18d0d76eeca5d08781b5b6712b8 SHA-256: dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2b c90d1

IA-32: openssl-1.0.1e16.el6_5.7.i686.rpm openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm


MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40 MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140

openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05 MD5: 7806105fddd82ebb77421a0c16374ca4 SHA-256: a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91 eb353 MD5: c1709822e20782dc8c503e04ee788df9

MD5: 7cade331d0b12f7cfa0bb303b8784f37

openssl-perl-1.0.1e16.el6_5.7.i686.rpm

openssl-static-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 4055110c07d6c18b5542e1dd0af53d501de96eae9317a4b8bec05e2c54e


aedc6

x86_64: openssl-1.0.1e16.el6_5.7.i686.rpm
MD5: 54a31865a418bfab3df25f6be640cd5a SHA-256: 3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d b5b40

MD5: 6fcf4efe58746a7b25a7654982b0e3d2 openssl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a m 4b0d2

openssl-debuginfo1.0.1e16.el6_5.7.i686.rpm

MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44 e8140

openssl-debuginfoMD5: 7f8eb8ea7db416e34afeaa6e7d10380a SHA-256: 1.0.1e1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b3234789 16.el6_5.7.x86_64.rp 1637a m openssl-devel-1.0.1eSHA-256: 16.el6_5.7.i686.rpm 8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08


fbe05 MD5: b23db98a10a6e58ef4a829367496e9dc openssl-devel-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp 6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b1 m 2e9ee MD5: 5c399d655138be5a4b5da773e3b1af6c openssl-perl-1.0.1eSHA-256: 16.el6_5.7.x86_64.rp da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f1 m 7cafc MD5: 7cade331d0b12f7cfa0bb303b8784f37

openssl-static-1.0.1e-

MD5: b8e2eb964b0b4f4d9fc6ea9676aba257

SHA-256: 16.el6_5.7.x86_64.rp 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0 m

4f8e1

(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)


1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets

References
https://www.redhat.com/security/data/cve/CVE-2014-0160.html https://access.redhat.com/security/updates/classification/#important

[CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update


Karanbir Singh kbsingh at centos.org Tue Apr 8 02:54:58 UTC 2014

Previous message: [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround Next message: [CentOS-announce] CESA-2014:0383 Moderate CentOS 6 samba4 Update Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

CentOS Errata and Security Advisory 2014:0376 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 1.0.1e-16.el6_5.7.i686.rpm ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba devel-1.0.1e-16.el6_5.7.i686.rpm 5724d24708d8b62ee48585ea530d379c258a9dd537ce3d350a61af4489c11ea5 perl-1.0.1e-16.el6_5.7.i686.rpm 601108f27b4716355d972d70e8711b6ff53f4375962b3d6e81321736c6709b90 static-1.0.1e-16.el6_5.7.i686.rpm

opensslopensslopensslopenssl-

x86_64: 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 1.0.1e-16.el6_5.7.i686.rpm 42cdc321aa3d46889c395c5d6dc11961ed86be5f4d98af0d6399d6c4e1233712 1.0.1e-16.el6_5.7.x86_64.rpm ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba devel-1.0.1e-16.el6_5.7.i686.rpm 3328f32f211b2e136c25ec8538c768049f288f0b410932b31880fa4b4de8e73b devel-1.0.1e-16.el6_5.7.x86_64.rpm 89cdbaed00f8348a6a6d567c6c1eb8aba9f94578653be475e826e24c51f10594 perl-1.0.1e-16.el6_5.7.x86_64.rpm 9222db08c5cbf4fded04fd7d060f5b91ed396665e2baa4c899fc2aa8aa9297d0 static-1.0.1e-16.el6_5.7.x86_64.rpm Source: 3a08cda99f54b97c027ed32758e7b1ddcff635be5c3737c1e9084321561a015d 1.0.1e-16.el6_5.7.src.rpm

opensslopensslopensslopensslopensslopenssl-

openssl-

-Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos at irc.freenode.net

Status on CVE-2014-0160, aka "Heartbleed"


Robyn Bergeron rbergero at redhat.com Tue Apr 8 03:01:24 UTC 2014

Next message: Status on CVE-2014-0160, aka "Heartbleed" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greetings, Fedora community: We're aware of the recently disclosed CVE-2014-0160 (aka "Heartbleed"): https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl) https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl) The issue affects the currently supported Fedora 19 and Fedora 20 releases. Updates for openssl packages are available now, and mirrors near you will receive them shortly. If you do not want to wait for your local mirror to get updates, you can retrieve and install packages directly: For Fedora 19 x86_64:

yum -y install koji koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1 yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm For Fedora 20 x86_64: yum -y install koji koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1 yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20 only). Package updates for mingw-openssl will receive fixes shortly and we'll update the community when they are available. Note that Fedora 18, which is no longer supported by the Fedora community, is also affected by this issue. Fedora 17 and previous releases, also no longer supported, are not affected by this issue. Fedora Release Engineering is currently regenerating AMIs and qcow2/kvm images to include the fix. The Fedora Infrastructure team is working to assess any additional impact, and will update the community as we develop more information. Thanks for your patience as we work on this issue. ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing package updates, and Major Hayden for providing the manual update guidance above.

-Robyn Bergeron

Vulnerability Note VU#720951


OpenSSL heartbeat extension read overflow discloses sensitive information
Original Release date: 07 Apr 2014 | Last revised: 11 Apr 2014

Pr i ntDocum ent Tweet Li ke M e Shar e

Overview
OpenSSL 1.0.1 contains a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed."

Description
OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality (RFC6520). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of up to 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to increase the chances that a leaked chunk contains the intended secrets. The sensitive information that may be retrieved using this vulnerability include:

Pr i m ar y key m at er i al( secr etkeys) Secondar y key m at er i al( usernam es and passwor ds used by vul ner abl e ser vi ces) Pr ot ect ed cont ent( sensi t i ve dat a used by vul ner abl e ser vi ces) Col l at er al( m em or y addr esses and cont entt hatcan be l ever aged t o bypass expl oi tm i t i gat i ons)

t ef orm or e det ai l s.Expl oi tcode f ort hi s Pl ease see t he Hear t bl eed websi vul ner abi l i t yi s publ i cl y avai l abl e.Any ser vi ce t hatsuppor t s STARTTLS ( i m ap, sm t p, ht t p, pop)m ay al so be af f ect ed. Impact
By attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.

Solution
Apply an update This issue is addressed in OpenSSL 1.0.1g. Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items. Old keys should be revoked. Reports indicate that the use of mod_spdy can prevent the updated OpenSSL library from being utilized, as mod_spdy uses its own copy of OpenSSL. Please see https://code.google.com/p/modspdy/issues/detail?id=85 for more details. Disable OpenSSL heartbeat support

This issue can be addressed by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the changes to take effect. Use Perfect Forward Secrecy (PFS) PFS can help minimize the damage in the case of a secret key leak by making it more difficult to decrypt already-captured network traffic. However, if a ticket key is leaked, then any sessions that use that ticket could be compromised. Ticket keys may only be regenerated when a web server is restarted.

VendorInformation(LearnMore) St at u Vendor s Am azon Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed

Dat e Not i f i ed -

Dat e Updat ed 09 Apr 2014 09 Apr 2014 09 Apr 2014 09 Apr 2014 10 Apr 2014 08 Apr 2014 09 Apr 2014 08 Apr 2014

Ar uba Net wor ks,I nc.

Bee W ar e

07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014

Bl ue CoatSyst em s

Ci sco Syst em s,I nc.

Debi an GNU/Li nux

F5 Net wor ks,I nc.

Fedor a Pr oj ect

For t i net ,I nc.

Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed Af f ec t ed

07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014 07 Apr 2014

09 Apr 2014 09 Apr 2014 08 Apr 2014 09 Apr 2014 11 Apr 2014 09 Apr 2014 07 Apr 2014

Fr eeBSD Pr oj ect

Gent oo Li nux

Googl e

I BM Cor por at i on

J uni perNet wor ks,I nc.

M andr i va S.A.

I fyou ar e a vendorand yourpr oducti s af f ect ed,l etus know. Vi ew M or e CVSSMetrics(LearnMore) Sc Gr oup Vect or or e Base Tem por al Envi r on m ent al References

6. 4 5. 3 7. 5

AV: N/AC: L/Au: N/C: P/I : P/A: N

E: F/RL: OF/RC: C

CDP: LM /TD: H/CR: H/I R: H/AR: ND

ht t p: //hear t bl eed. com /

ht t p: //secl i st s. or g/osssec/2014/q2/22 ht t p: //gi t . openssl . or g/gi t web/?p=openssl . gi t ; a=com m i t di f f ; h=96db902 ht t ps: //t ool s. i et f . or g/ht ml /r f c6520 ht t p: //www. openssl . or g/news/openssl 1. 0. 1not es. ht ml ht t p: //bl og. cr ypt ogr aphyengi neer i ng. com /2014/04/at t ackof weekopenssl hear t bl eed. ht ml ht t p: //bl og. f oxi t . com /2014/04/08/openssl hear t bl eedbugl i vebl og/ ht t ps: //www. cer t . f i /en/r epor t s/2014/vul ner abi l i t y788210. ht ml ht t ps: //code. googl e. com /p/m odspdy/i ssues/det ai l ?i d=85 ht t p: //www. expl oi t db. com /expl oi t s/32745/ ht t ps: //access. r edhat . com /secur i t y/cve/CVE20140160 ht t p: //www. ubunt u. com /usn/usn21651/ ht t p: //www. f r eshpor t s. or g/secur i t y/openssl / ht t ps: //bl og. t or pr oj ect . or g/bl og/openssl bugcve20140160 Credit

This vulnerability was reported by OpenSSL, who in turn credits Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security. This document was written by Will Dormann.

OtherInformation

CVE I Ds:CVE20140160 Dat e Publ i c:07 Apr2014 Dat e Fi r stPubl i shed:07 Apr2014 Dat e LastUpdat ed:11 Apr2014 Docum entRevi si on:125 Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NCSC-FI Advisory on OpenSSL


Target - servers and server applications - workstations and end user applications - network devices - embedded systems

- other - remote Access Vector - no user interaction required - no authentication required - breach of confidentiality Impact - security bypass - fix provided by vendor Remediation - problem mitigation

Details
A vulnerability has been found in the heartbeat protocol implementation of TLS (Transport Layer Security) and DTLS (Datagram TLS) of OpenSSL. OpenSSL replies a requested amount upto 64kB of random memory content as a reply to a heartbeat request. Sensitive data such as message contents, user credentials, session keys and server private keys have been observed within the reply contents. More memory contents can be acquired by sending more requests. The attacks have not been observed to leave traces in application logs.

Vulnerability Coordination Information and Acknowledgements


The vulnerability was first reported to OpenSSL by Neel Mehta from Google Security. Matti Kamunen, Antti Karjalainen and Riku Hietamki from Codenomicon Oy reported the vulnerability to NCSC-FI, who reported it in turn to OpenSSL. NCSC-FI would like to thank Codenomicon for reporting and analysing the vulnerability.

Vendor Information

OpenSSL versions from 1.0.1 to 1.0.1f. The vulnerability has been fixed in OpenSSL 1.0.1g.

Vulnerable Linux and BSD distributions include:


Red Hat Enterprise Linux 6.5 (OpenSSL 1.0.1e) Debian Wheezy (fixed in version 1.0.1e-2+deb7u5) Ubuntu 12.04 LTS, 13.04 and 13.10 Gentoo Linux Slackware 14.0, 14.1 and current OpenBSD 5.3 ja 5.4 FreeBSD, versions 10.x NetBSD, versions 6.1 - 6.1.3 ja 6.0 - 6.0.4 DragonflyBSD 3.6 Mandriva Business Server 1

Software using a vulnerable version of OpenSSL include:


Cisco AnyConnect Secure Mobility Client for iOS Cisco Desktop Collaboration Experience DX650 Cisco Unified 7800 series IP Phones Cisco Unified 8961 IP Phone Cisco Unified 9951 IP Phone Cisco Unified 9971 IP Phone Cisco TelePresence Video Communication Server (VCS) Cisco IOS XECisco UCS B-Series (Blade) Servers Cisco UCS C-Series (Stand alone Rack) Servers Cisco Unified Communication Manager (UCM) 10.0 FortiGate FortiOS 5.0.5 ja 5.0.6 Junos OS 13.3R1 Juniper Odyssey client 5.6r5 and newer Juniper SSL VPN (IVEOS) 7.4r1 and newer Juniper SSL VPN (IVEOS) 8.0r1 and newer Juniper UAC 4.4r1 and newer Juniper UAC 5.0r1 and newer Juniper Junos Pulse (Desktop) 5.0r1 and newer Juniper Junos Pulse (Desktop) 4.0r5 and newer Juniper Network Connect (windows) versions 7.4R5 - 7.4R9.1 & 8.0R1 to 8.0R3.1 Juniper Junos Pulse (Mobile) on Android 4.2R1 and newer Juniper Junos Pulse (Mobile) on iOS 4.2R1 F5 BIG-IP LTM versions 11.5.0 - 11.5.1 F5 BIG-IP AAM versions 11.5.0 - 11.5.1 F5 BIG-IP AFM versions 11.5.0 - 11.5.1 F5 BIG-IP Analytics versions 11.5.0 - 11.5.1 F5 BIG-IP APM versions 11.5.0 - 11.5.1 F5 BIG-IP ASM versions 11.5.0 - 11.5.1 F5 BIG-IP GTM versions 11.5.0 - 11.5.1 F5 BIG-IP Link Controller 11.5.0 - 11.5.1 F5 BIG-IP PEM versions 11.5.0 - 11.5.1 F5 BIG-IP PSM versions 11.5.0 - 11.5.1 F5 BIG-IP Edge Clients for Apple iOS versions 2.0.0 - 2.0.1 ja 1.0.5 F5 BIG-IP Edge Clients for Linux versions 7080 - 7101 F5 BIG-IP Edge Clients for MAC OS X versions 7080 - 7101 ja 6035 - 7071 F5 BIG-IP Edge Clients for Windows versions 7080 - 7101 ja 6035 - 7071 OpenVPN 2.3-rc2-I001 - 2.3.2-I003 Aruba ArubaOS versions 6.3.x, 6.4.x Aruba ClearPass versions 6.1.x, 6.2.x, 6.3.x Viscosity before version 1.4.8 WatchGuard XTM ja XCS before version 11.8.3 CSP Blue Coat Content Analysis System versions 1.1.1.1 - 1.1.5.1 Blue Coat Malware Analysis Appliance version 1.1.1 Blue Coat ProxyAV versions 3.5.1.1 - 3.5.1.6

Blue Coat ProxySG versions 6.5.1.1 - 6.5.3.5 Blue Coat SSL Visibility 3.7.0 Jolla F-Secure F-Secure Messaging Secure Gateway 7.5 F-Secure Protection Service for Email 7.5 F-Secure Anti-Theft Portal

Remediation
Patch the vulnerable software components according to the guidance published by the vendor. Restart affected services after the update. The vulnerability can be mitigated by disabling the affected components. This can be done by compiling OpenSSL with the configuration option -DNO_OPENSSL_HEARTBEATS.

References

https://www.openssl.org/news/secadv_20140407.txt https://www.kb.cert.org/vuls/id/720951 http://heartbleed.com/ https://tools.ietf.org/html/rfc6520 CVE-2014-0160

Updates http://lists.centos.org/pipermail/centos-announce/2014April/020248.html http://koji.fedoraproject.org/koji/buildinfo?buildid=509741 https://www.debian.org/security/2014/dsa-2896 https://access.redhat.com/security/cve/CVE-2014-0160 http://www.ubuntu.com/usn/usn-2165-1/ http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml http://www.slackware.com/security/viewer.php?l=slackwaresecurity&y=2014&m=slackware-security.533622 http://www.openbsd.org/errata53.html#014_openssl http://www.openbsd.org/errata54.html#007_openssl http://www.freebsd.org/security/advisories/FreeBSD-SA14:06.openssl.asc http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSDSA2014-004.txt.asc http://lists.dragonflybsd.org/pipermail/commits/2014April/269894.html

o o o o o o o o o o o o

o o o o o o o o o o o o

http://www.mandriva.com/en/support/security/advisories/mbs1/ MDVSA-2014:067/ http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10 623 http://tools.cisco.com/security/center/content/CiscoSecurityAdvi sory/cisco-sa-20140409-heartbleed https://supportcenter.checkpoint.com/supportcenter/portal?even tSubmit_dogoviewsolutiondetails=&solutionid=sk100173 http://support.f5.com/kb/enus/solutions/public/15000/100/sol15159.html https://community.openvpn.net/openvpn/wiki/heartbleed http://www.arubanetworks.com/support/alerts/aid-040814.asc https://www.sparklabs.com/viscosity/releasenotes/ http://watchguardsecuritycenter.com/2014/04/08/theheartbleed-openssl-vulnerability-patch-openssl-asap/ http://kb.bluecoat.com/index?page=content&id=SA79 https://together.jolla.com/question/38508/release-notes-software-version-10516paarlampi/ http://www.f-secure.com/en/web/labs_global/fsc-2014-1

Contact Information
NCSC-FI Vulnerability Coordination can be contacted as follows: Email: vulncoord@ficora.fi Please quote the advisory reference [FICORA #788210] in the subject line Telephone: +358 295 390 230 Monday - Friday 08:00 - 16:15 (EEST: UTC+2) Fax : +358 295 390 270 Post: Vulnerability Coordination FICORA/CERT-FI P.O. Box 313 FI-00181 Helsinki FINLAND CERT-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at

https://www.ncsc.fi/en/activities/contact/pgp-keys.html The CERT-FI vulnerability coordination policy can be viewed at https://www.ncsc.fi/en/activities/Vulncoord/vulncoord-policy.html.

Revision History
8 Apr 2013, 07:45 UTC: Published 10 Apr 2014, 11:07 UTC: Updated vendor list and references 10 Apr 2014, 12:12 UTC: Removed erroneously added CheckPoint products from listing 10 Apr 2014, 13:27 UTC: Fixed affected FreeBSD versions 11 Apr 2014, 17:27 UTC: Update vendor list and references (Jolla, F-Secure)

Update - Schweres Sicherheitsproblem mit OpenSSL ("Heartbleed"-Lcke)


8. April 2014 Update 10. April 2014 Das OpenSSL-Projekt hat eine Warnung bezglich eines akuten Problems verffentlicht. In einschlgigen Medien wird bereits berichtet, ob der Dringlichkeit und des Umfangs des Problems bittet CERT.at nochmals um Beachtung der folgenden Hinweise.

Beschreibung
Durch einen Fehler in OpenSSL knnen Angreifer Teile des Hauptspeichers eines betroffenen Systems (in Schritten von 64kB) lesen. Dadurch ist es den Angreifern mglich, an diverse Informationen, unter Umstnden inklusive der "Private" Keys/X.509 Zertifikate, zu gelangen. Eine ausfhrliche Beschreibung des Problems findet sich auf http://heartbleed.com/ (englisch). Eintrag in der CVE-Datenbank: CVE-2014-0160.

Auswirkungen

Da davon auszugehen ist, dass Angreifer ber die Private Keys von mit verwundbaren OpenSSLVersionen gesicherten Services verfgen, sind prinzipiell alle ber solche Services bermittelten Informationen als kompromittiert zu betrachten. Falls die Services mit "Perfect Forward Secrecy" konfiguriert sind, knnen Angreifer allerdings nicht Informationen aus in der Vergangenheit mitprotokollierten Sitzungen entschlsseln. Aktuell bertragene Informationen sind trotzdem betroffen.

Betroffene Systeme
Der Fehler betrifft alle OpenSSL Versionen von 1.0.1 bis inklusive 1.0.1f, die erste verwundbare Version 1.0.1 wurde am 14. Mrz 2012 verffentlicht. Das sind beispielsweise Systeme mit folgenden Betriebssystem-Versionen (Achtung, Liste ist nicht vollstndig):

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c) NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c)

Update 10. April 2014 Wir mchten hier auch nochmals ausdrcklich darauf hinweisen, dass dieses Problem nicht nur Webserver/Webseiten betrifft, sondern alle Software die auf OpenSSL aufsetzt und TLS verwendet. Aber natrlich sind auch alle Systeme/Services betroffen, auf denen eigens kompilierte/installierte Versionen von OpenSSL eingesetzt werden. Auch Installationen von zB "SSL-VPN"-Services knnen betroffen sein. Nicht betroffen sind:

Systeme, auf denen OpenSSL 0.9.x eingesetzt wird weiters Installationen von OpenSSL, in denen die "Heartbeat"-Funktion durch einen entsprechende Parameter (-DOPENSSL_NO_HEARTBEATS) beim Kompilieren ausgeschaltet wurde Update 10. April 2014: OpenSSH ist nicht betroffen, da es zwar OpenSSL aber nicht TLS (und damit auch nicht die verwundbare "Heartbeat"-Extension) verwendet

Abhilfe

Es wird dringend empfohlen, die von den Betriebssystemen bereitgestellten Patches zu installieren. Wo dies nicht mglich ist, sollten betroffene OpenSSL-Versionen so konfiguriert werden, dass die "Heartbeat"-Funktion nicht untersttzt wird (Parameter DOPENSSL_NO_HEARTBEATS beim Kompilieren). Weiters sind alle Private Keys als kompromittiert zu betrachten, und es sollten nach Einspielen entsprechender Patches neue erzeugt, und gegebenenfalls bei den genutzten Certificate Authorities zur Signierung vorgelegt, werden. Wie zB Heise Security formuliert: Auerdem besteht natrlich die Gefahr, dass Angreifer mit guten technischen Ressourcen den Fehler bereits kannten und massenhaft Schlssel geklaut haben. Auch sollten die "alten" Keys fr ungltig erklrt (revoked) werden. Fr Firmenumgebungen mit IDS/IPS-Installationen sind auch bereits erste Signaturen erhltlich, mit denen Versuche dieses Problem auszunutzen, erkannt werden knnen. Da dies aber nicht retroaktiv mglich ist, sind auch dort alle Private Keys als kompromittiert zu betrachten. Update (2014-04-10): Benutzer von Linux-Systemen mit iptables knnen ein Ausnutzen dieser Lcke mit entsprechenden Rules (wie unter http://www.securityfocus.com/archive/1/531779 beschrieben) verhindern bzw. erkennen. Auch Endbenutzer sollten ihre Systeme auf Verwendung von verwundbaren OpenSSLVersionen berprfen, dies betrifft auch besonders Benutzer von mobilen Gerten wie Smartphones/Tablets. Update (2014-04-10): Ob die eigenen Services betroffen sind, lsst sich beispielsweise mit folgenden Methoden herausfinden:

Online-Test: http://filippo.io/Heartbleed/ o Der Code zu diesem Online-Test ist auch fr eigene Benutzung verfgbar: https://github.com/FiloSottile/Heartbleed Plugin fr den bekannten Security-Scanner nmap: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse

Alle diese Tests knnen natrlich ein Patchen/Umkonfigurieren/Schtzen der eigenen Systeme nicht ersetzen - Falscheinschtzungen sind auch hier mglich.

Hinweis
Generell empfiehlt CERT.at, wo mglich die "automatisches Update"-Features von Software zu nutzen, parallel Firewall-Software aktiv und den Virenschutz aktuell zu halten. Informationsquelle(n): OpenSSL Security Advisory (englisch)

https://www.openssl.org/news/secadv_20140407.txt Detaillierte Beschreibung des Problems (englisch) http://heartbleed.com/ Debian Security Advisory DSA-2896-1 (englisch) https://www.debian.org/security/2014/dsa-2896 Redhat Security Advisory RHSA-2014:0376-1 (englisch) https://rhn.redhat.com/errata/RHSA-2014-0376.html Meldung bei Heise Security (deutsch) http://www.heise.de/security/meldung/Der-GAU-fuer-Verschluesselung-im-Web-Horror-Bug-inOpenSSL-2165517.html

TR-21 - OpenSSL Heartbeat Critical Vulnerability


TR21OpenSSLHeartbeatCriticalVulnerability
Back to Publications and Presentations

1. Over vi ew 2. Recom m endat i ons 3. How t ot estyourTLS/SSL ser ver ? 4. Det ect i ng OpenSSL Hear t bl eed wi t h NI DS 5. Ar et he ser vi ces l i ke SM TP,XM PP,I M AP,SSL VPN usi ng TLS af f ect ed? 6. Ar e OpenSSL cl i ent s vul ner abl et oo? 7. W hatar et he unaf f ect ed sof t war e orpr ot ocol s by CVE20140160? 8. Ref er ences 9. Cont act 10. Cl assi f i cat i on oft hi s docum ent 11.Revi si on
You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Overview
OpenSSL software is vulnerable to memory leakage to the connected client or server. In other words, anyone can remotely retrieve sensitive information (e.g. secret keys, passwords, confidential document) from the memory of the remote servers without leaving traces. This is a critical vulnerability and you must patch your OpenSSL software as soon as possible. OpenSSL version 1.0.1 and 1.0.2-beta releases are affected by this vulnerability including 1.0.1f and 1.0.2-beta1. Prior version are not vulnerable to this vulnerability. After patching, all sensitive information need to be evaluated especially private keys or credentials. We recommend, at least, to regenerate the X.509 key materials and do an impact assessment on the potentially leaked information.

Recommendations
You should apply the OpenSSL updates provided by the software distributors:

Ubunt u USN21651:OpenSSL vul ner abi l i t i es Ubunt u CVE20140160 det ai l ed i nf or m at i on perr el ease Debi an DSA28961 openssl secur i t y updat e Red HatRHSA2014: 03761 Red HatEnt er pr i se Li nux 6 Red HatRHSA2014: 03771 Red HatSt or age Nat i ve Cl i entf orRed Hat Ent er pr i se Li nux Cent OS 6 CVE20140160 Cent OS 6 opensslhear t bl eed wor kar ound Gent oo gl sa20140407 OpenSSL:I nf or m at i on Di scl osur e Novel l /Suse SUSE Li nux Ent er pr i se Ser ver11 and ol derver si ons wi t h openssl0. 9. 8 ar e notaf f ect ed.Onl y openSUSE 12. 3 and 13. 1 ar e shi ppi ng af f ect ed ver si ons cur r ent l y. Torcom ponent s af f ect ed by OpenSSL bug CVE20140160 m od_spdy bi nar y bugf i xr el ease ( v0. 9. 4. 2) st unnelOpenSSL DLLs updat ed t o ver si on 1. 0. 1g.Thi s ver si on m i t i gat es TLS hear t beatr ead over r un ( CVE20140160) Fedor a 19 Updat e:openssl 1. 0. 1e37. f c19. 1 Fedor a 20 Updat e:openssl 1. 0. 1e37. f c20. 1 Fr eeBSDSA14: 06. opensslOpenSSL m ul t i pl e vul ner abi l i t i es OpenBSD 5. 5 er r at a 2,Apr8,2014 OpenBSD 5. 4 er r at a 7,Apr8,2014 OpenBSD 5. 3 er r at a 14,Apr8,2014 Fr eeRADI US ver si on 2 and Ver si on 3 ofFr eeRADI US ar e vul ner abl et ot he at t ack OpenVPN Access Ser ver1. 8. 4 > 2. 0. 5

Its important to note that some distributions use their own version numbering scheme for the OpenSSL package. If the distribution backports functionalities from OpenSSL into older versions, you might be vulnerable too. You may not have realized that Canonical changed its policy regarding the support length of non-LTS releases. The first release concerned by the new policy is Ubunty 13.04 (Raring Ringtail) and do not receive any support since 2014-01-27, which means that all the running instances you might have are vulnerable to Heartbeat and will not be patched. The procedure to update Ubuntu 13.04 by recompiling OpenSSL is the following:
apt-get build-dep openssl apt-get source openssl cd openssl-1.0.1c/ vi Configure add -DOPENSSL_NO_HEARTBEATS to $debian_cflags (line 109) dpkg-buildpackage -uc -b cd .. Look at the installed openssl packages: dpkg -l | grep -w 'libssl\|openssl' Install the required packages with dpkg: dpkg -i *.deb

If you cannot upgrade your OpenSSL directly, you can recompile your OpenSSL with the DOPENSSL_NO_HEARTBEATS option to disable the feature having the vulnerability. Dont forget to restart your services and ensure that the adequate libraries are loaded. All the services you will see by running this command are still using the old and vulnerable library and have to be restarted:
lsof -n | grep DEL | grep libssl

To verify which running processes/binaries use OpenSSL, you can do the following:
lsof | grep libssl

How to test your TLS/SSL server?


A checker tool and a web site is available to test if a TLS server is vulnerable. Metasploit framework provides a module that implements the OpenSSL Heartbleed issue.

Detecting OpenSSL Heartbleed with NIDS


Det ect i ng OpenSSL Hear t bl eed wi t h Sur i cat a I ndi cat orofCom pr om i se t o det ectsuccessf ulexpl oi t at i on wi t h Snor t

Are the services like SMTP, XMPP, IMAP, SSL VPN using TLS affected?
If the service is using TLS/SSL and relies on vulnerable OpenSSL with the heartbeat extension, the service is probably vulnerable to data leakage. You should contact your software vendor as soon as possible to get a fix. Dont forget to renew credentials and cryptographic key materials that might have leaked in that context. The vulnerability is not limited to HTTP over TLS but applicable to all protocols relying on TLS.

Are OpenSSL clients vulnerable too?


OpenSSL clients are also vulnerable. So a malicious server could abuse a vulnerable OpenSSL client to trigger the vulnerability and dump the memory of the client. There is a tool to abuse OpenSSL clients available showing the practicality of the exploitation. If you use OpenSSL as a client (usually bundled/used by many tools like curl, wget on Unix and Windows), you have to patch your client software as well.

What are the unaffected software or protocols by CVE-20140160?

OpenSSH and SSH i s notvul ner abl et o CVE20140160.OpenSSH r el i es on som e cr ypt ogr aphi cf unct i ons f r om OpenSSL butnott he TLS par t .The SSH pr ot ocolcont ai ns i t s own keepal i ve pr ot ocoland doesn tr el y on TLS.

References

CVE20140160 The ( 1)TLS and ( 2)DTLS i m pl em ent at i ons i n OpenSSL 1. 0. 1 bef or e 1. 0. 1g do notpr oper l y handl e Hear t bear tExt ensi on packet s The Hear t bl eed Bug OpenSSL Secur i t y Advi sor y -TLS hear t beatr ead over r un ( CVE20140160) Di agnosi s oft he OpenSSL Hear t bl eed Bug

Contact
If you have any question about this vulnerability, feel free to contact us.

Classification of this document


TLP:WHITE information may be distributed without restriction, subject to copyright controls.

Revision

Ver si on 1. 3 Apr i l10,2014 Cl i entsi de vul ner abi l i t y added ( TLP: W HI TE) Ver si on 1. 2 Apr i l9,2014 I nf or m at i on aboutaddi t i onalsof t war e vul ner abl e added ( TLP: W HI TE) Ver si on 1. 1 Apr i l8,2014 I ni t i alver si on ( TLP: W HI TE)

BULLETIN D'ALERTE DU CERT-FR Objet : Vulnrabilit dans OpenSSL

Gestion du document
Tableau 1: Gestion du document Rfrence Titre CERTFR-2014-ALE-003 Vulnrabilit dans OpenSSL

Date de la premire version 08 avril 2014 Date de la dernire version Source(s) Pice(s) jointe(s) Bulletin de scurit OpenSSL du 07 avril 2014 Aucune

Une gestion de version dtaille se trouve la fin de ce document.

1 - Risque(s)

contournement de la politique de scurit atteinte la confidentialit des donnes

2 - Systmes affect(s)

OpenSSL 1.0.1, version 1.0.1f et antrieures OpenSSL 1.0.2-beta1

3 - Rsum
Une vulnrabilit a t dcouverte dans OpenSSL. Elle permet un attaquant de provoquer un contournement de la politique de scurit et une atteinte la confidentialit des donnes.

4 - Recommandations
Un correctif d'OpenSSL est disponible. Le CERT-FR recommande de mettre jour les installations d'OpenSSL vulnrables. De plus, il est ncessaire de relancer les services susceptibles d'employer une ancienne version de la bibliothque (notamment les serveurs Web et de messagerie lectronique). Aprs mise jour d'OpenSSL, pour dterminer les services redmarrer, il est possible d'employer sous Linux la commande ci-aprs : lsof | grep libssl | grep DEL Nanmoins, cette commande ne permet pas de reprer les ventuels services compils avec OpenSSL en statique. Il est galement recommand, en cas de suspicion de compromission, de rvoquer les certificats utiliss et de gnrer de nouvelles cls de chiffrement. De plus, les hbergeurs de services potentiellement compromis sont encourags demander leurs utilisateurs de mettre jour leurs mots de passe.

5 - Documentation

Bulletin de scurit OpenSSL du 07 avril 2014


https://www.openssl.org/news/secadv_20140407.txt

Rfrence CVE CVE-2014-0160


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Description de la vulnrabilit
http://heartbleed.com/

Avis du CERT-FR
http://www.cert.ssi.gouv.fr/site/CERTFR-2014-AVI-156/

Gestion dtaille du document


08 avril 2014 version initiale. Dernire version de ce document : http://cert.ssi.gouv.fr/site/CERTFR-2014-ALE-003

CERT-FR 2014-04-10

OpenSSL

JPCERT-AT-2014-0013 JPCERT/CC 2014-04-08() 2014-04-11() <<< JPCERT/CC Alert 2014-04-08 >>> OpenSSL https://www.jpcert.or.jp/at/2014/at140013.html

I. OpenSSL Project OpenSSL heartbeat OpenSSL OpenSSL Project OpenSSL Project OpenSSL Security Advisory [07 Apr 2014] - TLS heartbeat read overrun (CVE-2014-0160) https://www.openssl.org/news/secadv_20140407.txt *** : 20140411 ***************************************** III. **********************************************************************

II.

- OpenSSL 1.0.1 1.0.1f - OpenSSL 1.0.2-beta 1.0.2-beta1 *** : 20140411 ***************************************** OpenSSL **********************************************************************

III. OpenSSL Project OpenSSL OpenSSL 1.0.2-beta 201448 - OpenSSL 1.0.1g Tarballs http://www.openssl.org/source/ - -DOPENSSL_NO_HEARTBEATS OpenSSL OpenSSL USN-2165-1: OpenSSL vulnerabilities http://www.ubuntu.com/usn/usn-2165-1/ Important: openssl security update https://rhn.redhat.com/errata/RHSA-2014-0376.html Debian Security Advisory DSA-2896-1 openssl -- security update http://www.debian.org/security/2014/dsa-2896 *** : 20140411 ***************************************** OpenSSL **********************************************************************

IV. JVNVU#94401838 OpenSSL heartbeat https://jvn.jp/vu/JVNVU94401838/index.html

*** : 20140411 ***************************************** CERT/CC Vulnerability Note VU#720951 OpenSSL heartbeat information disclosure https://www.kb.cert.org/vuls/id/720951 (IPA) OpenSSL (CVE-2014-0160) https://www.ipa.go.jp/security/ciadr/vul/20140408-openssl.html @Police OpenSSL https://www.npa.go.jp/cyberpolice/detect/pdf/20140410.pdf **********************************************************************

________ 2014-04-08 2014-04-11 I. II. III. IV. ====================================================================== JPCERT (JPCERT/CC) MAIL: info@jpcert.or.jp TEL:03-3518-4600 FAX: 03-3518-4602 https://www.jpcert.or.jp/

Top

59

<<

OpenSSL lcker information


Ls mer hr! Uppdaterad 2014-04-10 13:58 | Publicerad 2014-04-08 12:51 - Srbarhet

Ny srbarhet i OpenSSL 1.0.1


Srbarheten i OpenSSL 1.0.1 kan anvndas fr att lsa privat minne hos den applikation som skyddas med OpenSSL och drigenom f tag i till exempel nycklar frn X.509 certifikat, anvndarnamn och lsenord. D denna srbarhet gr det mjligt fr en angripare att "lsa ut" den privata nyckeln till X.509 certifikat s rekomenderar CERT-SE byte av certifikat samt andra hemligheter (till exempel inloggningsuppgifter) som kan ha lckts. CERT-SE rekomenderar uppgradering till OpenSSL version 1.0.1g Observera att automatiska uppgraderingar p till exempel Linux troligen krver att tjnsten startas om. Fr ytterligare information se: http://www.kb.cert.org/vuls/id/720951 http://heartbleed.com/ http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html https://www.schneier.com/blog/archives/2014/04/heartbleed.html Denna lnk innehller SNORT-signaturer fr att upptcka en angripare http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

Det finns ett antal sjlvtestverktyg upplagda p ntet nu. CERT-SE vet inte vem som str bakom dessa och hur effektiva de r. Har ni har behov av att testa era system och bedmer den eventuella risken med att testsajten kartlgger era srbarheter som godtagbar s kan ni anvnda fljande: https://www.ssllabs.com/ssltest/ http://possible.lv/tools/hb/ Och hr r en lnk till ett skript som ocks testar fr srbarheten, med ppen kod som ni kan verifiera sjlva https://github.com/titanous/heartbleeder NCSC-FI har skapat en uppdaterad lista ver leverantrer eller produkter som r drabbade: https://www.cert.fi/en/reports/2014/vulnerability788210.html SANS ISC har gjort detsamma: https://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929

Senaste nyheter
Fr att hitta ldre nyheter anvnd Nyhetsarkivet eller vr skfunktion. 2014-04-11 15:38

CERTSE:sveckobrevv.15 Bl andade i nsl ag f r n veckan som gt t .M ed t anke p m edi aexponer i ngen av Hear t bl eed s harvim i ni m er atant al etsdana l nkariveckobr evet .
2014-04-10 13:58

NysrbarhetiOpenSSL1.0.1 Sr bar het en iOpenSSL 1. 0. 1 kan anvndas f rat tl sa pr i vatm i nne


2014-04-10 09:56

Wordpress3.8.2harslpptsochinnehllerflerasrbarhetsfixar W or dpr ess r ekom m ender aruppdat er i ng s snar tsom m j l i gt .


2014-04-08 21:43

Adobeuppdaterarflashplayer Adobe haruppdat er atf l ashpl ayert i l lver si on 13. 0. 0. 182 f rwi ndows sam t
2014-04-08 21:39

ChromeUppdaterad Nu harGoogl e chr om e t eam etsl pptsi n chr om e ver si on 34 som r t t art i l l Pr enum er er a p RSS/At om

Alvorlig srbarhet i SSL


OpenSSL har offentligjort en srbarhet i OpenSSLs TLS/DTLS heartbeat extension(RFC6520). Srbarheten er tildelt CVE-2014-0160, ogs kalt "The Heartbleed Bug". NSM ser p denne srbarheten som svrt alvorlig. "Heartbleed Bug" gjr det mulig stjele informasjon som er beskyttet, under normale forhold, med SSL/TLS -kryptering som brukes til sikre Internett. SSL/TLS gir kommunikasjonssikkerhet og personvern p Internett for applikasjoner som web, epost, direktemeldinger (IM) og virtuelle private nett (VPN). Srbarheten tillater hvem som helst p Internett lese minne til systemene beskyttet av de srbare versjonene av OpenSSL-programvaren. Dette kompromitterer de hemmelige nklene som brukes til identifisere tjenesteyterne og kryptere trafikken. Navn og passord til brukerne og det faktiske innholdet . Dette gjr det mulig for angripere :

avlytte kommunikasjon stjele data direkte fra tjenestene og brukere utgi seg for tjenester og brukere.

Srbarheten tillater angriper hente ut deler p 64KB fra minnet til server eller klient som kjrer den srbare versjonen av OpenSSL. Denne metoden kan repeteres, dette vil si at man teoretisk kan dumpe minnet rundt prosessen, samt all trafikk som gr gjennom TLS-tunellen.

Test-utnyttelser av denne srbarheten tilsier at det vil vre mulig for angriper omg alle TLSbeskyttelsesmekanismer. Tidligere utnyttelse av denne srbarheten ser ikke ut til kunne avdekkes, fordi denne type trafikk ikke loggfres. Srbare versjoner: OpenSSL 1.0.1 til og med 1.0.1f er srbar. Versjon 1.0.1 ble utgitt i 2012. Srbarheten er fikset i versjon 1.0.1g som ble utgitt 7. april 2014. Versjoner eldre enn 1.0.1 er ikke srbare. Kjente distribusjoner og pakkeversjoner som har denne srbarheten inkluderer:

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) og 5.4 (OpenSSL 1.0.1c 10 May 012) FreeBSD 8.4 (OpenSSL 1.0.1e) og 9.1 (OpenSSL 1.0.1c) NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c)

Flere av disse har distribuert oppdaterte pakker.

Hvordan stoppe lekkasjen ?


S lenge den srbare versjon av OpenSSL er i bruk kan den bli misbrukt. De som eier systemer og drifter nettsider m oppdatere programvaren og vurdere skadepotensialet. Vi anbefaler ogs:

sjekke om det finnes oppdaterte pakker til deres system oppdatere om ndvendig Man kan kompilere OpenSSL uten heartbeat-extension.

Vi anbefaler ogs at tjenesteleverandrer som har srbarheten, og som har kunder med innloggingstjenester p den ene eller andre mten, oppdaterer, varsler brukerne, og anbefaler bytte av passord. For privatpersoner:

Det er viktig at du oppdaterer programvaren p PC-en din umiddelbart nr du fr varsel om dette. Ikke utsett - gjr det n. Ha et bevisst forhold til hvilke passord du bruker - n som alltid.

Er du i tvil, spr de tjenesteleverandrer du bruker, og hr p hva slags eventuelle beskjeder du fr fra dem.

NSM NorCERT er ikke kjent med at denne srbarheten utnyttes "in-the-wild", men dette kan ikke utelukkes. Se veileder fra Difi for hvordan offentlige virksomheter kan gjre egne vurderinger og hndtere srbarheten. Se informasjon fra NorSIS om srbarheten. Se fire effektive tiltak mot dataangrep fra NSM. Mer informasjon om Heartbleed, hvordan feilen fungerer og kan stoppes, samt en omfattende liste med Sprsml og svar finnes p heartbleed.com. Her anbefales det revokere nkler forbundet med servere med OpenSSL installert.

Factsheet Heartbleed: Ernstige kwetsbaarheid in OpenSSL


Laat st e wi j zi gi ng : 11042014 Eer st e publ i cat i e: 08042014 Ver si e: 1. 1 Type: Fact sheet
Op 7 april 2014 is de Heartbleed-kwetsbaarheid gepubliceerd. Dit is een kwetsbaarheid in programmeerbibliotheek OpenSSL. Een aanvaller kan geheime sleutels en certificaten achterhalen van een kwetsbare server of ander apparaat. Ook andere gevoelige informatie zoals wachtwoorden en klantgegevens kan worden achterhaald. Met de geheime sleutels van certificaten kan de aanvaller informatie achterhalen uit versleutelde verbindingen die worden gebruikt voor bijvoorbeeld websites, e-mail en VPN.

Deze ernstige kwetsbaarheid kan worden weggenomen door de server of het andere apparaat te upgraden naar een versie van OpenSSL die niet kwetsbaar is. Daarnaast is het raadzaam certificaten en de bijbehorende geheime sleutels te vervangen als deze op een kwetsbare server of ander apparaat gebruikt zijn. Versie 1.1 - update - Niet alleen servers, ook andere apparaten die OpenSSL gebruiken zijn kwetsbaar. - Een aanval is alleen te zien in het netwerkverkeer, niet in de serverlogs. - Het 'rekeyen' van certificaten is een goed en mogelijk goedkoper alternatief voor het aanschaffen van nieuwe certificaten.

Download

FactsheetHeartbleed:ErnstigekwetsbaarheidinOpenSSL
PDF, klik op de titel om te openen | 276,08 kB

OpenSSL Vulnerability
Number: AV14-017 Date: 8 April 2014

Purpose
The purpose of this advisory is to bring attention to a vulnerability in OpenSSL which can be used to expose private data to an attacker.

Assessment
CCIRC is aware of a vulnerability in OpenSSL that could expose private data to a remote, unauthenticated attacker through an incorrect memory handling function in the TLS heartbeat extension. This could allow a remote attacker to decrypt secure traffic and expose credentials and secret keys. OpenSSL is a popular application commonly used in web browsing, emails and instant messaging to provide security and privacy. CVE Reference: CVE-2014-0160 CVSS Score: 9.4

Affected versions: OpenSSL versions 1.0.1 through 1.0.1f

Suggested action
CCIRC recommends that system administrators test and deploy the vendor released updates to affected platforms accordingly. For clients unable to immediately upgrade can consider disabling OpenSSL Heartbeat support.

References
OpenSSL news: http://www.openssl.org/news/secadv_20140407.txt OpenSSL version 1.0.1g: http://www.openssl.org/source/ Affected platforms and patch availability: http://www.kb.cert.org/vuls/id/720951 Heartbleed: http://heartbleed.com/

Note to Readers
The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident. For general information, please contact Public Safety Canada's Public Affairs division at: Telephone: 613-944-4875 or 1-800-830-3118 Fax: 613-998-9589 E-mail: communications@ps-sp.gc.ca Date modified 2014-04-08

J s esat e i a:Pr adi a / Dokum ent ai/ Hear t bl eed OpenSSL paei di am um as

Heartbleed OpenSSL paeidiamumas


sukur t a Pat r i kas Kugr i nas Paskut i ni st ai sym as 20140409 14: 46 Kr i t i ni s OpenSSL paei di am um as,l ei di ant i s si l au l i uibe j oki pr i vi l egi j skai t yt iat mi nt i es t ur i n .Rekom enduoj am a kuo gr ei i au at si nauj i nt i vi sus,paei di am as OpenSSL ver si j as naudoj an i us,ser ver i us i rj pr i va i us r akt us.
"Heartbleed bug" - tai naujai rastas kritinis populiarios OpenSSL bibliotekos paeidiamumas. i biblioteka paprastai naudojama WWW, IM (greitj inui), pato ir VPN serveriuose. Heartbleed paeidiamumas leidia silauliui be joki teisi nuskaityti veikianios programos privaios atminties blokus, kuriuose galimai figruoja slapti SSL raktai, prisijungim vardai/slaptaodiai ar kita slapta informacija. Paeidiami ne tik serveriai, bet ir klientai. io paeidiamumo inaudojimas nra pastebimas sisteminiuose urnaluose. Paeidiamos OpenSSL versijos: 1.0.1 ir 1.0.2-beta, skaitant ir 1.0.1f bei 1.0.2-beta1. i versij savininkams rekomenduojama kuo greiiau atsinaujinti 1.0.1g (atnaujinimai jau oficialiai pasiekiami populiariems Linux/BSD variantams), neturint galimybs rekomenduojama perkompiliuoti OpenSSL bibliotek ijungiant paeidiam heartbeat pltin naudojant vliavl: DOPENSSL_NO_HEARTBEATS. Kitas ingsnis yra naujo rakto generavimas ir sertifikato atnaujinimas, kas ypa galioja vieai prieinamoms paslaugoms. Prie tai naudojamas slaptas raktas galjo bti nugvelbtas be joki poymi, todl dabar turt bti skaitomas nesaugiu. Padarius tai reikia nepamirti ir seno sertifikato ataukimo/panaikinimo, kad js paslaugos tapatyb negalt bti sukompromituota ateityje (pvz. tarp silauli populiariais phishing metodais). Priklausomai nuo paslaugos tipo gali nukentti ir kita slapta informacija, pvz. tam tikrais Web serveri konfigracijos atvejais egzistuoja praneimai ir apie HTTP uklaus su vartotoj vardais, slaptaodiais bei sesij identifikatoriais nutekjim.

Paeidiamoperacinisistemsraas
o o o o o o o o

Debi an W heezy ( st abl e) ,OpenSSL 1. 0. 1e2+deb7u4 Ubunt u 12. 04. 4 LTS,OpenSSL 1. 0. 14ubunt u5. 11 Cent OS 6. 5,OpenSSL 1. 0. 1e15 Fedor a 18,OpenSSL 1. 0. 1e4 OpenBSD 5. 3( OpenSSL 1. 0. 1c 10 M ay 2012)and 5. 4( OpenSSL 1. 0. 1c 10 M ay 2012) Fr eeBSD 10. 0 -OpenSSL 1. 0. 1e 11 Feb 2013 Net BSD 5. 0. 2( OpenSSL 1. 0. 1e) OpenSUSE 12. 2( OpenSSL 1. 0. 1c)

Kaippasitikrinti
Kaip jau minta paeidiamos OpenSSL versijos yra 1.0.1 ir 1.0.2-beta, skaitant ir 1.0.1f bei 1.0.2-beta1. Senesns ir naujesns akos nra paeidiamos. Pasitikrinti OpenSSL versij galima "openssl" komanda, pvz:
-user@host (~) $ openssl version OpenSSL 1.0.1c 10 May 2012

1. 0. 1c ver si j a yr a nesaugi ,nes j iyr a ankst esn neivi r uj em i n t a 1. 0. 1f , t od lpasl augos,naudoj an i os i bi bl i ot ek ,yr a paei di am os. OpenSSL paket pat i kr i ni m ui ,pr i kl ausom ainuo oper aci n s si st em os,gal i b t inaudoj am os t oki os kom andos ( Red Hati rDebi an t i po paket si st em om s) :
rpm -q openssl dpkg-query -W openssl

Patikrinti vieai prieinam paslaug taip pat galite naudodami puslap: http://filippo.io/Heartbleed/

Sistemosatnaujinimas
Dauguma populiari operacini sistem jau ileido OpenSSL pataisas, todl rekomenduojama atsinaujinti standartiniais bdais. Po sistemos atnaujinimo reikt:

1. Darkar t a pat i kr i nt iOpenSSL ver si ji r si t i ki nt i ,kad vi skas vyko skl andi ai . 2. Per l ei st ivi sas OpenSSL naudoj an i as pasl augas,kad b t pr ad t a naudot i nauj a bi bl i ot ekos ver si j a( senoj ipo at nauj i ni m o dargal il i kt iat mi nt yj e) . Papr as i ausi as b das b t t i esi og per kr aut ioper aci n si st em . 3. ver t i nus gal i m aiat skl ei st duom en r i zi k i nauj o susi gener uot i pr i va i us r akt us beiser t i f i kat us,o senus at aukt i /panai ki nt i ,kai p buvo mi n t a vi r uj e.

Nuorodos
http://heartbleed.com/ - originalus altinis https://www.openssl.org/news/secadv_20140407.txt - OpenSSL praneimas http://www.ubuntu.com/usn/usn-2165-1/ - Ubuntu praneimas

http://www.kb.cert.org/vuls/id/720951 - cert.org apraymas

MA0382.042014: MyCERT Alert: OpenSSL Heartbleed Information Disclosure Vulnerability


Date Published: 8 April 2014 First Revision: 9 April 2014 1.0 Introduction MyCERT received information from valid sources regarding a vulnerability that exist on OpenSSL Versions 1.0.1 through 1.0.1f that could disclose sensitive information belonging to users to an attacker. The vulnerability allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. There is a possibility that this may compromise the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users. 2.0 Impact The impact of this vulnerability is a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By using the sensitive information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL. 3.0 Recommendation MyCERT has provided a tool to assist system administrators checking whether their HTTPS websites affected by this vulnerability.

http://heartbleed.honeynet.org.my

If your version of OpenSSL is affected by this vulnerability, you may refer to the below recommendations: 3.1 Apply an update This vulnerability issue is addressed in OpenSSL 1.0.1g. User may contact their respective software vendor to check for availability of updates.

3.2 Disable OpenSSL heartbeat support Another recommendation is to recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the chanages to take effect. End users may contact their respective software vendor to recompile the OpenSSL. MyCERT generally advise users of this product to keep themselves updated with the latest security announcements by the vendor. If users have any enquiries on this matter, please reach us through the following channels: E-mail : cyber999@cybersecurity.my Phone : 1-300-88-2999 (monitored during business hours) Fax : +603 89453442 Handphone : +60 19 2665850 (24x7 on call incident reporting) SMS : CYBER999 REPORT to 15888 Business Hours : Mon - Fri 09:00 -18:00 MYT Web: http://www.mycert.org.my 4.0 Reference

http://heartbleed.com/ http://www.kb.cert.org/vuls/id/720951 https://www.openssl.org/news/secadv_20140407.txt

Boletin de Seguridad UNAM-CERT-2014-004 Vulnerabilidad Heartbleed en OpenSSL


Una vulnerabilidad en OpenSSL podra permitir la exposicin de datos sensibles, incluyendo credenciales de usuario y llaves privadas, debido a un manejo inadecuado de memoria en la extensin heartbeat de TLS.

Fecha de Li ber aci n:9Abr 2014 Ul t i m a Revi si n:9Abr 2014 Fuent e: Ri esgo Cr t i co Pr obl em a de Vul ner abi l i dad Rem ot o Ti po de Vul ner abi l i dad Val i daci n i napr opi ada SistemasAfectados O 1. 0.

penSSL O penSSL

1 1. 0. 1f

O 1. 0. penSSL = 2bet a 1. Descripcin


Las versiones 1.0.1 a 1.0.1f de OpenSSL tienen una falla en su implementacin de la funcionalidad heartbeat de TLS/DTLS, la cual permite a un atacante tener acceso a la memoria privada de alguna aplicacin que utilice la biblioteca vulnerable de OpenSSL en bloques de 64k. El atacante podra utilizar la vulnerabilidad tantas veces como fuera necesario para obtener informacin sensible, entre la que podra incluirse:
o o o

Ll aves pr i vadas Nom br es de usuar i o y cont r aseas Ot r os dat os sensi bl es ut i l i zados en l os ser vi ci os que ut i l i cen l a bi bl i ot eca vul ner abl e de OpenSSL

Es importante tener en cuenta que OpenSSL se utiliza en diversos servicios como mecanismo para cifrar el medio de comunicacin, por ejemplo:
o o o o

W eb ( ht t ps) Cor r eo el ect r ni co ( i m aps,pops,sm t ps) Ser vi ci os de di r ect or i o( l daps) Redes Pr i vadas Vi r t ual es ( VPN)

Existe cdigo disponible pblicamente para explotar esta vulnerabilidad.

2. Impacto
Esta falla permite a un atacante acceder desde un sitio remoto a memoria privada de una aplicacin que utiliza la biblioteca OpenSSL vulnerable en bloques de 64k.

3. Solucin

Act ual i zara l a ver si n OpenSSL 1. 0. 1g que cor r i ge est e vul ner abi l i dad.Todas l as l l aves gener adas con una ver si n vul ner abl e de OpenSSL deber an consi der ar se com pr om et i das,por

l o que deber an sergener adas e i nst al adas nuevam ent e,una vez que elpar che haya si do apl i cado. o Recom pi l arl os bi nar i os y bi bl i ot ecas de OpenSSL con l a opci n DOPENSSL_NO_HEARTBEATS par a no i ncl ui rl af unci onal i dad af ect ada. o Se r ecom i enda consi der arl ai m pl em ent aci n de Per f ectFor war d Secr ecy par am i t i gareldao que podr a pr ovocarl ar evel aci n de l l aves pr i vadas. 4. Verificacin
Para identificar si un sitio es vulnerable, pueden utilizarse las siguientes herramientas:
o o

ht t p: //hear t bl eed. f i l i ppo. i o/ -W eb ht t p: //f oxi t secur i t y. f i l es. wor dpr ess. com /2014/04/f ox_hear t bl eed t est . zi p -L nea de com andos

5. Referencias

o o o o

The Hear t bl eed Bug -ht t p: //hear t bl eed. com / OpenSSL Secur i t y Advi sor yht t ps: //www. openssl . or g/news/secadv_20140407. t xt USCERT OpenSSL ' Hear t bl eed'vul ner abi l i t y -ht t p: //www. uscer t . gov/ncas/al er t s/TA14098A RFC2409 Sect i on 8 Per f ectFor war d Secr ecy ht t p: //t ool s. i et f . or g/ht ml /r f c2409#sect i on8

La Subdireccin de Seguridad de la Informacin/UNAM-CERT agradece el apoyo en la elaboracin traduccin y revisin de ste Documento a:

Ruben Aqui no Luna ( r aqui no atsegur i dad dotunam dotm x)

UNAM-CERT Equipo de Respuesta a Incidentes UNAM Subdireccin de Seguridad de la Informacin incidentes at seguridad.unam.mx phishing at seguridad.unam.mx http://www.cert.org.mx http://www.seguridad.unam.mx

ftp://ftp.seguridad.unam.mx Tel: 56 22 81 69 Fax: 56 22 80 47

[SingCERT] OpenSSL Heartbleed Bug


Published on Wednesday, 09 April 2014 13:05 [ Background ] A serious bug has been discovered in OpenSSL, a cryptographic software library. A bug was discovered in OpenSSL which could lead to unauthorised access to confidential data. Some examples of information that could be stolen include secret keys for the X.509 certificates, usernames and passwords. [ Affected Software ]

All versions of OpenSSL 1.0.1 prior to 1.0.1g All versions of OpenSSL 1.0.2-beta prior to 1.0.2-beta2

[ Recommendations ] For Website Owners Upgrade OpenSSL to to OpenSSL 1.0.1g (for websites using OpenSSL 1.0.1) or OpenSSL 1.0.2beta2 (for websites using OpenSSL 1.0.2-beta) immediately. If upgrading OpenSSL is not possible, website owners are to recompile OpenSSL using DOPENSSL_NO_HEARTBEATS switch. Website owners should also check with their IDS/IPS vendors if signatures are available to detect/block such attacks. For End Users Users are advised to heed the instructions of your service providers (e.g. email) or ISPs if contacted to take precautionary or remediation actions.

[ References ]

https://www.openssl.org/news/secadv_20140407.txt http://heartbleed.com/ http://techcrunch.com/2014/04/07/massive-security-bug-in-openssl-could-effect-a-hugechunk-of-the-internet/