The Heartbleed Hit List

  • Published on
    17-Oct-2015

  • View
    304

  • Download
    0

DESCRIPTION

In case you've been astroprojecting for the last week, here is some information about the worst threat to the internet since the US copyright and patent trolls launched their assault on the web.

Transcript

  • The Heartbleed Hit List: The Passwords You Need to Change Right Now

    Official txt file from http://www.openssl.org/news/secadv_20140407.txt: \OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2.

    Share on Facebook Share on Twitter What's This?

  • It's time to update your passwords to various sites affected by the Heartbleed bug. Image: Mashable composite. iStockphoto, SoberP

    By Mashable Team2 days ago

    An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services ones you might use every day, like Gmail and Facebook and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

    But it hasn't always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We've rounded up their responses below.

    See also: How to Protect Yourself From the Heartbleed Bug

    Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.

    Although changing your password regularly is always good practice, if a site or service hasn't yet patched the problem, your information will still be vulnerable.

    Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you'll need to change the password everywhere. It's not a good idea to use the same password across multiple sites, anyway.

    We'll keep updating the list as new information comes in. Last update: April 11, 6:14 p.m. ET

    Social Networks

  • Was it

    affected? Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    Facebook Unclear Yes Yes Yes

    "We added protections for Facebooks implementation of OpenSSL before this issue was publicly disclosed. We havent detected any signs of suspicious account activity, but we encourage people to ... set up a unique password."

    Instagram Yes Yes Yes Yes

    "Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed. But because this event impacted many services across the web, we recommend you update your password on Instagram and other sites, particularly if you use the same password on multiple sites.

    LinkedIn No No No "We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties."

    Pinterest Yes Yes Yes Yes "We fixed the issue on Pinterest.com, and didnt find any evidence of mischief. To be extra careful, we e-mailed Pinners who may have been impacted, and encouraged them to change their passwords."

    Tumblr Yes Yes Yes Yes "We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue."

    Twitter No Yes Unclear

    Twitter wrote that OpenSSL "is widely used across the internet and at Twitter. We were able to determine that [our] servers were not affected by this vulnerability. We are continuing to monitor the situation." While reiterating that they were unaffected, Twitter told Mashable that they did apply a patch.

    Other Companies

    Was it

    affected? Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    Apple No No No "iOS and OS X never incorporated the vulnerable software and key web-based services were not affected."

    Amazon No No No "Amazon.com is not affected."

    Google Yes Yes Yes Yes* We have assessed the SSL vulnerability and applied

  • Was it

    affected? Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    patches to key Google services. Search, Gmail, YouTube, Wallet, Play, Apps and App Engine were affected; Google Chrome and Chrome OS were not. *Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry.

    Microsoft No No No Microsoft services were not running OpenSSL, according to LastPass.

    Yahoo Yes Yes Yes Yes

    "As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now." Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr were patched. More patches to come, Yahoo says.

    Email

    Was it

    affected? Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    AOL No No No AOL told Mashable it was not running the vulnerable version of the software.

    Gmail Yes Yes Yes Yes*

    We have assessed the SSL vulnerability and applied patches to key Google services. *Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry.

    Hotmail / Outlook No No No Microsoft services were not running OpenSSL, according to LastPass.

    Yahoo Mail Yes Yes Yes Yes "As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now."

    Stores and Commerce

  • Was it

    affected?Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    Amazon No No No "Amazon.com is not affected."

    Amazon Web Services (for website operators) Yes Yes Yes Yes

    Most services were unaffected or Amazon was already able to apply mitigations (see advisory note here). Elastic Load Balancing, Amazon EC2, Amazon Linux AMI, Red Hat Enterprise Linux, Ubuntu, AWS OpsWorks, AWS Elastic Beanstalk and Amazon CloudFront were patched.

    eBay No No No

    "eBay.com was never vulnerable to this bug because we were never running a vulnerable version of OpenSSL."

    Etsy Yes* Yes Yes Yes

    Etsy said that only a small part of its infrastructure was vulnerable, and they have patched it.

    GoDaddy Yes Yes Yes Yes "Weve been updating GoDaddy

  • Was it

    affected?Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    services that use the affected OpenSSL version." Full Statement

    Groupon No No No

    "Groupon.com does not utilize a version of the OpenSSL library that is susceptible to the Heartbleed bug."

    Nordstrom No No No "Nordstrom websites do not use OpenSSL encryption."

    PayPal No No No

    "Your PayPal account details were not exposed in the past and remain secure." Full Statement

    Target No No No

    "[We] launched a comprehensive review of all external facing aspects of Target.com... and do not currently believe that any external-facing aspects of our sites are impacted by the OpenSSL vulnerability."

    Walmart No No No "We do not use that technology so we have not

  • Was it

    affected?Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    been impacted by this particular breach."

    Videos, Photos, Games & Entertainment

    Was it

    affected? Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    Flickr Yes Yes Yes Yes "As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now."

    Hulu No No No No comment provided.

    Minecraft Yes Yes Yes Yes "We were forced to temporary suspend all of our services. ... The exploit has been fixed. We can not guarantee that your information wasn't compromised." More Information

    Netflix Yes Yes Yes Yes

    "Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact. Its a good practice to change passwords from time to time, now would be a good time to think about doing so. "

    SoundCloud Yes Yes Yes Yes SoundCloud emphasized that there were no indications of any foul play and that the company's actions were simply precautionary.

    YouTube Yes Yes Yes Yes*

    We have assessed the SSL vulnerability and applied patches to key Google services. *Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry.

    Banks and Brokerages All the banks we contacted (see below) said they were unaffected by Heartbleed, but U.S. regulators have warned banks to patch their systems.

  • Was it

    affected? Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    Bank of America No No No "A majority of our platforms do NOT use OpenSSL, and the ones that do, we have confirmed no vulnerabilities."

    Barclays No No No No comment provided.

    Capital One No No No "Capital One uses a version of encryption that is not vulnerable to Heartbleed."

    Chase No No No "These sites dont use the encryption software that is vulnerable to the Heartbleed bug."

    Citigroup No No No Citigroup does not use Open SSL in "customer-facing retail banking and credit card sites and mobile apps"

    E*Trade No No No E*Trade is still investigating.

    Fidelity No No No "We have multiple layers of security in place to protect our customer sites and services."

    PNC No No No "We have tested our online and mobile banking systems and confirmed that they are not vulnerable to the Heartbleed bug."

    Schwab No No No "Efforts to date have not detected this vulnerability on Schwab.com or any of our online channels."

    Scottrade No No No "Scottrade does not use the affected version of OpenSSL on any of our client-facing platforms."

    TD Ameritrade No No No TD Ameritrade "doesn't use the versions of openSSL that were vulnerable."

    TD Bank No No No "We're currently taking precautions and steps to protect customer data from this threat and have no reason to believe any customer data has been compromised in the past."

    T. Rowe Price No No No "The T. Rowe Price websites are not vulnerable to the Heartbleed SSL bug nor were they vulnerable in the past."

    U.S. Bank No No No "We do not use OpenSSL for customer-facing, Internet banking channels, so U.S. Bank customer data is NOT at risk."

    Vanguard No No No "We are not using, and have not used, the vulnerable version of OpenSSL." Wells Fargo No No No No reason provided.

    Government and Taxes

  • Was it

    affected? Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    1040.com No No No "We're not vulnerable to the Heartbleed bug, as we do not use OpenSSL."

    FileYour Taxes.com No No No "We continuously patch our servers to keep them updated. However, the version we use was not affected by the issue, so no action was taken."

    H&R Block No No No "We are reviewing our systems and currently have found no risk to client data from this issue."

    Healthcare .gov No No No "Healthcare.gov consumer accounts are not affected by this vulnerability."

    Intuit (TurboTax) No No No

    Turbotax wrote that "engineers have verified TurboTax is not affected by Heartbleed." The company has issued new certificates anyway, and said it's not "proactively advising" users to change their passwords.

    IRS No No No

    "The IRS continues to accept tax returns as normal ... and systems continue operating and are not affected by this bug. We are not aware of any security vulnerabilities related to this situation."

    TaxACT No No No "Customers can update their passwords at any time, although we are not proactively advising them to do so at this time."

    USAA Yes Yes Yes Yes USAA said that it has "already taken measures to help prevent a data breach and implemented a patch earlier this week."

    Other

    Was it

    affected?Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    Box Yes Yes Yes Yes

    "We're currently working with our customers to proactively reset passwords and are

  • Was it

    affected?Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    also reissuing new SSL certificates for added protection."

    Dropbox Yes Yes Yes Yes

    On Twitter: "Weve patched all of our user-facing services & will continue to work to make sure your stuff is always safe."

    Evernote No No No

    "Evernote's service, Evernote apps, and Evernote websites ... all use non-OpenSSL implementations of SSL/TLS to encrypt network communications." Full Statement

    GitHub Yes Yes Yes Yes

    GitHub said it has patched all its systems, deployed new SSL certificates and revoked old ones. GitHub is asking all users to change password, enable two-factor authentication and "revoke and recreate personal access and application tokens."

    IFTTT Yes Yes Yes Yes

    IFTTT emailed all its users and logged them out, prompting them to change their

  • Was it

    affected?Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    password on the site.

    OKCupid Yes Yes Yes Yes

    "We, like most of the Internet, were stunned that such a serious bug has existed for so long and was so widespread."

    Spark Networks (JDate, Christian Mingle) No No No Sites do not use OpenSSL.

    SpiderOak Yes Yes No

    Spideroak said it patched its servers, but the desktop client doesn't use a vulnerable version of OpenSSL, so "customers do not need to take any special action."

    Wordpress Unclear Unclear Unclear

    Wordpress tweeted that it has taken "immediate steps" and "addressed the Heartbleed OpenSSL exploit," but it's unclear if the issue is completely solder. When someone asked Matt Mullenweg, WordPress' founding developer, when the site's SSL certificates will be replaced and when users will be able to reset

  • Was it

    affected?Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    passwords, he simply answered: "soon."

    Wunderlist Yes Yes Yes Yes

    "Youll have to simply log back into Wunderlist. We also strongly recommend that you reset your password for Wunderlist." Full Statement

    Password Managers

    Was it

    affected? Is there a

    patch?

    Do you need to change your

    password?

    What did they say?

    1Password No No No 1Password said in a blog post that its technology "is not built upon SSL/TLS in general, and not upon OpenSSL in particular." So users don't need to change their master password.

    Dashlane Yes Yes No

    Dashlane said in a blog post users' accounts were not impacted and the master password is safe as it is never transmitted. The site does use OpenSSL when syncing data with its servers but Dashlane said it has patched the bug, issued new SSL certificates and revoked previous ones.

    LastPass Yes Yes No

    "Though LastPass employs OpenSSL, we have multiple layers of encryption to protect our users and never have access to those encryption keys." Users don't need to change their master passwords because they're never sent to the server. But passwords for other sites stored in LastPass might need to be changed.

    Reporters who contributed to this story include Samantha Murphy Kelly, Lorenzo Francheschi-Bicchierai, Seth Fiegerman, Adario Strange and Kurt Wagner.

  • What other sites are you concerned about? Let us know in the comments.

    BONUS: What Is the Heartbleed Bug?

    Topics: Apps and Software, banks, Facebook, Heartbleed Bug, Mashable Must Reads, Mobile, security, Tech, Twitter, U.S., World, Yahoo

  • The Heartbleed Bug

    The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

    The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

    Whatleaksinpractice?

    We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

  • Howtostoptheleak?

    As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

    Q&A

    WhatistheCVE20140160?

    CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently went public with the CVE-2014-0160 identifier.

    WhyitiscalledtheHeartbleedBug?

    Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.

    WhatmakestheHeartbleedBugunique?

    Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

    IsthisadesignflawinSSL/TLSprotocolspecification?

    No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.

    Whatisbeingleaked?

    Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material, 2) secondary key material and 3) protected content and 4) collateral.

  • Whatisleakedprimarykeymaterialandhowtorecover?

    These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.

    Whatisleakedsecondarykeymaterialandhowtorecover?

    These are for example the user credentials (user names and passwords) used in the vulnerable services. Recovery from this leaks requires owners of the service first to restore trust to the service according to steps described above. After this users can start changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised. All session keys and session cookies should be invalided and considered compromised.

    Whatisleakedprotectedcontentandhowtorecover?

    This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly. Most important thing is to restore trust to the primary and secondary key material as described above. Only this enables safe use of the compromised services in the future.

    Whatisleakedcollateralandhowtorecover?

    Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.

    Recoverysoundslaborious,isthereashortcut?

    After seeing what we saw by "attacking" ourselves, with ease, we decided to take this very seriously. We have gone laboriously through patching our own critical services and are in progress of dealing with possible compromise of our primary and secondary key material. All this just in case we were not first ones to discover this and this could have been exploited in the wild already.

  • Howrevocationandreissuingofcertificatesworksinpractice?

    If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.

    AmIaffectedbythebug?

    You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.

    Howwidespreadisthis?

    Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft's April 2014 Web Server Survey. Furthermore OpenSSL is used to protect for example email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most. Furthermore OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.

    WhatversionsoftheOpenSSLareaffected?

    Status of different versions:

    OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable

    Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

  • HowcommonarethevulnerableOpenSSLversions?

    The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).

    Howaboutoperatingsystems?

    Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

    Debian W heezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 M ay 2012) and 5.4 (OpenSSL 1.0.1c 10

    M ay 2012) FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013 NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c)

    Operating system distribution with versions that are not vulnerable:

    Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14 SUSE Linux Enterprise Server FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013 FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013 FreeBSD 10.0p1 - OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC) FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)

    HowcanOpenSSLbefixed?

    Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so latest fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.

    Shouldheartbeatberemovedtoaidindetectionofvulnerableservices?

    Recovery from this bug could benefit if the new version of the OpenSSL would both fix the bug and disable heartbeat temporarily until some future version. It appears that majority if not almost

  • all TLS implementations that respond to the heartbeat request today are vulnerable versions of OpenSSL. If only vulnerable versions of OpenSSL would continue to respond to the heartbeat for next few months then large scale coordinated response to reach owners of vulnerable services would become more feasible.

    CanIdetectifsomeonehasexploitedthisagainstme?

    Exploitation of this bug leaves no traces of anything abnormal happening to the logs.

    CanIDS/IPSdetectorblockthisattack?

    Although the content of the heartbeat request is encrypted it has its own record type in the protocol. This should allow intrusion detection and prevention systems (IDS/IPS) to be trained to detect use of the heartbeat request. Due to encryption differentiating between legitimate use and attack can not be based on the content of the request, but the attack may be detected by comparing the size of the request against the size of the reply. This seems to imply that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.

    Hasthisbeenabusedinthewild?

    We don't know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.

    Canattackeraccessonly64kofthememory?

    There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.

    IsthisaMITMbuglikeApple'sgotofailbugwas?

    No this doesn't require a man in the middle attack (MITM). Attacker can directly contact the vulnerable service or attack any user connecting to a malicious service. However in addition to direct threat the theft of the key material allows man in the middle attackers to impersonate compromised services.

    DoesTLSclientcertificateauthenticationmitigatethis?

    No, heartbeat request can be sent and is replied to during the handshake phase of the protocol. This occurs prior to client certificate authentication.

  • DoesOpenSSL'sFIPSmodemitigatethis?

    No, OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable heartbeat functionality.

    DoesPerfectForwardSecrecy(PFS)mitigatethis?

    Use of Perfect Forward Secrecy (PFS), which is unfortunately rare but powerful, should protect past communications from retrospective decryption. Please see https://twitter.com/ivanristic/status/453280081897467905 how leaked tickets may affect this.

    CanheartbeatextensionbedisabledduringtheTLShandshake?

    No, vulnerable heartbeat extension code is activated regardless of the results of the handshake phase negotiations. Only way to protect yourself is to upgrade to fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the code.

    WhofoundtheHeartbleedBug?

    This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.

    WhatistheDefensicsSafeGuard?

    The SafeGuard feature of the Codenomicon's Defensics security testtools automatically tests the target system for weaknesses that compromise the integrity, privacy or safety. The SafeGuard is systematic solution to expose failed cryptographic certificate checks, privacy leaks or authentication bypass weaknesses that have exposed the Internet users to man in the middle attacks and eavesdropping. In addition to the Heartbleed bug the new Defensics TLS Safeguard feature can detect for instance the exploitable security flaw in widely used GnuTLS open source software implementing SSL/TLS functionality and the "goto fail;" bug in Apple's TLS/SSL implementation that was patched in February 2014.

    Whocoordinatesresponsetothisvulnerability?

    NCSC-FI took up the task of reaching out to the authors of OpenSSL, software, operating system and appliance vendors, which were potentially affected. However, this vulnerability was found and details released independently by others before this work was completed. Vendors should be notifying their users and service providers. Internet service providers should be notifying their end users where and when potential action is required.

  • Isthereabrightsidetoallthis?

    For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.

    Wheretofindmoreinformation?

    This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt. NCSC-FI published an advisory at https://www.cert.fi/en/reports/2014/vulnerability788210.html. Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.

    References

    CVE-2014-0160 NCSC-FI case# 788210 OpenSSL Security Advisory (published 7th of April 2014, ~17:30 UTC) CloudFlare: Staying ahead of OpenSSL vulnerabilities (published 7th of April 2014,

    ~18:00 UTC) heartbleed.com (published 7th of April 2014, ~19:00 UTC) Ubuntu / Security Notice USN-2165-1 FreshPorts / openssl 1.0.1_10 Tor Project / OpenSSL bug CVE-2014-0160 RedHat / RHSA-2014:0376-1 CentOS / CESA-2014:0376 Fedora / Status on CVE-2014-0160 CERT/CC (USA) NCSC-FI (Finland) CERT.at (Austria) CIRCL (Luxem bourg) CERT-FR (France) JPCERT/CC (Japan) CERT-SE (Sweden) NorCERT (Norway) NCSC-NL (Netherlands) CNCERT/CC (People's Republic of China) Public Safety Canada LITNET CERT (Lithuania) M yCERT (M alaysia) UNAM -CERT (M exico)

  • SingCERT (Singapore) Q-CERT (Qatar)

    OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2.

    Staying ahead of OpenSSL vulnerabilities Published on April 07, 2014 11:00AM by Nick Sullivan. inShare190

    Today a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160). We fixed this vulnerability

  • last week before it was made public. All sites that use CloudFlare for SSL have received this fix and are automatically protected.

    OpenSSL is the core cryptographic library CloudFlare uses for SSL/TLS connections. If your site is on CloudFlare, every connection made to the HTTPS version of your site goes through this library. As one of the largest deployments of OpenSSL on the Internet today, CloudFlare has a responsibility to be vigilant about fixing these types of bugs before they go public and attackers start exploiting them and putting our customers at risk.

    We encourage everyone else running a server that uses OpenSSL to upgrade to version 1.0.1g to be protected from this vulnerability. For previous versions of OpenSSL, re-compiling with the OPENSSL_NO_HEARTBEATS flag enabled will protect against this vulnerability. OpenSSL 1.0.2 will be fixed in 1.0.2-beta2.

    This bug fix is a successful example of what is called responsible disclosure. Instead of disclosing the vulnerability to the public right away, the people notified of the problem tracked down the appropriate stakeholders and gave them a chance to fix the vulnerability before it went public. This model helps keep the Internet safe. A big thank you goes out to our partners for disclosing this vulnerability to us in a safe, transparent, and responsible manner. We will announce more about our responsible disclosure policy shortly.

    Just another friendly reminder that CloudFlare is on top of things and making sure your sites stay as safe as possible.

    USN-2165-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-2165-1 7th April, 2014

    opensslvulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 LTS

    Summary

    OpenSSL could be made to expose sensitive information over the network, possibly including private keys.

  • Softwaredescription

    openssl - Secure Socket Layer (SSL) cryptographic library and tools

    Details

    Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160)

    Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076)

    Updateinstructions

    The problem can be corrected by updating your system to the following package version:

    Ubuntu 13.10:

    libssl1.0.0 1.0.1e-3ubuntu1.2

    Ubuntu 12.10:

    libssl1.0.0 1.0.1c-3ubuntu2.7

    Ubuntu 12.04 LTS:

    libssl1.0.0 1.0.1-4ubuntu5.12

    To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them.

    References

    CVE-2014-0076, CVE-2014-0160

  • http://www.freshports.org/security/openssl/ ... m ultiple pages ...

    OpenSSL bug CVE-2014-0160 Posted April 7th, 2014 by arma in

    openssl security advisory

    A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which can be used to reveal memory to a connected client or server.

    If you're using an older OpenSSL version, you're safe.

    Note that this bug affects way more programs than just Tor expect everybody who runs an https webserver to be scrambling today. If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.

    Here are our first thoughts on what Tor components are affected:

    1. Clients: The browser part of Tor Browser shouldn't be affected, since it uses libnss rather than openssl. But the Tor client part is: Tor clients could possibly be induced to send sensitive information like "what sites you visited in this session" to your entry guards. If you're using TBB we'll have new bundles out shortly; if you're using your operating system's Tor package you should get a new OpenSSL package and then be sure to manually restart your Tor.

    2. Relays and bridges: Tor relays and bridges could maybe be made to leak their medium-term onion keys (rotated once a week), or their long-term relay identity keys. An attacker who has your relay identity key can publish a new relay descriptor indicating that you're at a new location (not a particularly useful attack). An attacker who has your relay identity key, has your onion key, and can intercept traffic flows to your IP address can impersonate your relay (but remember that Tor's multi-hop design means that attacking just one relay in the client's path is not very useful). In any case, best practice would be to update your OpenSSL package, discard all the files in keys/ in your DataDirectory, and

  • restart your Tor to generate new keys. (You will need to update your MyFamily torrc lines if you run multiple relays.)

    3. Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays. Like the last big OpenSSL bug, this shouldn't allow an attacker to identify the location of the hidden service [edit: if it's your entry guard that extracted your key, they know where they got it from]. Also, an attacker who knows the hidden service identity key can impersonate the hidden service. Best practice would be to move to a new hidden-service address at your convenience.

    4. Directory authorities: In addition to the keys listed in the "relays and bridges" section above, Tor directory authorities might leak their medium-term authority signing keys. Once you've updated your OpenSSL package, you should generate a new signing key. Long-term directory authority identity keys are offline so should not be affected (whew). More tricky is that clients have your relay identity key hard-coded, so please don't rotate that yet. We'll see how this unfolds and try to think of a good solution there.

    5. Tails is still tracking Debian oldstable, so it should not be affected by this bug. 6. Orbot looks vulnerable; they have some new packages available for testing. 7. The webservers in the https://www.torproject.org/ rotation needed (and got) upgrades.

    Maybe we'll need to throw away our torproject SSL web cert and get a new one too.

    arma's blog

    Important: openssl security update Advisory: RHSA-2014:0376-1

    Type: Security Advisory Severity: Important

    Issued on: 2014-04-08 Last updated on: 2014-04-08

    Affected Products: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server AUS (v. 6.5)Red Hat Enterprise Linux Server EUS (v. 6.5.z)Red Hat Enterprise Linux Workstation (v. 6)

    CVEs (cve.mitre.org): CVE-2014-0160 Details Updated openssl packages that fix one security issue are now available for

    Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

  • OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

    Solution Before applying this update, make sure all previously released errata

    relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

    Updated packages

    Red Hat Enterprise Linux Desktop (v. 6)

    SRPMS:

    openssl-1.0.1e-16.el6_5.7.src.rpm

    MD5: bd8cd18d0d76eeca5d08781b5b6712b8SHA-256:

    dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2bc90d1

    IA-32:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d

  • b5b40

    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

    30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-perl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7806105fddd82ebb77421a0c16374ca4SHA-256:

    a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91eb353

    openssl-static-1.0.1e-16.el6_5.7.i686.rpm

    MD5: c1709822e20782dc8c503e04ee788df9SHA-256:

    4055110c07d6c18b5542e1dd0af53d501de96eae9317a4b8bec05e2c54eaedc6

    x86_64:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

    openssl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 6fcf4efe58746a7b25a7654982b0e3d2SHA-256:

    10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a4b0d2

    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

    30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

    openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 7f8eb8ea7db416e34afeaa6e7d10380aSHA-256:

    1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b32347891637a

    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b23db98a10a6e58ef4a829367496e9dcSHA-256:

    6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b12e9ee

  • openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 5c399d655138be5a4b5da773e3b1af6cSHA-256:

    da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f17cafc

    openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b8e2eb964b0b4f4d9fc6ea9676aba257SHA-256:

    82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d04f8e1

    Red Hat Enterprise Linux HPC Node (v. 6)

    SRPMS:

    openssl-1.0.1e-16.el6_5.7.src.rpm

    MD5: bd8cd18d0d76eeca5d08781b5b6712b8SHA-256:

    dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2bc90d1

    x86_64:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

    openssl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 6fcf4efe58746a7b25a7654982b0e3d2SHA-256:

    10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a4b0d2

    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

    30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

    openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 7f8eb8ea7db416e34afeaa6e7d10380aSHA-256:

    1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b32347891637a

    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b23db98a10a6e58ef4a829367496e9dcSHA-256:

    6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b1

  • 2e9ee

    openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 5c399d655138be5a4b5da773e3b1af6cSHA-256:

    da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f17cafc

    openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b8e2eb964b0b4f4d9fc6ea9676aba257SHA-256:

    82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d04f8e1

    Red Hat Enterprise Linux Server (v. 6)

    SRPMS:

    openssl-1.0.1e-16.el6_5.7.src.rpm

    MD5: bd8cd18d0d76eeca5d08781b5b6712b8SHA-256:

    dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2bc90d1

    IA-32:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

    30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-perl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7806105fddd82ebb77421a0c16374ca4SHA-256:

    a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91eb353

    openssl-static-1.0.1e-16.el6_5.7.i686.rpm

    MD5: c1709822e20782dc8c503e04ee788df9SHA-256:

    4055110c07d6c18b5542e1dd0af53d501de96eae9317a4b8bec05e2c54eaedc6

  • PPC:

    openssl-1.0.1e-16.el6_5.7.ppc.rpm

    MD5: 9551056f251da05b82149947bbd7e344SHA-256:

    6d2c3e4b013cf3342d90583003ebbe5d914fa2c7a4d918a62144d67f3000d72a

    openssl-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: 0004165d7fb96e29ac8c329ceabf206cSHA-256:

    888878deb04e6401f1cefb13574d338d1a6a0d6d0a4bd6a78b8a4602a9dba834

    openssl-debuginfo-1.0.1e-16.el6_5.7.ppc.rpm

    MD5: 0cd21f6343e2747c89d2fa718eeded54SHA-256:

    b1a9f23d57660fadc3c1a94b89cb15ae4a4ec07d77bd79b46ffa5cf1d39e5189

    openssl-debuginfo-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: 2cf3b892db2d9c8d4d6173f5346acbedSHA-256:

    e2efd8d8bc77a3cce6c99ff36f2b7d1575409c26484c9c532b448fc24d7ab69a

    openssl-devel-1.0.1e-16.el6_5.7.ppc.rpm

    MD5: cc24300338edb3ebd79b45c7ae25d5a8SHA-256:

    80081191dcd705b73c2fdec8c595ba67a0592fca3073fc13a337ed98de524526

    openssl-devel-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: dabd894e8c12d8099c5cd2600ec0dea4SHA-256:

    ebcb2520d935ac75dafbf775b9e8396a1b80fd7162076b98b68d33d8a815b0c5

    openssl-perl-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: 1f17c100afee814a07d9ab3f1c90f938SHA-256:

    f4f826e23f73c111716c3d6d7db0c62deb3144f02ac7632094b3bdcc68042c5b

    openssl-static-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: 7ee0ad9aec6b79d02d8238fa9cc2fe91SHA-256:

    73268cf53f8778fa6be668bd663739b7ac7adc499cb83c437947ebbb239f58bb

    s390x:

    openssl-1.0.1e-16.el6_5.7.s390.rpm

    MD5: ba5e1e1f5be9e2cccb0b3bc445b55ccbSHA-256:

    413bf4dbb9b49a69e2cd9dcae4a857f28dd9157ea05734728420860c4bad6555

    openssl-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: ae631cd74f8859e205c04012bf7f19eeSHA-256:

    ba01c34c8cb72a5b3f1912bb078432f78a3114cbbe74c4c0c46b795f118a7dfa

  • openssl-debuginfo-1.0.1e-16.el6_5.7.s390.rpm

    MD5: 5478d41f8af69e0c21468ff90d49f750SHA-256:

    1e9693397028bfca10fed84ba85a3981e835213adf75ab032ac05ef0798f3013

    openssl-debuginfo-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: 2a36a3495e5b933db6fa16cc89c43f98SHA-256:

    ad3cd9120e80eee4e72a97882e1241cb1f70c84bf867f055727d585c026f4cf8

    openssl-devel-1.0.1e-16.el6_5.7.s390.rpm

    MD5: 9a6237cb10297cb39334212839902b94SHA-256:

    5c89453fa1dbc9757b9e5f8576a7c0714bae3f9bea1ec72c9bf5996f39c6e680

    openssl-devel-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: 4ffd801bce5975aa66f84cfa8670b5ffSHA-256:

    18aca876de0b4240ca143cb25b4e62f382c91f0bd4de7b0237a7272e8b239e99

    openssl-perl-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: 5ef579945625921d123248623f9e16a5SHA-256:

    aa3ff1b08837eda40b16af1eb54e5334f3ab0cbf3e926230ed71efbd85b2a7bb

    openssl-static-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: e31ad0c92b9cf260e79b25c28cb6143bSHA-256:

    7f0a5f27786f7c2d375a805cf63bed410e5ea1df014f2cb89becde19adb596ba

    x86_64:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

    openssl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 6fcf4efe58746a7b25a7654982b0e3d2SHA-256:

    10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a4b0d2

    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

    30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

    openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 7f8eb8ea7db416e34afeaa6e7d10380aSHA-256:

    1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b32347891637a

  • openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b23db98a10a6e58ef4a829367496e9dcSHA-256:

    6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b12e9ee

    openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 5c399d655138be5a4b5da773e3b1af6cSHA-256:

    da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f17cafc

    openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b8e2eb964b0b4f4d9fc6ea9676aba257SHA-256:

    82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d04f8e1

    Red Hat Enterprise Linux Server AUS (v. 6.5)

    SRPMS:

    openssl-1.0.1e-16.el6_5.7.src.rpm

    MD5: bd8cd18d0d76eeca5d08781b5b6712b8SHA-256:

    dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2bc90d1

    x86_64:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

    openssl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 6fcf4efe58746a7b25a7654982b0e3d2SHA-256:

    10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a4b0d2

    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

    30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

    openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rp

    MD5: 7f8eb8ea7db416e34afeaa6e7d10380aSHA-256:

    1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b32347891637a

  • m

    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b23db98a10a6e58ef4a829367496e9dcSHA-256:

    6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b12e9ee

    openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 5c399d655138be5a4b5da773e3b1af6cSHA-256:

    da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f17cafc

    openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b8e2eb964b0b4f4d9fc6ea9676aba257SHA-256:

    82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d04f8e1

    Red Hat Enterprise Linux Server EUS (v. 6.5.z)

    SRPMS:

    openssl-1.0.1e-16.el6_5.7.src.rpm

    MD5: bd8cd18d0d76eeca5d08781b5b6712b8SHA-256:

    dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2bc90d1

    IA-32:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

    30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-perl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7806105fddd82ebb77421a0c16374ca4SHA-256:

  • a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91eb353

    openssl-static-1.0.1e-16.el6_5.7.i686.rpm

    MD5: c1709822e20782dc8c503e04ee788df9SHA-256:

    4055110c07d6c18b5542e1dd0af53d501de96eae9317a4b8bec05e2c54eaedc6

    PPC:

    openssl-1.0.1e-16.el6_5.7.ppc.rpm

    MD5: 9551056f251da05b82149947bbd7e344SHA-256:

    6d2c3e4b013cf3342d90583003ebbe5d914fa2c7a4d918a62144d67f3000d72a

    openssl-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: 0004165d7fb96e29ac8c329ceabf206cSHA-256:

    888878deb04e6401f1cefb13574d338d1a6a0d6d0a4bd6a78b8a4602a9dba834

    openssl-debuginfo-1.0.1e-16.el6_5.7.ppc.rpm

    MD5: 0cd21f6343e2747c89d2fa718eeded54SHA-256:

    b1a9f23d57660fadc3c1a94b89cb15ae4a4ec07d77bd79b46ffa5cf1d39e5189

    openssl-debuginfo-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: 2cf3b892db2d9c8d4d6173f5346acbedSHA-256:

    e2efd8d8bc77a3cce6c99ff36f2b7d1575409c26484c9c532b448fc24d7ab69a

    openssl-devel-1.0.1e-16.el6_5.7.ppc.rpm

    MD5: cc24300338edb3ebd79b45c7ae25d5a8SHA-256:

    80081191dcd705b73c2fdec8c595ba67a0592fca3073fc13a337ed98de524526

    openssl-devel-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: dabd894e8c12d8099c5cd2600ec0dea4SHA-256:

    ebcb2520d935ac75dafbf775b9e8396a1b80fd7162076b98b68d33d8a815b0c5

    openssl-perl-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: 1f17c100afee814a07d9ab3f1c90f938SHA-256:

    f4f826e23f73c111716c3d6d7db0c62deb3144f02ac7632094b3bdcc68042c5b

    openssl-static-1.0.1e-16.el6_5.7.ppc64.rpm

    MD5: 7ee0ad9aec6b79d02d8238fa9cc2fe91SHA-256:

    73268cf53f8778fa6be668bd663739b7ac7adc499cb83c437947ebbb239f58bb

    s390x:

  • openssl-1.0.1e-16.el6_5.7.s390.rpm

    MD5: ba5e1e1f5be9e2cccb0b3bc445b55ccbSHA-256:

    413bf4dbb9b49a69e2cd9dcae4a857f28dd9157ea05734728420860c4bad6555

    openssl-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: ae631cd74f8859e205c04012bf7f19eeSHA-256:

    ba01c34c8cb72a5b3f1912bb078432f78a3114cbbe74c4c0c46b795f118a7dfa

    openssl-debuginfo-1.0.1e-16.el6_5.7.s390.rpm

    MD5: 5478d41f8af69e0c21468ff90d49f750SHA-256:

    1e9693397028bfca10fed84ba85a3981e835213adf75ab032ac05ef0798f3013

    openssl-debuginfo-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: 2a36a3495e5b933db6fa16cc89c43f98SHA-256:

    ad3cd9120e80eee4e72a97882e1241cb1f70c84bf867f055727d585c026f4cf8

    openssl-devel-1.0.1e-16.el6_5.7.s390.rpm

    MD5: 9a6237cb10297cb39334212839902b94SHA-256:

    5c89453fa1dbc9757b9e5f8576a7c0714bae3f9bea1ec72c9bf5996f39c6e680

    openssl-devel-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: 4ffd801bce5975aa66f84cfa8670b5ffSHA-256:

    18aca876de0b4240ca143cb25b4e62f382c91f0bd4de7b0237a7272e8b239e99

    openssl-perl-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: 5ef579945625921d123248623f9e16a5SHA-256:

    aa3ff1b08837eda40b16af1eb54e5334f3ab0cbf3e926230ed71efbd85b2a7bb

    openssl-static-1.0.1e-16.el6_5.7.s390x.rpm

    MD5: e31ad0c92b9cf260e79b25c28cb6143bSHA-256:

    7f0a5f27786f7c2d375a805cf63bed410e5ea1df014f2cb89becde19adb596ba

    x86_64:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

    openssl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 6fcf4efe58746a7b25a7654982b0e3d2SHA-256:

    10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a4b0d2

    openssl-debuginfo- MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e

  • 1.0.1e-16.el6_5.7.i686.rpm

    SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44

    e8140

    openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 7f8eb8ea7db416e34afeaa6e7d10380aSHA-256:

    1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b32347891637a

    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b23db98a10a6e58ef4a829367496e9dcSHA-256:

    6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b12e9ee

    openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 5c399d655138be5a4b5da773e3b1af6cSHA-256:

    da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f17cafc

    openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b8e2eb964b0b4f4d9fc6ea9676aba257SHA-256:

    82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d04f8e1

    Red Hat Enterprise Linux Workstation (v. 6)

    SRPMS:

    openssl-1.0.1e-16.el6_5.7.src.rpm

    MD5: bd8cd18d0d76eeca5d08781b5b6712b8SHA-256:

    dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2bc90d1

    IA-32:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

    30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

  • openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-perl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7806105fddd82ebb77421a0c16374ca4SHA-256:

    a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91eb353

    openssl-static-1.0.1e-16.el6_5.7.i686.rpm

    MD5: c1709822e20782dc8c503e04ee788df9SHA-256:

    4055110c07d6c18b5542e1dd0af53d501de96eae9317a4b8bec05e2c54eaedc6

    x86_64:

    openssl-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

    3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

    openssl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 6fcf4efe58746a7b25a7654982b0e3d2SHA-256:

    10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a4b0d2

    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

    30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

    openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 7f8eb8ea7db416e34afeaa6e7d10380aSHA-256:

    1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b32347891637a

    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

    MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

    8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

    openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: b23db98a10a6e58ef4a829367496e9dcSHA-256:

    6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b12e9ee

    openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm

    MD5: 5c399d655138be5a4b5da773e3b1af6cSHA-256:

    da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f17cafc

    openssl-static-1.0.1e- MD5: b8e2eb964b0b4f4d9fc6ea9676aba257

  • 16.el6_5.7.x86_64.rpm

    SHA-256: 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0

    4f8e1

    (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat

    extension packets References https://www.redhat.com/security/data/cve/CVE-2014-0160.html

    https://access.redhat.com/security/updates/classification/#important

    [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update Karanbir Singh kbsingh at centos.org Tue Apr 8 02:54:58 UTC 2014

    Previous message: [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround

    Next message: [CentOS-announce] CESA-2014:0383 Moderate CentOS 6 samba4 Update

    Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    CentOS Errata and Security Advisory 2014:0376 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 openssl-1.0.1e-16.el6_5.7.i686.rpm ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba openssl-devel-1.0.1e-16.el6_5.7.i686.rpm 5724d24708d8b62ee48585ea530d379c258a9dd537ce3d350a61af4489c11ea5 openssl-perl-1.0.1e-16.el6_5.7.i686.rpm 601108f27b4716355d972d70e8711b6ff53f4375962b3d6e81321736c6709b90 openssl-static-1.0.1e-16.el6_5.7.i686.rpm

  • x86_64: 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 openssl-1.0.1e-16.el6_5.7.i686.rpm 42cdc321aa3d46889c395c5d6dc11961ed86be5f4d98af0d6399d6c4e1233712 openssl-1.0.1e-16.el6_5.7.x86_64.rpm ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba openssl-devel-1.0.1e-16.el6_5.7.i686.rpm 3328f32f211b2e136c25ec8538c768049f288f0b410932b31880fa4b4de8e73b openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm 89cdbaed00f8348a6a6d567c6c1eb8aba9f94578653be475e826e24c51f10594 openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm 9222db08c5cbf4fded04fd7d060f5b91ed396665e2baa4c899fc2aa8aa9297d0 openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm Source: 3a08cda99f54b97c027ed32758e7b1ddcff635be5c3737c1e9084321561a015d openssl-1.0.1e-16.el6_5.7.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos at irc.freenode.net

    Status on CVE-2014-0160, aka "Heartbleed" Robyn Bergeron rbergero at redhat.com Tue Apr 8 03:01:24 UTC 2014

    Next message: Status on CVE-2014-0160, aka "Heartbleed" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Greetings, Fedora community: We're aware of the recently disclosed CVE-2014-0160 (aka "Heartbleed"): https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl) https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl) The issue affects the currently supported Fedora 19 and Fedora 20 releases. Updates for openssl packages are available now, and mirrors near you will receive them shortly. If you do not want to wait for your local mirror to get updates, you can retrieve and install packages directly: For Fedora 19 x86_64:

  • yum -y install koji koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1 yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm For Fedora 20 x86_64: yum -y install koji koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1 yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20 only). Package updates for mingw-openssl will receive fixes shortly and we'll update the community when they are available. Note that Fedora 18, which is no longer supported by the Fedora community, is also affected by this issue. Fedora 17 and previous releases, also no longer supported, are not affected by this issue. Fedora Release Engineering is currently regenerating AMIs and qcow2/kvm images to include the fix. The Fedora Infrastructure team is working to assess any additional impact, and will update the community as we develop more information. Thanks for your patience as we work on this issue. ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing package updates, and Major Hayden for providing the manual update guidance above. -Robyn Bergeron

    Vulnerability Note VU#720951 OpenSSL heartbeat extension read overflow discloses sensitive information Original Release date: 07 Apr 2014 | Last revised: 11 Apr 2014

    Print Docum ent

    Tweet

    Like M e

    Share

  • Overview

    OpenSSL 1.0.1 contains a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed."

    DescriptionOpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality (RFC6520). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of up to 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to increase the chances that a leaked chunk contains the intended secrets. The sensitive information that may be retrieved using this vulnerability include:

    Prim ary key m aterial (secret keys) Secondary key m aterial (user nam es and passwords used by vulnerable

    services) Protected content (sensitive data used by vulnerable services) Collateral (m em ory addresses and content that can be leveraged to

    bypass exploit m itigations)

    Please see the Heartbleed website for m ore details. Exploit code for this vulnerability is publicly available. Any service that supports STARTTLS (im ap,sm tp,http,pop) m ay also be affected.

    ImpactBy attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.

    SolutionApply an update This issue is addressed in OpenSSL 1.0.1g. Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items. Old keys should be revoked. Reports indicate that the use of mod_spdy can prevent the updated OpenSSL library from being utilized, as mod_spdy uses its own copy of OpenSSL. Please see https://code.google.com/p/mod-spdy/issues/detail?id=85 for more details.

    Disable OpenSSL heartbeat support

  • This issue can be addressed by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the changes to take effect. Use Perfect Forward Secrecy (PFS) PFS can help minimize the damage in the case of a secret key leak by making it more difficult to decrypt already-captured network traffic. However, if a ticket key is leaked, then any sessions that use that ticket could be compromised. Ticket keys may only be regenerated when a web server is restarted.

    VendorInformation(LearnMore)

    Vendor Status

    Date Notified

    Date Updated

    Am azon Affected - 09 Apr

    2014

    Aruba Networks, Inc. Affected - 09 Apr

    2014

    Bee W are Affected - 09 Apr

    2014

    Blue Coat System s Affected 07 Apr

    2014 09 Apr

    2014

    Cisco System s, Inc. Affected 07 Apr

    2014 10 Apr

    2014

    Debian GNU/Linux Affected 07 Apr

    2014 08 Apr

    2014

    F5 Networks, Inc. Affected 07 Apr

    2014 09 Apr

    2014

    Fedora Project Affected 07 Apr

    2014 08 Apr

    2014

  • Fortinet, Inc. Affected 07 Apr

    2014 09 Apr

    2014

    FreeBSD Project Affected 07 Apr

    2014 09 Apr

    2014

    Gentoo Linux Affected 07 Apr

    2014 08 Apr

    2014

    Google Affected 07 Apr

    2014 09 Apr

    2014

    IBM Corporation Affected 07 Apr

    2014 11 Apr

    2014

    Juniper Networks, Inc. Affected 07 Apr

    2014 09 Apr

    2014

    M andriva S. A. Affected 07 Apr

    2014 07 Apr

    2014

    If you are a vendor and your product is affected, let us know.View M ore

    CVSSMetrics(LearnMore)

    Group Score

    Vector

    Base 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

    Tem poral

    5.3 E:F/RL:OF/RC:C

    Environm ental

    7.5 CDP:LM /TD:H/CR:H/IR:H/AR:ND

    References

    http://heartbleed.com /

  • http://seclists.org/oss-sec/2014/q2/22 http://git.openssl.org/gitweb/?p=openssl.git;a=com m itdiff;h=96db902 https://tools.ietf.org/htm l/rfc6520 http://www.openssl.org/news/openssl-1.0.1-notes.htm l http://blog.cryptographyengineering.com /2014/04/attack-of-week-

    openssl-heartbleed.htm l http://blog.fox-it.com /2014/04/08/openssl-heartbleed-bug-live-blog/ https://www.cert.fi/en/reports/2014/vulnerability788210.htm l https://code.google.com /p/m od-spdy/issues/detail?id=85 http://www.exploit-db.com /exploits/32745/ https://access.redhat.com /security/cve/CVE-2014-0160 http://www.ubuntu.com /usn/usn-2165-1/ http://www.freshports.org/security/openssl/ https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

    Credit

    This vulnerability was reported by OpenSSL, who in turn credits Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security.

    This document was written by Will Dormann.

    OtherInformation

    CVE IDs: CVE-2014-0160 Date Public: 07 Apr 2014 Date First Published: 07 Apr 2014 Date Last Updated: 11 Apr 2014 Docum ent Revision: 125

    Feedback

    If you have feedback, comments, or additional information about this vulnerability, please send us email.

    NCSC-FI Advisory on OpenSSL

    Target

    - servers and server applications - workstations and end user applications- network devices - embedded systems

  • - other

    Access Vector - remote - no user interaction required - no authentication required

    Impact - breach of confidentiality - security bypass

    Remediation - fix provided by vendor - problem mitigation

    Details A vulnerability has been found in the heartbeat protocol implementation of TLS (Transport Layer Security) and DTLS (Datagram TLS) of OpenSSL. OpenSSL replies a requested amount upto 64kB of random memory content as a reply to a heartbeat request. Sensitive data such as message contents, user credentials, session keys and server private keys have been observed within the reply contents. More memory contents can be acquired by sending more requests. The attacks have not been observed to leave traces in application logs.

    Vulnerability Coordination Information and Acknowledgements The vulnerability was first reported to OpenSSL by Neel Mehta from Google Security. Matti Kamunen, Antti Karjalainen and Riku Hietamki from Codenomicon Oy reported the vulnerability to NCSC-FI, who reported it in turn to OpenSSL. NCSC-FI would like to thank Codenomicon for reporting and analysing the vulnerability.

    Vendor Information OpenSSL versions from 1.0.1 to 1.0.1f. The vulnerability has been fixed in OpenSSL

    1.0.1g.

    Vulnerable Linux and BSD distributions include:

    Red Hat Enterprise Linux 6.5 (OpenSSL 1.0.1e) Debian Wheezy (fixed in version 1.0.1e-2+deb7u5) Ubuntu 12.04 LTS, 13.04 and 13.10 Gentoo Linux Slackware 14.0, 14.1 and current OpenBSD 5.3 ja 5.4 FreeBSD, versions 10.x NetBSD, versions 6.1 - 6.1.3 ja 6.0 - 6.0.4 DragonflyBSD 3.6 Mandriva Business Server 1

  • Software using a vulnerable version of OpenSSL include:

    Cisco AnyConnect Secure Mobility Client for iOS Cisco Desktop Collaboration Experience DX650 Cisco Unified 7800 series IP Phones Cisco Unified 8961 IP Phone Cisco Unified 9951 IP Phone Cisco Unified 9971 IP Phone Cisco TelePresence Video Communication Server (VCS) Cisco IOS XECisco UCS B-Series (Blade) Servers Cisco UCS C-Series (Stand alone Rack) Servers Cisco Unified Communication Manager (UCM) 10.0 FortiGate FortiOS 5.0.5 ja 5.0.6 Junos OS 13.3R1 Juniper Odyssey client 5.6r5 and newer Juniper SSL VPN (IVEOS) 7.4r1 and newer Juniper SSL VPN (IVEOS) 8.0r1 and newer Juniper UAC 4.4r1 and newer Juniper UAC 5.0r1 and newer Juniper Junos Pulse (Desktop) 5.0r1 and newer Juniper Junos Pulse (Desktop) 4.0r5 and newer Juniper Network Connect (windows) versions 7.4R5 - 7.4R9.1 & 8.0R1 to 8.0R3.1 Juniper Junos Pulse (Mobile) on Android 4.2R1 and newer Juniper Junos Pulse (Mobile) on iOS 4.2R1 F5 BIG-IP LTM versions 11.5.0 - 11.5.1 F5 BIG-IP AAM versions 11.5.0 - 11.5.1 F5 BIG-IP AFM versions 11.5.0 - 11.5.1 F5 BIG-IP Analytics versions 11.5.0 - 11.5.1 F5 BIG-IP APM versions 11.5.0 - 11.5.1 F5 BIG-IP ASM versions 11.5.0 - 11.5.1 F5 BIG-IP GTM versions 11.5.0 - 11.5.1 F5 BIG-IP Link Controller 11.5.0 - 11.5.1 F5 BIG-IP PEM versions 11.5.0 - 11.5.1 F5 BIG-IP PSM versions 11.5.0 - 11.5.1 F5 BIG-IP Edge Clients for Apple iOS versions 2.0.0 - 2.0.1 ja 1.0.5 F5 BIG-IP Edge Clients for Linux versions 7080 - 7101 F5 BIG-IP Edge Clients for MAC OS X versions 7080 - 7101 ja 6035 - 7071 F5 BIG-IP Edge Clients for Windows versions 7080 - 7101 ja 6035 - 7071 OpenVPN 2.3-rc2-I001 - 2.3.2-I003 Aruba ArubaOS versions 6.3.x, 6.4.x Aruba ClearPass versions 6.1.x, 6.2.x, 6.3.x Viscosity before version 1.4.8 WatchGuard XTM ja XCS before version 11.8.3 CSP Blue Coat Content Analysis System versions 1.1.1.1 - 1.1.5.1 Blue Coat Malware Analysis Appliance version 1.1.1 Blue Coat ProxyAV versions 3.5.1.1 - 3.5.1.6

  • Blue Coat ProxySG versions 6.5.1.1 - 6.5.3.5 Blue Coat SSL Visibility 3.7.0 Jolla F-Secure F-Secure Messaging Secure Gateway 7.5 F-Secure Protection Service for Email 7.5 F-Secure Anti-Theft Portal

    Remediation Patch the vulnerable software components according to the guidance published by the vendor. Restart affected services after the update. The vulnerability can be mitigated by disabling the affected components. This can be done by compiling OpenSSL with the configuration option -DNO_OPENSSL_HEARTBEATS.

    References

    https://www.openssl.org/news/secadv_20140407.txt https://www.kb.cert.org/vuls/id/720951 http://heartbleed.com/ https://tools.ietf.org/html/rfc6520 CVE-2014-0160

    Updates

    o http://lists.centos.org/pipermail/centos-announce/2014-April/020248.html

    o http://koji.fedoraproject.org/koji/buildinfo?buildid=509741 o https://www.debian.org/security/2014/dsa-2896 o https://access.redhat.com/security/cve/CVE-2014-0160 o http://www.ubuntu.com/usn/usn-2165-1/ o http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml o http://www.slackware.com/security/viewer.php?l=slackware-

    security&y=2014&m=slackware-security.533622 o http://www.openbsd.org/errata53.html#014_openssl o http://www.openbsd.org/errata54.html#007_openssl o http://www.freebsd.org/security/advisories/FreeBSD-SA-

    14:06.openssl.asc o http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-

    SA2014-004.txt.asc o http://lists.dragonflybsd.org/pipermail/commits/2014-

    April/269894.html

  • o http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:067/

    o http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623

    o http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

    o https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_dogoviewsolutiondetails=&solutionid=sk100173

    o http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

    o https://community.openvpn.net/openvpn/wiki/heartbleed o http://www.arubanetworks.com/support/alerts/aid-040814.asc o https://www.sparklabs.com/viscosity/releasenotes/ o http://watchguardsecuritycenter.com/2014/04/08/the-

    heartbleed-openssl-vulnerability-patch-openssl-asap/ o http://kb.bluecoat.com/index?page=content&id=SA79 o https://together.jolla.com/question/38508/release-notes-software-version-10516-

    paarlampi/ o http://www.f-secure.com/en/web/labs_global/fsc-2014-1

    Contact Information NCSC-FI Vulnerability Coordination can be contacted as follows: Email: vulncoord@ficora.fi Please quote the advisory reference [FICORA #788210] in the subject line Telephone: +358 295 390 230 Monday - Friday 08:00 - 16:15 (EEST: UTC+2) Fax : +358 295 390 270 Post: Vulnerability Coordination FICORA/CERT-FI P.O. Box 313 FI-00181 Helsinki FINLAND CERT-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at

  • https://www.ncsc.fi/en/activities/contact/pgp-keys.html

    The CERT-FI vulnerability coordination policy can be viewed at https://www.ncsc.fi/en/activities/Vulncoord/vulncoord-policy.html.

    Revision History 8 Apr 2013, 07:45 UTC: Published 10 Apr 2014, 11:07 UTC: Updated vendor list and references 10 Apr 2014, 12:12 UTC: Removed erroneously added CheckPoint products from listing 10 Apr 2014, 13:27 UTC: Fixed affected FreeBSD versions 11 Apr 2014, 17:27 UTC: Update vendor list and references (Jolla, F-Secure)

    Update - Schweres Sicherheitsproblem mit OpenSSL ("Heartbleed"-Lcke) 8. April 2014 Update 10. April 2014

    Das OpenSSL-Projekt hat eine Warnung bezglich eines akuten Problems verffentlicht.

    In einschlgigen Medien wird bereits berichtet, ob der Dringlichkeit und des Umfangs des Problems bittet CERT.at nochmals um Beachtung der folgenden Hinweise.

    Beschreibung Durch einen Fehler in OpenSSL knnen Angreifer Teile des Hauptspeichers eines betroffenen Systems (in Schritten von 64kB) lesen. Dadurch ist es den Angreifern mglich, an diverse Informationen, unter Umstnden inklusive der "Private" Keys/X.509 Zertifikate, zu gelangen.

    Eine ausfhrliche Beschreibung des Problems findet sich auf http://heartbleed.com/ (englisch).

    Eintrag in der CVE-Datenbank: CVE-2014-0160.

    Auswirkungen

  • Da davon auszugehen ist, dass Angreifer ber die Private Keys von mit verwundbaren OpenSSL-Versionen gesicherten Services verfgen, sind prinzipiell alle ber solche Services bermittelten Informationen als kompromittiert zu betrachten.

    Falls die Services mit "Perfect Forward Secrecy" konfiguriert sind, knnen Angreifer allerdings nicht Informationen aus in der Vergangenheit mitprotokollierten Sitzungen entschlsseln. Aktuell bertragene Informationen sind trotzdem betroffen.

    Betroffene Systeme Der Fehler betrifft alle OpenSSL Versionen von 1.0.1 bis inklusive 1.0.1f, die erste verwundbare Version 1.0.1 wurde am 14. Mrz 2012 verffentlicht. Das sind beispielsweise Systeme mit folgenden Betriebssystem-Versionen (Achtung, Liste ist nicht vollstndig):

    Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c) NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c)

    Update 10. April 2014 Wir mchten hier auch nochmals ausdrcklich darauf hinweisen, dass dieses Problem nicht nur Webserver/Webseiten betrifft, sondern alle Software die auf OpenSSL aufsetzt und TLS verwendet. Aber natrlich sind auch alle Systeme/Services betroffen, auf denen eigens kompilierte/installierte Versionen von OpenSSL eingesetzt werden. Auch Installationen von zB "SSL-VPN"-Services knnen betroffen sein.

    Nicht betroffen sind:

    Systeme, auf denen OpenSSL 0.9.x eingesetzt wird weiters Installationen von OpenSSL, in denen die "Heartbeat"-Funktion durch einen

    entsprechende Parameter (-DOPENSSL_NO_HEARTBEATS) beim Kompilieren ausgeschaltet wurde Update 10. April 2014: OpenSSH ist nicht betroffen, da es zwar OpenSSL aber nicht

    TLS (und damit auch nicht die verwundbare "Heartbeat"-Extension) verwendet

    Abhilfe

  • Es wird dringend empfohlen, die von den Betriebssystemen bereitgestellten Patches zu installieren. Wo dies nicht mglich ist, sollten betroffene OpenSSL-Versionen so konfiguriert werden, dass die "Heartbeat"-Funktion nicht untersttzt wird (Parameter -DOPENSSL_NO_HEARTBEATS beim Kompilieren).

    Weiters sind alle Private Keys als kompromittiert zu betrachten, und es sollten nach Einspielen entsprechender Patches neue erzeugt, und gegebenenfalls bei den genutzten Certificate Authorities zur Signierung vorgelegt, werden. Wie zB Heise Security formuliert: Auerdem besteht natrlich die Gefahr, dass Angreifer mit guten technischen Ressourcen den Fehler bereits kannten und massenhaft Schlssel geklaut haben. Auch sollten die "alten" Keys fr ungltig erklrt (revoked) werden.

    Fr Firmenumgebungen mit IDS/IPS-Installationen sind auch bereits erste Signaturen erhltlich, mit denen Versuche dieses Problem auszunutzen, erkannt werden knnen. Da dies aber nicht retroaktiv mglich ist, sind auch dort alle Private Keys als kompromittiert zu betrachten.

    Update (2014-04-10): Benutzer von Linux-Systemen mit iptables knnen ein Ausnutzen dieser Lcke mit entsprechenden Rules (wie unter http://www.securityfocus.com/archive/1/531779 beschrieben) verhindern bzw. erkennen.

    Auch Endbenutzer sollten ihre Systeme auf Verwendung von verwundbaren OpenSSL-Versionen berprfen, dies betrifft auch besonders Benutzer von mobilen Gerten wie Smartphones/Tablets.

    Update (2014-04-10): Ob die eigenen Services betroffen sind, lsst sich beispielsweise mit folgenden Methoden herausfinden:

    Online-Test: http://filippo.io/Heartbleed/ o Der Code zu diesem Online-Test ist auch fr eigene Benutzung verfgbar:

    https://github.com/FiloSottile/Heartbleed Plugin fr den bekannten Security-Scanner nmap:

    https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse

    Alle diese Tests knnen natrlich ein Patchen/Umkonfigurieren/Schtzen der eigenen Systeme nicht ersetzen - Falscheinschtzungen sind auch hier mglich.

    Hinweis Generell empfiehlt CERT.at, wo mglich die "automatisches Update"-Features von Software zu nutzen, parallel Firewall-Software aktiv und den Virenschutz aktuell zu halten.

    Informationsquelle(n): OpenSSL Security Advisory (englisch)

  • https://www.openssl.org/news/secadv_20140407.txt Detaillierte Beschreibung des Problems (englisch) http://heartbleed.com/ Debian Security Advisory DSA-2896-1 (englisch) https://www.debian.org/security/2014/dsa-2896 Redhat Security Advisory RHSA-2014:0376-1 (englisch) https://rhn.redhat.com/errata/RHSA-2014-0376.html Meldung bei Heise Security (deutsch) http://www.heise.de/security/meldung/Der-GAU-fuer-Verschluesselung-im-Web-Horror-Bug-in-OpenSSL-2165517.html

    TR-21 - OpenSSL Heartbeat Critical Vulnerability

    TR21OpenSSLHeartbeatCriticalVulnerability

    Back to Publications and Presentations

    1. Overview 2. Recom m endations 3. How to test your TLS/SSL server? 4. Detecting OpenSSL Heartbleed with NIDS 5. Are the services like SM TP, XM PP, IM AP, SSL VPN using TLS affected? 6. Are OpenSSL clients vulnerable too? 7. W hat are the unaffected software or protocols by CVE-2014-0160? 8. References 9. Contact 10. Classification of this docum ent 11. Revision

    You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

  • Overview OpenSSL software is vulnerable to memory leakage to the connected client or server. In other words, anyone can remotely retrieve sensitive information (e.g. secret keys, passwords, confidential document) from the memory of the remote servers without leaving traces. This is a critical vulnerability and you must patch your OpenSSL software as soon as possible.

    OpenSSL version 1.0.1 and 1.0.2-beta releases are affected by this vulnerability including 1.0.1f and 1.0.2-beta1. Prior version are not vulnerable to this vulnerability.

    After patching, all sensitive information need to be evaluated especially private keys or credentials. We recommend, at least, to regenerate the X.509 key materials and do an impact assessment on the potentially leaked information.

    Recommendations You should apply the OpenSSL updates provided by the software distributors:

    Ubuntu USN-2165-1: OpenSSL vulnerabilities Ubuntu CVE-2014-0160 detailed inform ation per release Debian DSA-2896-1 openssl security update Red Hat RHSA-2014:0376-1 Red Hat Enterprise Linux 6 Red Hat RHSA-2014:0377-1 Red Hat Storage Native Client for Red Hat

    Enterprise Linux CentOS 6 CVE-2014-0160 CentOS 6 openssl heartbleed workaround Gentoo glsa-201404-07 OpenSSL: Inform ation Disclosure Novell/Suse SUSE Linux Enterprise Server 11 and older versions with

    openssl 0.9.8 are not affected. Only openSUSE 12.3 and 13.1 are shipping affected versions currently.

    Tor com ponents affected by OpenSSL bug CVE-2014-0160 m od_spdy binary bugfix release (v0.9.4.2) stunnel OpenSSL DLLs updated to version 1.0.1g. This version m itigates

    TLS heartbeat read overrun (CVE-2014-0160) Fedora 19 Update: openssl-1.0.1e-37.fc19.1 Fedora 20 Update: openssl-1.0.1e-37.fc20.1 FreeBSD-SA-14:06.openssl OpenSSL m ultiple vulnerabilities OpenBSD 5.5 errata 2, Apr 8, 2014 OpenBSD 5.4 errata 7, Apr 8, 2014 OpenBSD 5.3 errata 14, Apr 8, 2014 FreeRADIUS version 2 and Version 3 of FreeRADIUS are vulnerable to the

    attack OpenVPN Access Server 1.8.4 > 2.0.5

  • Its important to note that some distributions use their own version numbering scheme for the OpenSSL package. If the distribution backports functionalities from OpenSSL into older versions, you might be vulnerable too.

    You may not have realized that Canonical changed its policy regarding the support length of non-LTS releases. The first release concerned by the new policy is Ubunty 13.04 (Raring Ringtail) and do not receive any support since 2014-01-27, which means that all the running instances you might have are vulnerable to Heartbeat and will not be patched.

    The procedure to update Ubuntu 13.04 by recompiling OpenSSL is the following:

    apt-get build-dep openssl apt-get source openssl cd openssl-1.0.1c/ vi Configure add -DOPENSSL_NO_HEARTBEATS to $debian_cflags (line 109) dpkg-buildpackage -uc -b cd .. Look at the installed openssl packages: dpkg -l | grep -w 'libssl\|openssl' Install the required packages with dpkg: dpkg -i *.deb

    If you cannot upgrade your OpenSSL directly, you can recompile your OpenSSL with the DOPENSSL_NO_HEARTBEATS option to disable the feature having the vulnerability. Dont forget to restart your services and ensure that the adequate libraries are loaded.

    All the services you will see by running this command are still using the old and vulnerable library and have to be restarted:

    lsof -n | grep DEL | grep libssl

    To verify which running processes/binaries use OpenSSL, you can do the following:

    lsof | grep libssl

    How to test your TLS/SSL server? A checker tool and a web site is available to test if a TLS server is vulnerable.

    Metasploit framework provides a module that implements the OpenSSL Heartbleed issue.

    Detecting OpenSSL Heartbleed with NIDS Detecting OpenSSL Heartbleed with Suricata Indicator of Com prom ise to detect successful exploitation with Snort

  • Are the services like SMTP, XMPP, IMAP, SSL VPN using TLS affected? If the service is using TLS/SSL and relies on vulnerable OpenSSL with the heartbeat extension, the service is probably vulnerable to data leakage. You should contact your software vendor as soon as possible to get a fix. Dont forget to renew credentials and cryptographic key materials that might have leaked in that context. The vulnerability is not limited to HTTP over TLS but applicable to all protocols relying on TLS.

    Are OpenSSL clients vulnerable too? OpenSSL clients are also vulnerable. So a malicious server could abuse a vulnerable OpenSSL client to trigger the vulnerability and dump the memory of the client. There is a tool to abuse OpenSSL clients available showing the practicality of the exploitation.

    If you use OpenSSL as a client (usually bundled/used by many tools like curl, wget on Unix and Windows), you have to patch your client software as well.

    What are the unaffected software or protocols by CVE-2014-0160?

    OpenSSH and SSH is not vulnerable to CVE-2014-0160. OpenSSH relies on som e cryptographic functions from OpenSSL but not the TLS part. The SSH protocol contains its own keepalive protocol and doesnt rely on TLS.

    References CVE-2014-0160 The (1) TLS and (2) DTLS im plem entations in OpenSSL

    1.0.1 before 1.0.1g do not properly handle Heartbeart Extension packets The Heartbleed Bug OpenSSL Security Advisory - TLS heartbeat read overrun (CVE-2014-0160) Diagnosis of the OpenSSL Heartbleed Bug

    Contact If you have any question about this vulnerability, feel free to contact us.

    Classification of this document TLP:WHITE information may be distributed without restriction, subject to copyright controls.

  • Revision Version 1.3 April 10, 2014 Client side vulnerability added (TLP:W HITE) Version 1.2 April 9, 2014 Inform ation about additional software vulnerable

    added (TLP:W HITE) Version 1.1 April 8, 2014 Initial version (TLP:W HITE)

    BULLETIN D'ALERTE DU CERT-FR

    Objet : Vulnrabilit dans OpenSSL

    Gestion du document

    Tableau 1: Gestion du document

    Rfrence CERTFR-2014-ALE-003

    Titre Vulnrabilit dans OpenSSL

    Date de la premire version 08 avril 2014

    Date de la dernire version -

    Source(s) Bulletin de scurit OpenSSL du 07 avril 2014

    Pice(s) jointe(s) Aucune

    Une gestion de version dtaille se trouve la fin de ce document.

    1 - Risque(s) contournement de la politique de scurit atteinte la confidentialit des donnes

    2 - Systmes affect(s) OpenSSL 1.0.1, version 1.0.1f et antrieures OpenSSL 1.0.2-beta1

  • 3 - Rsum Une vulnrabilit a t dcouverte dans OpenSSL. Elle permet un attaquant de provoquer un contournement de la politique de scurit et une atteinte la confidentialit des donnes.

    4 - Recommandations Un correctif d'OpenSSL est disponible.

    Le CERT-FR recommande de mettre jour les installations d'OpenSSL vulnrables. De plus, il est ncessaire de relancer les services susceptibles d'employer une ancienne version de la bibliothque (notamment les serveurs Web et de messagerie lectronique).

    Aprs mise jour d'OpenSSL, pour dterminer les services redmarrer, il est possible d'employer sous Linux la commande ci-aprs : lsof | grep libssl | grep DEL

    Nanmoins, cette commande ne permet pas de reprer les ventuels services compils avec OpenSSL en statique.

    Il est galement recommand, en cas de suspicion de compromission, de rvoquer les certificats utiliss et de gnrer de nouvelles cls de chiffrement. De plus, les hbergeurs de services potentiellement compromis sont encourags demander leurs utilisateurs de mettre jour leurs mots de passe.

    5 - Documentation Bulletin de scurit OpenSSL du 07 avril 2014 https://www.openssl.org/news/secadv_20140407.txt Rfrence CVE CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 Description de la vulnrabilit http://heartbleed.com/ Avis du CERT-FR http://www.cert.ssi.gouv.fr/site/CERTFR-2014-AVI-156/

    Gestion dtaille du document 08 avril 2014

    version initiale. Dernire version de ce document : http://cert.ssi.gouv.fr/site/CERTFR-2014-ALE-003

  • CERT-FR 2014-04-10

    OpenSSL

    JPCERT-AT-2014-0013 JPCERT/CC 2014-04-08() 2014-04-11() > OpenSSL https://www.jpcert.or.jp/at/2014/at140013.html I. OpenSSL Project OpenSSL heartbeat OpenSSL OpenSSL Project OpenSSL Project OpenSSL Security Advisory [07 Apr 2014] - TLS heartbeat read overrun (CVE-2014-0160) https://www.openssl.org/news/secadv_20140407.txt *** : 20140411 *****************************************

    III. ********************************************************************** II.

  • - OpenSSL 1.0.1 1.0.1f - OpenSSL 1.0.2-beta 1.0.2-beta1 *** : 20140411 ***************************************** OpenSSL ********************************************************************** III. OpenSSL Project OpenSSL OpenSSL 1.0.2-beta 201448 - OpenSSL 1.0.1g Tarballs http://www.openssl.org/source/ - -DOPENSSL_NO_HEARTBEATS OpenSSL OpenSSL USN-2165-1: OpenSSL vulnerabilities http://www.ubuntu.com/usn/usn-2165-1/ Important: openssl security update https://rhn.redhat.com/errata/RHSA-2014-0376.html Debian Security Advisory DSA-2896-1 openssl -- security update http://www.debian.org/security/2014/dsa-2896 *** : 20140411 *****************************************

    OpenSSL ********************************************************************** IV. JVNVU#94401838 OpenSSL heartbeat https://jvn.jp/vu/JVNVU94401838/index.html

  • *** : 20140411 ***************************************** CERT/CC Vulnerability Note VU#720951 OpenSSL heartbeat information disclosure https://www.kb.cert.org/vuls/id/720951 (IPA) OpenSSL (CVE-2014-0160) https://www.ipa.go.jp/security/ciadr/vul/20140408-openssl.html @Police OpenSSL https://www.npa.go.jp/cyberpolice/detect/pdf/20140410.pdf ********************************************************************** ________ 2014-04-08 2014-04-11 I. II. III. IV. ====================================================================== JPCERT (JPCERT/CC) MAIL: info@jpcert.or.jp TEL:03-3518-4600 FAX: 03-3518-4602 https://www.jpcert.or.jp/

    Top

    59

  • Det finns ett antal sjlvtestverktyg upplagda p ntet nu. CERT-SE vet inte vem som str bakom dessa och hur effektiva de r. Har ni har behov av att testa era system och bedmer den eventuella risken med att testsajten kartlgger era srbarheter som godtagbar s kan ni anvnda fljande:

    https://www.ssllabs.com/ssltest/

    http://possible.lv/tools/hb/

    Och hr r en lnk till ett skript som ocks testar fr srbarheten, med ppen kod som ni kan verifiera sjlva

    https://github.com/titanous/heartbleeder

    NCSC-FI har skapat en uppdaterad lista ver leverantrer eller produkter som r drabbade:

    https://www.cert.fi/en/reports/2014/vulnerability788210.html

    SANS ISC har gjort detsamma:

    https://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929

    Senaste nyheter Fr att hitta ldre nyheter anvnd Nyhetsarkivet eller vr skfunktion.

    2014-04-11 15:38

    CERTSE:sveckobrevv.15Blandade inslag frn veckan som gtt. M ed tanke p m ediaexponeringen

    av Heartbleed s har vi m inim erat antalet sdana lnkar i veckobrevet.

    2014-04-10 13:58

    NysrbarhetiOpenSSL1.0.1Srbarheten i OpenSSL 1.0.1 kan anvndas fr att lsa privat m inne

    2014-04-10 09:56

  • Wordpress3.8.2harslpptsochinnehllerflerasrbarhetsfixarW ordpress rekom m enderar uppdatering s snart som m jligt.

    2014-04-08 21:43

    AdobeuppdaterarflashplayerAdobe har uppdaterat flash-player till version 13.0.0.182 fr windows

    sam t

    2014-04-08 21:39

    ChromeUppdateradNu har Google chrom e team et slppt sin chrom e version 34 som rttar till

    Prenum erera p RSS/Atom

    Alvorlig srbarhet i SSL OpenSSL har offentligjort en srbarhet i OpenSSLs TLS/DTLS heartbeat extension(RFC6520). Srbarheten er tildelt CVE-2014-0160, ogs kalt "The Heartbleed Bug". NSM ser p denne srbarheten som svrt alvorlig.

    "Heartbleed Bug" gjr det mulig stjele informasjon som er beskyttet, under normale forhold, med SSL/TLS -kryptering som brukes til sikre Internett. SSL/TLS gir kommunikasjonssikkerhet og personvern p Internett for applikasjoner som web, epost, direktemeldinger (IM) og virtuelle private nett (VPN).

    Srbarheten tillater hvem som helst p Internett lese minne til systemene beskyttet av de srbare versjonene av OpenSSL-programvaren. Dette kompromitterer de hemmelige nklene som brukes til identifisere tjenesteyterne og kryptere trafikken. Navn og passord til brukerne og det faktiske innholdet . Dette gjr det mulig for angripere :

    avlytte kommunikasjon stjele data direkte fra tjenestene og brukere utgi seg for tjenester og brukere.

    Srbarheten tillater angriper hente ut deler p 64KB fra minnet til server eller klient som kjrer den srbare versjonen av OpenSSL. Denne metoden kan repeteres, dette vil si at man teoretisk kan dumpe minnet rundt prosessen, samt all trafikk som gr gjennom TLS-tunellen.

  • Test-utnyttelser av denne srbarheten tilsier at det vil vre mulig for angriper omg alle TLS-beskyttelsesmekanismer.

    Tidligere utnyttelse av denne srbarheten ser ikke ut til kunne avdekkes, fordi denne type trafikk ikke loggfres.

    Srbare versjoner:

    OpenSSL 1.0.1 til og med 1.0.1f er srbar. Versjon 1.0.1 ble utgitt i 2012.

    Srbarheten er fikset i versjon 1.0.1g som ble utgitt 7. april 2014. Versjoner eldre enn 1.0.1 er ikke srbare.

    Kjente distribusjoner og pakkeversjoner som har denne srbarheten inkluderer:

    Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) og 5.4 (OpenSSL 1.0.1c 10 May 012) FreeBSD 8.4 (OpenSSL 1.0.1e) og 9.1 (OpenSSL 1.0.1c) NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c)

    Flere av disse har distribuert oppdaterte pakker.

    Hvordan stoppe lekkasjen ? S lenge den srbare versjon av OpenSSL er i bruk kan den bli misbrukt.

    De som eier systemer og drifter nettsider m oppdatere programvaren og vurdere skadepotensialet. Vi anbefaler ogs:

    sjekke om det finnes oppdaterte pakker til deres system oppdatere om ndvendig Man kan kompilere OpenSSL uten heartbeat-extension.

    Vi anbefaler ogs at tjenesteleverandrer som har srbarheten, og som har kunder med innloggingstjenester p den ene eller andre mten, oppdaterer, varsler brukerne, og anbefaler bytte av passord.

    For privatpersoner:

    Det er viktig at du oppdaterer programvaren p PC-en din umiddelbart nr du fr varsel om dette. Ikke utsett - gjr det n.

    Ha et bevisst forhold til hvilke passord du bruker - n som alltid.

  • Er du i tvil, spr de tjenesteleverandrer du bruker, og hr p hva slags eventuelle beskjeder du fr fra dem.

    NSM NorCERT er ikke kjent med at denne srbarheten utnyttes "in-the-wild", men dette kan ikke utelukkes.

    Se veileder fra Difi for hvordan offentlige virksomheter kan gjre egne vurderinger og hndtere srbarheten.

    Se informasjon fra NorSIS om srbarheten.

    Se fire effektive tiltak mot dataangrep fra NSM.

    Mer informasjon om Heartbleed, hvordan feilen fungerer og kan stoppes, samt en omfattende liste med Sprsml og svar finnes p heartbleed.com. Her anbefales det revokere nkler forbundet med servere med OpenSSL installert.

    Factsheet Heartbleed: Ernstige kwetsbaarheid in OpenSSL

    Laatste wijziging : 11-04-2014

    Eerste publicatie:

    08-04-2014

    Versie:

    1.1

    Type:

    Factsheet

    Op 7 april 2014 is de Heartbleed-kwetsbaarheid gepubliceerd. Dit is een kwetsbaarheid in programmeerbibliotheek OpenSSL. Een aanvaller kan geheime sleutels en certificaten achterhalen van een kwetsbare server of ander apparaat. Ook andere gevoelige informatie zoals wachtwoorden en klantgegevens kan worden achterhaald.

    Met de geheime sleutels van certificaten kan de aanvaller informatie achterhalen uit versleutelde verbindingen die worden gebruikt voor bijvoorbeeld websites, e-mail en VPN.

  • Deze ernstige kwetsbaarheid kan worden weggenomen door de server of het andere apparaat te upgraden naar een versie van OpenSSL die niet kwetsbaar is. Daarnaast is het raadzaam certificaten en de bijbehorende geheime sleutels te vervangen als deze op een kwetsbare server of ander apparaat gebruikt zijn.

    Versie 1.1 - update - Niet alleen servers, ook andere apparaten die OpenSSL gebruiken zijn kwetsbaar. - Een aanval is alleen te zien in het netwerkverkeer, niet in de serverlogs. - Het 'rekeyen' van certificaten is een goed en mogelijk goedkoper alternatief voor het aanschaffen van nieuwe certificaten.

    Download

    FactsheetHeartbleed:ErnstigekwetsbaarheidinOpenSSL

    PDF, klik op de titel om te openen | 276,08 kB

    OpenSSL Vulnerability Number: AV14-017 Date: 8 April 2014

    Purpose The purpose of this advisory is to bring attention to a vulnerability in OpenSSL which can be used to expose private data to an attacker.

    Assessment CCIRC is aware of a vulnerability in OpenSSL that could expose private data to a remote, unauthenticated attacker through an incorrect memory handling function in the TLS heartbeat extension. This could allow a remote attacker to decrypt secure traffic and expose credentials and secret keys. OpenSSL is a popular application commonly used in web browsing, emails and instant messaging to provide security and privacy.

    CVE Reference: CVE-2014-0160 CVSS Score: 9.4

  • Affected versions: OpenSSL versions 1.0.1 through 1.0.1f

    Suggested action CCIRC recommends that system administrators test and deploy the vendor released updates to affected platforms accordingly. For clients unable to immediately upgrade can consider disabling OpenSSL Heartbeat support.

    References OpenSSL news: http://www.openssl.org/news/secadv_20140407.txt

    OpenSSL version 1.0.1g: http://www.openssl.org/source/

    Affected platforms and patch availability: http://www.kb.cert.org/vuls/id/720951

    Heartbleed: http://heartbleed.com/

    Note to Readers The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident.

    For general information, please contact Public Safety Canada's Public Affairs division at:

    Telephone: 613-944-4875 or 1-800-830-3118 Fax: 613-998-9589 E-mail: communications@ps-sp.gc.ca

    Date modified 2014-04-08

  • J s esate ia: Pradia / Dokum entai / Heartbleed OpenSSL paeidiam um as

    Heartbleed OpenSSL paeidiamumas sukurta Patrikas Kugrinas Paskutinis taisym as 2014-04-09 14:46

    Kritinis OpenSSL paeidiam um as, leidiantis silau liui be joki privilegij skaityti atm inties turin. Rekom enduojam a kuo greiiau atsinaujinti visus, paeidiam as OpenSSL versijas naudojan ius, serverius ir j priva ius raktus.

    "Heartbleed bug" - tai naujai rastas kritinis populiarios OpenSSL bibliotekos paeidiamumas. i biblioteka paprastai naudojama WWW, IM (greitj inui), pato ir VPN serveriuose. Heartbleed paeidiamumas leidia silauliui be joki teisi nuskaityti veikianios programos privaios atminties blokus, kuriuose galimai figruoja slapti SSL raktai, prisijungim vardai/slaptaodiai ar kita slapta informacija. Paeidiami ne tik serveriai, bet ir klientai. io paeidiamumo inaudojimas nra pastebimas sisteminiuose urnaluose. Paeidiamos OpenSSL versijos: 1.0.1 ir 1.0.2-beta, skaitant ir 1.0.1f bei 1.0.2-beta1. i versij savininkams rekomenduojama kuo greiiau atsinaujinti 1.0.1g (atnaujinimai jau oficialiai pasiekiami populiariems Linux/BSD variantams), neturint galimybs rekomenduojama perkompiliuoti OpenSSL bibliotek ijungiant paeidiam heartbeat pltin naudojant vliavl: -DOPENSSL_NO_HEARTBEATS. Kitas ingsnis yra naujo rakto generavimas ir sertifikato atnaujinimas, kas ypa galioja vieai prieinamoms paslaugoms. Prie tai naudojamas slaptas raktas galjo bti nugvelbtas be joki poymi, todl dabar turt bti skaitomas nesaugiu. Padarius tai reikia nepamirti ir seno sertifikato ataukimo/panaikinimo, kad js paslaugos tapatyb negalt bti sukompromituota ateityje (pvz. tarp silauli populiariais phishing metodais). Priklausomai nuo paslaugos tipo gali nukentti ir kita slapta informacija, pvz. tam tikrais Web serveri konfigracijos atvejais egzistuoja praneimai ir apie HTTP uklaus su vartotoj vardais, slaptaodiais bei sesij identifikatoriais nutekjim.

    Paeidiamoperacinisistemsraas

    o Debian W heezy (stable), OpenSSL 1.0.1e-2+deb7u4 o Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 o CentOS 6.5, OpenSSL 1.0.1e-15 o Fedora 18, OpenSSL 1.0.1e-4 o OpenBSD 5.3 (OpenSSL 1.0.1c 10 M ay 2012) and 5.4 (OpenSSL

    1.0.1c 10 M ay 2012) o FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013 o NetBSD 5.0.2 (OpenSSL 1.0.1e) o OpenSUSE 12.2 (OpenSSL 1.0.1c)

  • Kaippasitikrinti

    Kaip jau minta paeidiamos OpenSSL versijos yra 1.0.1 ir 1.0.2-beta, skaitant ir 1.0.1f bei 1.0.2-beta1. Senesns ir naujesns akos nra paeidiamos. Pasitikrinti OpenSSL versij galima "openssl" komanda, pvz:

    -user@host (~) $ openssl version OpenSSL 1.0.1c 10 May 2012

    1.0.1c versija yra nesaugi, nes ji yra ankstesn nei viruje m in ta 1.0.1f, tod l paslaugos, naudojan ios i bibliotek , yra paeidiam os.

    OpenSSL paket patikrinim ui, priklausom ai nuo operacin s sistem os, gali b ti naudojam os tokios kom andos (Red Hat ir Debian tipo paket sistem om s): rpm -q openssl dpkg-query -W openssl

    Patikrinti vieai prieinam paslaug taip pat galite naudodami puslap:

    http://filippo.io/Heartbleed/

    Sistemosatnaujinimas

    Dauguma populiari operacini sistem jau ileido OpenSSL pataisas, todl rekomenduojama atsinaujinti standartiniais bdais. Po sistemos atnaujinimo reikt:

    1. Dar karta patikrinti OpenSSL versij ir sitikinti, kad viskas vyko sklandiai.

    2. Perleisti visas OpenSSL naudojan ias paslaugas, kad b t prad ta naudoti nauja bibliotekos versija (senoji po atnaujinim o dar gali likti atm intyje). Papras iausias b das b t tiesiog perkrauti operacin sistem .

    3. vertinus galim ai atskleist duom en rizik i naujo susigeneruoti priva ius raktus bei sertifikatus, o senus ataukti/panaikinti, kaip buvo m in ta viruje.

    Nuorodos

    http://heartbleed.com/ - originalus altinis

    https://www.openssl.org/news/secadv_20140407.txt - OpenSSL praneimas

    http://www.ubuntu.com/usn/usn-2165-1/ - Ubuntu praneimas

  • http://www.kb.cert.org/vuls/id/720951 - cert.org apraymas

    MA0382.042014: MyCERT Alert: OpenSSL Heartbleed Information Disclosure Vulnerability Date Published: 8 April 2014 First Revision: 9 April 2014

    1.0 Introduction

    MyCERT received information from valid sources regarding a vulnerability that exist on OpenSSL Versions 1.0.1 through 1.0.1f that could disclose sensitive information belonging to users to an attacker.

    The vulnerability allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. There is a possibility that this may compromise the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

    2.0 Impact

    The impact of this vulnerability is a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By using the sensitive information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.

    3.0 Recommendation

    MyCERT has provided a tool to assist system administrators checking whether their HTTPS websites affected by this vulnerability.

    http://heartbleed.honeynet.org.my

    If your version of OpenSSL is affected by this vulnerability, you may refer to the below recommendations:

    3.1 Apply an update

    This vulnerability issue is addressed in OpenSSL 1.0.1g. User may contact their respective software vendor to check for availability of updates.

  • 3.2 Disable OpenSSL heartbeat support

    Another recommendation is to recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the chanages to take effect. End users may contact their respective software vendor to recompile the OpenSSL.

    MyCERT generally advise users of this product to keep themselves updated with the latest security announcements by the vendor. If users have any enquiries on this matter, please reach us through the following channels:

    E-mail : cyber999@cybersecurity.my Phone : 1-300-88-2999 (monitored during business hours) Fax : +603 89453442 Handphone : +60 19 2665850 (24x7 on call incident reporting) SMS : CYBER999 REPORT to 15888 Business Hours : Mon - Fri 09:00 -18:00 MYT Web: http://www.mycert.org.my

    4.0 Reference

    http://heartbleed.com/ http://www.kb.cert.org/vuls/id/720951 https://www.openssl.org/news/secadv_20140407.txt

    Boletin de Seguridad UNAM-CERT-2014-004 Vulnerabilidad Heartbleed en OpenSSL Una vulnerabilidad en OpenSSL podra permitir la exposicin de datos sensibles, incluyendo credenciales de usuario y llaves privadas, debido a un manejo inadecuado de memoria en la extensin heartbeat de TLS.

    Fecha de Liberacin: 9-Abr-2014 Ultim a Revisin: 9-Abr-2014 Fuente: Riesgo Crtico Problem a de Vulnerabilidad Rem oto Tipo de Vulnerabilidad Validacin inapropiada

    SistemasAfectadosO 1.0.

  • penSSL 1

    OpenSSL

    1.0.1f

    OpenSSL =

    1.0.2-beta

    1. Descripcin

    Las versiones 1.0.1 a 1.0.1f de OpenSSL tienen una falla en su implementacin de la funcionalidad heartbeat de TLS/DTLS, la cual permite a un atacante tener acceso a la memoria privada de alguna aplicacin que utilice la biblioteca vulnerable de OpenSSL en bloques de 64k. El atacante podra utilizar la vulnerabilidad tantas veces como fuera necesario para obtener informacin sensible, entre la que podra incluirse:

    o Llaves privadas o Nom bres de usuario y contraseas o Otros datos sensibles utilizados en los servicios que utilicen la

    biblioteca vulnerable de OpenSSL

    Es importante tener en cuenta que OpenSSL se utiliza en diversos servicios como mecanismo para cifrar el medio de comunicacin, por ejemplo:

    o W eb (https) o Correo electrnico (im aps, pops, sm tps) o Servicios de directorio (ldaps) o Redes Privadas Virtuales (VPN)

    Existe cdigo disponible pblicamente para explotar esta vulnerabilidad.

    2. Impacto

    Esta falla permite a un atacante acceder desde un sitio remoto a memoria privada de una aplicacin que utiliza la biblioteca OpenSSL vulnerable en bloques de 64k.

    3. Solucin

    o Actualizar a la versin OpenSSL 1.0.1g que corrige este vulnerabilidad. Todas las llaves generadas con una versin vulnerable de OpenSSL deberan considerarse com prom etidas, por

  • lo que deberan ser generadas e instaladas nuevam ente, una vez que el parche haya sido aplicado.

    o Recom pilar los binarios y bibliotecas de OpenSSL con la opcin -DOPENSSL_NO_HEARTBEATS para no incluir la funcionalidad afectada.

    o Se recom ienda considerar la im plem entacin de Perfect Forward Secrecy para m itigar el dao que podra provocar la revelacin de llaves privadas.

    4. Verificacin

    Para identificar si un sitio es vulnerable, pueden utilizarse las siguientes herramientas:

    o http://heartbleed.filippo.io/ - W eb o http://foxitsecurity.files.wordpress.com /2014/04/fox_heartbleed

    test.zip - Lnea de com andos

    5. Referencias

    o The Heartbleed Bug - http://heartbleed.com / o OpenSSL Security Advisory -

    https://www.openssl.org/news/secadv_20140407.txt o US-CERT OpenSSL 'Heartbleed' vulnerability - http://www.us-

    cert.gov/ncas/alerts/TA14-098A o RFC2409 Section 8 Perfect Forward Secrecy -

    http://tools.ietf.org/htm l/rfc2409#section-8

    La Subdireccin de Seguridad de la Informacin/UNAM-CERT agradece el apoyo en la elaboracin traduccin y revisin de ste Documento a:

    Ruben Aquino Luna (raquino at seguridad dot unam dot m x)

    UNAM-CERT Equipo de Respuesta a Incidentes UNAM Subdireccin de Seguridad de la Informacin incidentes at seguridad.unam.mx phishing at seguridad.unam.mx http://www.cert.org.mx http://www.seguridad.unam.mx

  • ftp://ftp.seguridad.unam.mx Tel: 56 22 81 69 Fax: 56 22 80 47

    [SingCERT] OpenSSL Heartbleed Bug

    Published on Wednesday, 09 April 2014 13:05

    [ Background ] A serious bug has been discovered in OpenSSL, a cryptographic software library.

    A bug was discovered in OpenSSL which could lead to unauthorised access to confidential data. Some examples of information that could be stolen include secret keys for the X.509 certificates, usernames and passwords.

    [ Affected Software ]

    All versions of OpenSSL 1.0.1 prior to 1.0.1g All versions of OpenSSL 1.0.2-beta prior to 1.0.2-beta2

    [ Recommendations ]

    For Website Owners

    Upgrade OpenSSL to to OpenSSL 1.0.1g (for websites using OpenSSL 1.0.1) or OpenSSL 1.0.2-beta2 (for websites using OpenSSL 1.0.2-beta) immediately.

    If upgrading OpenSSL is not possible, website owners are to recompile OpenSSL using -DOPENSSL_NO_HEARTBEATS switch.

    Website owners should also check with their IDS/IPS vendors if signatures are available to detect/block such attacks.

    For End Users

    Users are advised to heed the instructions of your service providers (e.g. email) or ISPs if contacted to take precautionary or remediation actions.

  • [ References ]

    https://www.openssl.org/news/secadv_20140407.txt http://heartbleed.com/ http://techcrunch.com/2014/04/07/massive-security-bug-in-openssl-could-effect-a-huge-

    chunk-of-the-internet/

    The Heartbleed BugWhat leaks in practice?How to stop the leak?Q&AWhat is the CVE-2014-0160?Why it is called the Heartbleed Bug?What makes the Heartbleed Bug unique?Is this a design flaw in SSL/TLS protocol specification?What is being leaked?What is leaked primary key material and how to recover?What is leaked secondary key material and how to recover?What is leaked protected content and how to recover?What is leaked collateral and how to recover?Recovery sounds laborious, is there a short cut?How revocation and reissuing of certificates works in practice?Am I affected by the bug?How widespread is this?What versions of the OpenSSL are affected?How common are the vulnerable OpenSSL versions?How about operating systems?How can OpenSSL be fixed?Should heartbeat be removed to aid in detection of vulnerable services?Can I detect if someone has exploited this against me?Can IDS/IPS detect or block this attack?Has this been abused in the wild?Can attacker access only 64k of the memory?Is this a MITM bug like Apple's goto fail bug was?Does TLS client certificate authentication mitigate this?Does OpenSSL's FIPS mode mitigate this?Does Perfect Forward Secrecy (PFS) mitigate this?Can heartbeat extension be disabled during the TLS handshake?Who found the Heartbleed Bug?What is the Defensics SafeGuard?Who coordinates response to this vulnerability?Is there a bright side to all this?Where to find more information?References

    USN-2165-1: OpenSSL vulnerabilitiesUbuntu Security Notice USN-2165-1openssl vulnerabilitiesSummarySoftware descriptionDetailsUpdate instructionsReferences

    Vulnerability Note VU#720951OpenSSL heartbeat extension read overflow discloses sensitive informationOverviewDescriptionImpactSolutionVendor Information (Learn More)CVSS Metrics (Learn More)ReferencesCreditOther InformationFeedback

    TR-21 - OpenSSL Heartbeat Critical VulnerabilityTR-21 - OpenSSL Heartbeat Critical VulnerabilityOverviewRecommendationsHow to test your TLS/SSL server?Detecting OpenSSL Heartbleed with NIDSAre the services like SMTP, XMPP, IMAP, SSL VPN using TLS affected?Are OpenSSL clients vulnerable too?What are the unaffected software or protocols by CVE-2014-0160?ReferencesContactClassification of this documentRevisionOpenSSL

    OpenSSL lcker information

    Ny srbarhet i OpenSSL 1.0.1Senaste nyheterCERT-SE:s veckobrev v.15Ny srbarhet i OpenSSL 1.0.1Wordpress 3.8.2 har slppts och innehller flera srbarhetsfixarAdobe uppdaterar flash-playerChrome - Uppdaterad

    Factsheet Heartbleed: Ernstige kwetsbaarheid in OpenSSLDownload Factsheet Heartbleed: Ernstige kwetsbaarheid in OpenSSL

    Heartbleed OpenSSL paeidiamumas Paeidiam operacini sistem sraasKaip pasitikrintiSistemos atnaujinimasNuorodosBoletin de Seguridad UNAM-CERT-2014-004 Vulnerabilidad Heartbleed en OpenSSL Sistemas Afectados1. Descripcin2. Impacto3. Solucin4. Verificacin5. Referencias