Heartbleet OpenSSL bugs

RusliRusli Posts: 988
in F-Secure SAFE

Hi All,

 

If you are currently using linux operating system, please take note of the OpenSSL Heartbleed bug.

 

As mentioned in the link here below.

 

http://heartbleed.com/

 

Affected Operating Systems:-

 

What versions of the OpenSSL are affected?

Status of different versions:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

How common are the vulnerable OpenSSL versions?

The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).

How about operating systems?

Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

  • Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
  • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
  • CentOS 6.5, OpenSSL 1.0.1e-15
  • Fedora 18, OpenSSL 1.0.1e-4
  • OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
  • FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
  • NetBSD 5.0.2 (OpenSSL 1.0.1e)
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions that are not vulnerable:

  • Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
  • SUSE Linux Enterprise Server
  • FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
  • FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
  • FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)

 

If you are using OS X Maverick. I think it is not affected as it is using OpenSSL 0.9.

 

To confirmed chek it via terminal.

 

type in  command openssl version

 

Then you will see something like these - For example.

 

OpenSSL 1.0.1e-fips 11 Feb 2013

 

Other reference URL to see.

 

http://heartbleed.com/

 

http://www.f-secure.com/weblog/archives/00002694.html

 

http://www.zdnet.com/google-aws-rackspace-affected-by-heartbleed-openssl-flaw-but-azure-escapes-7000028281/

 

http://www.theguardian.com/technology/2014/apr/08/heartbleed-bug-puts-encryption-at-risk-for-hundreds-of-thousands-of-servers

 

http://support.apple.com/kb/ht1222

 


For Mac Users:-

 

http://appleinsider.com/articles/14/04/10/apple-says-ios-os-x-and-certain-web-services-protected-against-heartbleed

 

http://www.intego.com/mac-security-blog/heartbleed-openssl-bug-faq-for-mac-iphone-and-ipad-users/

 

http://www.tuaw.com/2014/04/09/why-the-openssl-heartbleed-bug-doesnt-affect-os-x-or-os-x-serve/

 

 

 

Others:- (For Linux only!!! Do not use for Macs!!)

 

http://webscripts.softpedia.com/script/Security-Systems/OpenSSL-27355.html

Like

Answers

  • RusliRusli Posts: 988

    Just do a software updates on your linux operating system.

     

    That goes the same to Freebsd as well. And other BSD systems.

     

    Same to Oracle Solaris.

    Like
  • RusliRusli Posts: 988

    The is latest infos.

     

    Please check this links here! * This is important *

     

    http://www.kb.cert.org/vuls/id/720951

     

     

    http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=720951&SearchOrder=4

    Like
  • NikKNikK Posts: 931

    Affected Home F-Secure products are: Key, Freedome and Lokki.

     

    But they are already patched and doesn't require any user action :)

    http://www.f-secure.com/en/web/labs_global/fsc-2014-1

    Like
  • RusliRusli Posts: 988

    Please take note of this updates....

     

    http://www.kb.cert.org/vuls/id/978508

     

    http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=978508&SearchOrder=4

     

    https://www.openssl.org/news/secadv_20140605.txt

     

    OpenSSL Security Advisory [05 Jun 2014]
========================================

SSL/TLS MITM vulnerability (CVE-2014-0224)
===========================================

An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and 
modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
researching this issue.  This issue was reported to OpenSSL on 1st May
2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly based
on an original patch from KIKUCHI Masashi.

DTLS recursion flaw (CVE-2014-0221)
====================================

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.  This
issue was reported to OpenSSL on 9th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

DTLS invalid fragment vulnerability (CVE-2014-0195)
====================================================

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Jüri Aedla for reporting this issue.  This issue was
reported to OpenSSL on 23rd April 2014 via HP ZDI.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
=================================================================

A flaw in the do_ssl3_write function can allow remote attackers to
cause a denial of service via a NULL pointer dereference.  This flaw
only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is
enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.  The fix was developed by
Matt Caswell of the OpenSSL development team.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
===============================================================================
 
A race condition in the ssl3_read_bytes function can allow remote
attackers to inject data across sessions or cause a denial of service.
This flaw only affects multithreaded applications using OpenSSL 1.0.0
and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the
default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.  

Anonymous ECDH denial of service (CVE-2014-3470)
================================================

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.

OpenSSL 0.9.8 users should upgrade to 0.9.8za
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this
issue.  This issue was reported to OpenSSL on 28th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Other issues
============

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for
CVE-2014-0076: Fix for the attack described in the paper "Recovering
OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
Reported by Yuval Yarom and Naomi Benger.  This issue was previously
fixed in OpenSSL 1.0.1g.


References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20140605.txt
    Like
  • pkunkpkunk Posts: 2

    The link to the original author of the bug is here:

     

    http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html

     

    Its an OpenSSL bug, but different from the Heartbleed issue.  

     

    This is a less threatening, Man-In-The-Middle attack vector.

     

    I noticed it too, and did not see anything on the News from the Lab.

    Like
  • pkunkpkunk Posts: 2

    Oops, make that 5.Jun.2014.  I was off by a day.

    Like
This discussion has been closed.