the heartbleed hit list

The Heartbleed Hit List: The Passwords You Need to Change Right Now

Official txt file from http://www.openssl.org/news/secadv_20140407.txt: \OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2.

Share on Facebook Share on Twitter What's This?

It's time to update your passwords to various sites affected by the Heartbleed bug. Image: Mashable composite. iStockphoto, SoberP

By Mashable Team2 days ago

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services ones you might use every day, like Gmail and Facebook and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

But it hasn't always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We've rounded up their responses below.

See also: How to Protect Yourself From the Heartbleed Bug

Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.

Although changing your password regularly is always good practice, if a site or service hasn't yet patched the problem, your information will still be vulnerable.

Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you'll need to change the password everywhere. It's not a good idea to use the same password across multiple sites, anyway.

We'll keep updating the list as new information comes in. Last update: April 11, 6:14 p.m. ET

Social Networks

Was it

affected? Is there a

patch?

Do you need to change your

password?

What did they say?

Facebook Unclear Yes Yes Yes

"We added protections for Facebooks implementation of OpenSSL before this issue was publicly disclosed. We havent detected any signs of suspicious account activity, but we encourage people to ... set up a unique password."

Instagram Yes Yes Yes Yes

"Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed. But because this event impacted many services across the web, we recommend you update your password on Instagram and other sites, particularly if you use the same password on multiple sites.

LinkedIn No No No "We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties."

Pinterest Yes Yes Yes Yes "We fixed the issue on Pinterest.com, and didnt find any evidence of mischief. To be extra careful, we e-mailed Pinners who may have been impacted, and encouraged them to change their passwords."

Tumblr Yes Yes Yes Yes "We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue."

Twitter No Yes Unclear

Twitter wrote that OpenSSL "is widely used across the internet and at Twitter. We were able to determine that [our] servers were not affected by this vulnerability. We are continuing to monitor the situation." While reiterating that they were unaffected, Twitter told Mashable that they did apply a patch.

Other Companies

Was it


patch?


password?

What did they say?

Apple No No No "iOS and OS X never incorporated the vulnerable software and key web-based services were not affected."

Amazon No No No "Amazon.com is not affected."

Google Yes Yes Yes Yes* We have assessed the SSL vulnerability and applied

Was it


patch?


password?

What did they say?

patches to key Google services. Search, Gmail, YouTube, Wallet, Play, Apps and App Engine were affected; Google Chrome and Chrome OS were not. *Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry.

Microsoft No No No Microsoft services were not running OpenSSL, according to LastPass.

Yahoo Yes Yes Yes Yes

"As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now." Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr were patched. More patches to come, Yahoo says.

Email

Was it


patch?


password?

What did they say?

AOL No No No AOL told Mashable it was not running the vulnerable version of the software.

Gmail Yes Yes Yes Yes*

We have assessed the SSL vulnerability and applied patches to key Google services. *Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry.

Hotmail / Outlook No No No Microsoft services were not running OpenSSL, according to LastPass.

Yahoo Mail Yes Yes Yes Yes "As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now."

Stores and Commerce

Was it

affected?Is there a

patch?


password?

What did they say?

Amazon No No No "Amazon.com is not affected."

Amazon Web Services (for website operators) Yes Yes Yes Yes

Most services were unaffected or Amazon was already able to apply mitigations (see advisory note here). Elastic Load Balancing, Amazon EC2, Amazon Linux AMI, Red Hat Enterprise Linux, Ubuntu, AWS OpsWorks, AWS Elastic Beanstalk and Amazon CloudFront were patched.

eBay No No No

"eBay.com was never vulnerable to this bug because we were never running a vulnerable version of OpenSSL."

Etsy Yes* Yes Yes Yes

Etsy said that only a small part of its infrastructure was vulnerable, and they have patched it.

GoDaddy Yes Yes Yes Yes "Weve been updating GoDaddy

Was it

affected?Is there a

patch?


password?

What did they say?

services that use the affected OpenSSL version." Full Statement

Groupon No No No

"Groupon.com does not utilize a version of the OpenSSL library that is susceptible to the Heartbleed bug."

Nordstrom No No No "Nordstrom websites do not use OpenSSL encryption."

PayPal No No No

"Your PayPal account details were not exposed in the past and remain secure." Full Statement

Target No No No

"[We] launched a comprehensive review of all external facing aspects of Target.com... and do not currently believe that any external-facing aspects of our sites are impacted by the OpenSSL vulnerability."

Walmart No No No "We do not use that technology so we have not

Was it

affected?Is there a

patch?


password?

What did they say?

been impacted by this particular breach."

Videos, Photos, Games & Entertainment

Was it


patch?


password?

What did they say?

Flickr Yes Yes Yes Yes "As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now."

Hulu No No No No comment provided.

Minecraft Yes Yes Yes Yes "We were forced to temporary suspend all of our services. ... The exploit has been fixed. We can not guarantee that your information wasn't compromised." More Information

Netflix Yes Yes Yes Yes

"Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact. Its a good practice to change passwords from time to time, now would be a good time to think about doing so. "

SoundCloud Yes Yes Yes Yes SoundCloud emphasized that there were no indications of any foul play and that the company's actions were simply precautionary.

YouTube Yes Yes Yes Yes*

We have assessed the SSL vulnerability and applied patches to key Google services. *Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry.

Banks and Brokerages All the banks we contacted (see below) said they were unaffected by Heartbleed, but U.S. regulators have warned banks to patch their systems.

Was it


patch?


password?

What did they say?

Bank of America No No No "A majority of our platforms do NOT use OpenSSL, and the ones that do, we have confirmed no vulnerabilities."

Barclays No No No No comment provided.

Capital One No No No "Capital One uses a version of encryption that is not vulnerable to Heartbleed."

Chase No No No "These sites dont use the encryption software that is vulnerable to the Heartbleed bug."

Citigroup No No No Citigroup does not use Open SSL in "customer-facing retail banking and credit card sites and mobile apps"

E*Trade No No No E*Trade is still investigating.

Fidelity No No No "We have multiple layers of security in place to protect our customer sites and services."

PNC No No No "We have tested our online and mobile banking systems and confirmed that they are not vulnerable to the Heartbleed bug."

Schwab No No No "Efforts to date have not detected this vulnerability on Schwab.com or any of our online channels."

Scottrade No No No "Scottrade does not use the affected version of OpenSSL on any of our client-facing platforms."

TD Ameritrade No No No TD Ameritrade "doesn't use the versions of openSSL that were vulnerable."

TD Bank No No No "We're currently taking precautions and steps to protect customer data from this threat and have no reason to believe any customer data has been compromised in the past."

T. Rowe Price No No No "The T. Rowe Price websites are not vulnerable to the Heartbleed SSL bug nor were they vulnerable in the past."

U.S. Bank No No No "We do not use OpenSSL for customer-facing, Internet banking channels, so U.S. Bank customer data is NOT at risk."

Vanguard No No No "We are not using, and have not used, the vulnerable version of OpenSSL." Wells Fargo No No No No reason provided.

Government and Taxes

Was it


patch?


password?

What did they say?

1040.com No No No "We're not vulnerable to the Heartbleed bug, as we do not use OpenSSL."

FileYour Taxes.com No No No "We continuously patch our servers to keep them updated. However, the version we use was not affected by the issue, so no action was taken."

H&R Block No No No "We are reviewing our systems and currently have found no risk to client data from this issue."

Healthcare .gov No No No "Healthcare.gov consumer accounts are not affected by this vulnerability."

Intuit (TurboTax) No No No

Turbotax wrote that "engineers have verified TurboTax is not affected by Heartbleed." The company has issued new certificates anyway, and said it's not "proactively advising" users to change their passwords.

IRS No No No

"The IRS continues to accept tax returns as normal ... and systems continue operating and are not affected by this bug. We are not aware of any security vulnerabilities related to this situation."

TaxACT No No No "Customers can update their passwords at any time, although we are not proactively advising them to do so at this time."

USAA Yes Yes Yes Yes USAA said that it has "already taken measures to help prevent a data breach and implemented a patch earlier this week."

Other

Was it

affected?Is there a

patch?


password?

What did they say?

Box Yes Yes Yes Yes

"We're currently working with our customers to proactively reset passwords and are

Was it

affected?Is there a

patch?


password?

What did they say?

also reissuing new SSL certificates for added protection."

Dropbox Yes Yes Yes Yes

On Twitter: "Weve patched all of our user-facing services & will continue to work to make sure your stuff is always safe."

Evernote No No No

"Evernote's service, Evernote apps, and Evernote websites ... all use non-OpenSSL implementations of SSL/TLS to encrypt network communications." Full Statement

GitHub Yes Yes Yes Yes

GitHub said it has patched all its systems, deployed new SSL certificates and revoked old ones. GitHub is asking all users to change password, enable two-factor authentication and "revoke and recreate personal access and application tokens."

IFTTT Yes Yes Yes Yes

IFTTT emailed all its users and logged them out, prompting them to change their

Was it

affected?Is there a

patch?


password?

What did they say?

password on the site.

OKCupid Yes Yes Yes Yes

"We, like most of the Internet, were stunned that such a serious bug has existed for so long and was so widespread."

Spark Networks (JDate, Christian Mingle) No No No Sites do not use OpenSSL.

SpiderOak Yes Yes No

Spideroak said it patched its servers, but the desktop client doesn't use a vulnerable version of OpenSSL, so "customers do not need to take any special action."

Wordpress Unclear Unclear Unclear

Wordpress tweeted that it has taken "immediate steps" and "addressed the Heartbleed OpenSSL exploit," but it's unclear if the issue is completely solder. When someone asked Matt Mullenweg, WordPress' founding developer, when the site's SSL certificates will be replaced and when users will be able to reset

Was it

affected?Is there a

patch?


password?

What did they say?

passwords, he simply answered: "soon."

Wunderlist Yes Yes Yes Yes

"Youll have to simply log back into Wunderlist. We also strongly recommend that you reset your password for Wunderlist." Full Statement

Password Managers

Was it


patch?


password?

What did they say?

1Password No No No 1Password said in a blog post that its technology "is not built upon SSL/TLS in general, and not upon OpenSSL in particular." So users don't need to change their master password.

Dashlane Yes Yes No

Dashlane said in a blog post users' accounts were not impacted and the master password is safe as it is never transmitted. The site does use OpenSSL when syncing data with its servers but Dashlane said it has patched the bug, issued new SSL certificates and revoked previous ones.

LastPass Yes Yes No

"Though LastPass employs OpenSSL, we have multiple layers of encryption to protect our users and never have access to those encryption keys." Users don't need to change their master passwords because they're never sent to the server. But passwords for other sites stored in LastPass might need to be changed.

Reporters who contributed to this story include Samantha Murphy Kelly, Lorenzo Francheschi-Bicchierai, Seth Fiegerman, Adario Strange and Kurt Wagner.

What other sites are you concerned about? Let us know in the comments.

BONUS: What Is the Heartbleed Bug?

Topics: Apps and Software, banks, Facebook, Heartbleed Bug, Mashable Must Reads, Mobile, security, Tech, Twitter, U.S., World, Yahoo

The Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Whatleaksinpractice?

We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

Howtostoptheleak?

As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

Q&A

WhatistheCVE20140160?

CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently went public with the CVE-2014-0160 identifier.

WhyitiscalledtheHeartbleedBug?

Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.

WhatmakestheHeartbleedBugunique?

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

IsthisadesignflawinSSL/TLSprotocolspecification?

No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.

Whatisbeingleaked?

Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material, 2) secondary key material and 3) protected content and 4) collateral.

Whatisleakedprimarykeymaterialandhowtorecover?

These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.

Whatisleakedsecondarykeymaterialandhowtorecover?

These are for example the user credentials (user names and passwords) used in the vulnerable services. Recovery from this leaks requires owners of the service first to restore trust to the service according to steps described above. After this users can start changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised. All session keys and session cookies should be invalided and considered compromised.

Whatisleakedprotectedcontentandhowtorecover?

This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly. Most important thing is to restore trust to the primary and secondary key material as described above. Only this enables safe use of the compromised services in the future.

Whatisleakedcollateralandhowtorecover?

Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.

Recoverysoundslaborious,isthereashortcut?

After seeing what we saw by "attacking" ourselves, with ease, we decided to take this very seriously. We have gone laboriously through patching our own critical services and are in progress of dealing with possible compromise of our primary and secondary key material. All this just in case we were not first ones to discover this and this could have been exploited in the wild already.

Howrevocationandreissuingofcertificatesworksinpractice?

If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.

AmIaffectedbythebug?

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.

Howwidespreadisthis?

Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft's April 2014 Web Server Survey. Furthermore OpenSSL is used to protect for example email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most. Furthermore OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.

WhatversionsoftheOpenSSLareaffected?

Status of different versions:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

HowcommonarethevulnerableOpenSSLversions?

The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).

Howaboutoperatingsystems?

Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

Debian W heezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 M ay 2012) and 5.4 (OpenSSL 1.0.1c 10

M ay 2012) FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013 NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions that are not vulnerable:

Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14 SUSE Linux Enterprise Server FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013 FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013 FreeBSD 10.0p1 - OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC) FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)

HowcanOpenSSLbefixed?

Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so latest fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.

Shouldheartbeatberemovedtoaidindetectionofvulnerableservices?

Recovery from this bug could benefit if the new version of the OpenSSL would both fix the bug and disable heartbeat temporarily until some future version. It appears that majority if not almost

all TLS implementations that respond to the heartbeat request today are vulnerable versions of OpenSSL. If only vulnerable versions of OpenSSL would continue to respond to the heartbeat for next few months then large scale coordinated response to reach owners of vulnerable services would become more feasible.

CanIdetectifsomeonehasexploitedthisagainstme?

Exploitation of this bug leaves no traces of anything abnormal happening to the logs.

CanIDS/IPSdetectorblockthisattack?

Although the content of the heartbeat request is encrypted it has its own record type in the protocol. This should allow intrusion detection and prevention systems (IDS/IPS) to be trained to detect use of the heartbeat request. Due to encryption differentiating between legitimate use and attack can not be based on the content of the request, but the attack may be detected by comparing the size of the request against the size of the reply. This seems to imply that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.

Hasthisbeenabusedinthewild?

We don't know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.

Canattackeraccessonly64kofthememory?

There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.

IsthisaMITMbuglikeApple'sgotofailbugwas?

No this doesn't require a man in the middle attack (MITM). Attacker can directly contact the vulnerable service or attack any user connecting to a malicious service. However in addition to direct threat the theft of the key material allows man in the middle attackers to impersonate compromised services.

DoesTLSclientcertificateauthenticationmitigatethis?

No, heartbeat request can be sent and is replied to during the handshake phase of the protocol. This occurs prior to client certificate authentication.

DoesOpenSSL'sFIPSmodemitigatethis?

No, OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable heartbeat functionality.

DoesPerfectForwardSecrecy(PFS)mitigatethis?

Use of Perfect Forward Secrecy (PFS), which is unfortunately rare but powerful, should protect past communications from retrospective decryption. Please see https://twitter.com/ivanristic/status/453280081897467905 how leaked tickets may affect this.

CanheartbeatextensionbedisabledduringtheTLShandshake?

No, vulnerable heartbeat extension code is activated regardless of the results of the handshake phase negotiations. Only way to protect yourself is to upgrade to fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the code.

WhofoundtheHeartbleedBug?

This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.

WhatistheDefensicsSafeGuard?

The SafeGuard feature of the Codenomicon's Defensics security testtools automatically tests the target system for weaknesses that compromise the integrity, privacy or safety. The SafeGuard is systematic solution to expose failed cryptographic certificate checks, privacy leaks or authentication bypass weaknesses that have exposed the Internet users to man in the middle attacks and eavesdropping. In addition to the Heartbleed bug the new Defensics TLS Safeguard feature can detect for instance the exploitable security flaw in widely used GnuTLS open source software implementing SSL/TLS functionality and the "goto fail;" bug in Apple's TLS/SSL implementation that was patched in February 2014.

Whocoordinatesresponsetothisvulnerability?

NCSC-FI took up the task of reaching out to the authors of OpenSSL, software, operating system and appliance vendors, which were potentially affected. However, this vulnerability was found and details released independently by others before this work was completed. Vendors should be notifying their users and service providers. Internet service providers should be notifying their end users where and when potential action is required.

Isthereabrightsidetoallthis?

For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.

Wheretofindmoreinformation?

This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt. NCSC-FI published an advisory at https://www.cert.fi/en/reports/2014/vulnerability788210.html. Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.

References

CVE-2014-0160 NCSC-FI case# 788210 OpenSSL Security Advisory (published 7th of April 2014, ~17:30 UTC) CloudFlare: Staying ahead of OpenSSL vulnerabilities (published 7th of April 2014,

~18:00 UTC) heartbleed.com (published 7th of April 2014, ~19:00 UTC) Ubuntu / Security Notice USN-2165-1 FreshPorts / openssl 1.0.1_10 Tor Project / OpenSSL bug CVE-2014-0160 RedHat / RHSA-2014:0376-1 CentOS / CESA-2014:0376 Fedora / Status on CVE-2014-0160 CERT/CC (USA) NCSC-FI (Finland) CERT.at (Austria) CIRCL (Luxem bourg) CERT-FR (France) JPCERT/CC (Japan) CERT-SE (Sweden) NorCERT (Norway) NCSC-NL (Netherlands) CNCERT/CC (People's Republic of China) Public Safety Canada LITNET CERT (Lithuania) M yCERT (M alaysia) UNAM -CERT (M exico)

SingCERT (Singapore) Q-CERT (Qatar)

OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2.

Staying ahead of OpenSSL vulnerabilities Published on April 07, 2014 11:00AM by Nick Sullivan. inShare190

Today a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160). We fixed this vulnerability

last week before it was made public. All sites that use CloudFlare for SSL have received this fix and are automatically protected.

OpenSSL is the core cryptographic library CloudFlare uses for SSL/TLS connections. If your site is on CloudFlare, every connection made to the HTTPS version of your site goes through this library. As one of the largest deployments of OpenSSL on the Internet today, CloudFlare has a responsibility to be vigilant about fixing these types of bugs before they go public and attackers start exploiting them and putting our customers at risk.

We encourage everyone else running a server that uses OpenSSL to upgrade to version 1.0.1g to be protected from this vulnerability. For previous versions of OpenSSL, re-compiling with the OPENSSL_NO_HEARTBEATS flag enabled will protect against this vulnerability. OpenSSL 1.0.2 will be fixed in 1.0.2-beta2.

This bug fix is a successful example of what is called responsible disclosure. Instead of disclosing the vulnerability to the public right away, the people notified of the problem tracked down the appropriate stakeholders and gave them a chance to fix the vulnerability before it went public. This model helps keep the Internet safe. A big thank you goes out to our partners for disclosing this vulnerability to us in a safe, transparent, and responsible manner. We will announce more about our responsible disclosure policy shortly.

Just another friendly reminder that CloudFlare is on top of things and making sure your sites stay as safe as possible.

USN-2165-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-2165-1 7th April, 2014

opensslvulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 LTS

Summary

OpenSSL could be made to expose sensitive information over the network, possibly including private keys.

Softwaredescription

openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160)

Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076)

Updateinstructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 13.10:

libssl1.0.0 1.0.1e-3ubuntu1.2

Ubuntu 12.10:

libssl1.0.0 1.0.1c-3ubuntu2.7

Ubuntu 12.04 LTS:

libssl1.0.0 1.0.1-4ubuntu5.12

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them.

References

CVE-2014-0076, CVE-2014-0160

http://www.freshports.org/security/openssl/ ... m ultiple pages ...

OpenSSL bug CVE-2014-0160 Posted April 7th, 2014 by arma in

openssl security advisory

A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which can be used to reveal memory to a connected client or server.

If you're using an older OpenSSL version, you're safe.

Note that this bug affects way more programs than just Tor expect everybody who runs an https webserver to be scrambling today. If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.

Here are our first thoughts on what Tor components are affected:

1. Clients: The browser part of Tor Browser shouldn't be affected, since it uses libnss rather than openssl. But the Tor client part is: Tor clients could possibly be induced to send sensitive information like "what sites you visited in this session" to your entry guards. If you're using TBB we'll have new bundles out shortly; if you're using your operating system's Tor package you should get a new OpenSSL package and then be sure to manually restart your Tor.

2. Relays and bridges: Tor relays and bridges could maybe be made to leak their medium-term onion keys (rotated once a week), or their long-term relay identity keys. An attacker who has your relay identity key can publish a new relay descriptor indicating that you're at a new location (not a particularly useful attack). An attacker who has your relay identity key, has your onion key, and can intercept traffic flows to your IP address can impersonate your relay (but remember that Tor's multi-hop design means that attacking just one relay in the client's path is not very useful). In any case, best practice would be to update your OpenSSL package, discard all the files in keys/ in your DataDirectory, and

restart your Tor to generate new keys. (You will need to update your MyFamily torrc lines if you run multiple relays.)

3. Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays. Like the last big OpenSSL bug, this shouldn't allow an attacker to identify the location of the hidden service [edit: if it's your entry guard that extracted your key, they know where they got it from]. Also, an attacker who knows the hidden service identity key can impersonate the hidden service. Best practice would be to move to a new hidden-service address at your convenience.

4. Directory authorities: In addition to the keys listed in the "relays and bridges" section above, Tor directory authorities might leak their medium-term authority signing keys. Once you've updated your OpenSSL package, you should generate a new signing key. Long-term directory authority identity keys are offline so should not be affected (whew). More tricky is that clients have your relay identity key hard-coded, so please don't rotate that yet. We'll see how this unfolds and try to think of a good solution there.

5. Tails is still tracking Debian oldstable, so it should not be affected by this bug. 6. Orbot looks vulnerable; they have some new packages available for testing. 7. The webservers in the https://www.torproject.org/ rotation needed (and got) upgrades.

Maybe we'll need to throw away our torproject SSL web cert and get a new one too.

arma's blog

Important: openssl security update Advisory: RHSA-2014:0376-1

Type: Security Advisory Severity: Important

Issued on: 2014-04-08 Last updated on: 2014-04-08

Affected Products: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server AUS (v. 6.5)Red Hat Enterprise Linux Server EUS (v. 6.5.z)Red Hat Enterprise Linux Workstation (v. 6)

CVEs (cve.mitre.org): CVE-2014-0160 Details Updated openssl packages that fix one security issue are now available for

Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

Solution Before applying this update, make sure all previously released errata

relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:

openssl-1.0.1e-16.el6_5.7.src.rpm

MD5: bd8cd18d0d76eeca5d08781b5b6712b8SHA-256:

dd7f3bddba0a4d4084ec98ed71d50314c8644346924676dc9b10cd2de2bc90d1

IA-32:

openssl-1.0.1e-16.el6_5.7.i686.rpm

MD5: 54a31865a418bfab3df25f6be640cd5aSHA-256:

3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4d

b5b40

openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm

MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6eSHA-256:

30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44e8140

openssl-devel-1.0.1e-16.el6_5.7.i686.rpm

MD5: 7cade331d0b12f7cfa0bb303b8784f37SHA-256:

8eba3b0063095e41e7f3551fd508336fc93ee68b8b04a7eb99215c7df08fbe05

openssl-perl-1.0.1e-16.el6_5.7.i686.rpm

MD5: 7806105fddd82ebb77421a0c16374ca4SHA-256:

a5bdedf9404eed0412b9b255b6af88134d1e40287ec1523a5a5501f1b91eb353

openssl-static-1.0.1e-16.el6_5.7.i686.rpm

MD5: c1709822e20782dc8c503e04ee788df9SHA-256:

4055110c07d6c18b5542e1dd0af53d501de96eae9317a4b8bec05e2c54eaedc6

x86_64:



3abd8ad9de5f30651944506ceee0a081aae324a1c0e992c5368401aff4db5b40

openssl-1.0.1e-16.el6_5.7.x86_64.rpm

MD5: 6fcf4efe58746a7b25a7654982b0e3d2SHA-256:

10d813e9fcc55f47655791e269b40fecd45b8396230b1c03a0ed77d859a4b0d2




openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm

MD5: 7f8eb8ea7db416e34afeaa6e7d10380aSHA-256:

1d3702a766e4c3b150eb7aa04772e61302e985ddc0d23d05c83b32347891637a




openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm

MD5: b23db98a10a6e58ef4a829367496e9dcSHA-256:

6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b12e9ee

openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm

MD5: 5c399d655138be5a4b5da773e3b1af6cSHA-256:

da22dff3394579ab544d772d37a3b57b89ee334d96c641409793560b5f17cafc

openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm

MD5: b8e2eb964b0b4f4d9fc6ea9676aba257SHA-256:

82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d04f8e1

Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:




x86_64:




openssl-1.0.1e-16.el6_5.7.x86_64.rpm














6f0e88747e196160a552998c94c13f0be0acd14122d0a8b992833e068b1

2e9ee







Red Hat Enterprise Linux Server (v. 6)

SRPMS:




IA-32:
















PPC:

openssl-1.0.1e-16.el6_5.7.ppc.rpm

MD5: 9551056f251da05b82149947bbd7e344SHA-256:

6d2c3e4b013cf3342d90583003ebbe5d914fa2c7a4d918a62144d67f3000d72a

openssl-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: 0004165d7fb96e29ac8c329ceabf206cSHA-256:

888878deb04e6401f1cefb13574d338d1a6a0d6d0a4bd6a78b8a4602a9dba834

openssl-debuginfo-1.0.1e-16.el6_5.7.ppc.rpm

MD5: 0cd21f6343e2747c89d2fa718eeded54SHA-256:

b1a9f23d57660fadc3c1a94b89cb15ae4a4ec07d77bd79b46ffa5cf1d39e5189

openssl-debuginfo-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: 2cf3b892db2d9c8d4d6173f5346acbedSHA-256:

e2efd8d8bc77a3cce6c99ff36f2b7d1575409c26484c9c532b448fc24d7ab69a

openssl-devel-1.0.1e-16.el6_5.7.ppc.rpm

MD5: cc24300338edb3ebd79b45c7ae25d5a8SHA-256:

80081191dcd705b73c2fdec8c595ba67a0592fca3073fc13a337ed98de524526

openssl-devel-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: dabd894e8c12d8099c5cd2600ec0dea4SHA-256:

ebcb2520d935ac75dafbf775b9e8396a1b80fd7162076b98b68d33d8a815b0c5

openssl-perl-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: 1f17c100afee814a07d9ab3f1c90f938SHA-256:

f4f826e23f73c111716c3d6d7db0c62deb3144f02ac7632094b3bdcc68042c5b

openssl-static-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: 7ee0ad9aec6b79d02d8238fa9cc2fe91SHA-256:

73268cf53f8778fa6be668bd663739b7ac7adc499cb83c437947ebbb239f58bb

s390x:

openssl-1.0.1e-16.el6_5.7.s390.rpm

MD5: ba5e1e1f5be9e2cccb0b3bc445b55ccbSHA-256:

413bf4dbb9b49a69e2cd9dcae4a857f28dd9157ea05734728420860c4bad6555

openssl-1.0.1e-16.el6_5.7.s390x.rpm

MD5: ae631cd74f8859e205c04012bf7f19eeSHA-256:

ba01c34c8cb72a5b3f1912bb078432f78a3114cbbe74c4c0c46b795f118a7dfa

openssl-debuginfo-1.0.1e-16.el6_5.7.s390.rpm

MD5: 5478d41f8af69e0c21468ff90d49f750SHA-256:

1e9693397028bfca10fed84ba85a3981e835213adf75ab032ac05ef0798f3013

openssl-debuginfo-1.0.1e-16.el6_5.7.s390x.rpm

MD5: 2a36a3495e5b933db6fa16cc89c43f98SHA-256:

ad3cd9120e80eee4e72a97882e1241cb1f70c84bf867f055727d585c026f4cf8

openssl-devel-1.0.1e-16.el6_5.7.s390.rpm

MD5: 9a6237cb10297cb39334212839902b94SHA-256:

5c89453fa1dbc9757b9e5f8576a7c0714bae3f9bea1ec72c9bf5996f39c6e680

openssl-devel-1.0.1e-16.el6_5.7.s390x.rpm

MD5: 4ffd801bce5975aa66f84cfa8670b5ffSHA-256:

18aca876de0b4240ca143cb25b4e62f382c91f0bd4de7b0237a7272e8b239e99

openssl-perl-1.0.1e-16.el6_5.7.s390x.rpm

MD5: 5ef579945625921d123248623f9e16a5SHA-256:

aa3ff1b08837eda40b16af1eb54e5334f3ab0cbf3e926230ed71efbd85b2a7bb

openssl-static-1.0.1e-16.el6_5.7.s390x.rpm

MD5: e31ad0c92b9cf260e79b25c28cb6143bSHA-256:

7f0a5f27786f7c2d375a805cf63bed410e5ea1df014f2cb89becde19adb596ba

x86_64:




openssl-1.0.1e-16.el6_5.7.x86_64.rpm





















Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:




x86_64:




openssl-1.0.1e-16.el6_5.7.x86_64.rpm






openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rp



m













Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:




IA-32:
















PPC:

openssl-1.0.1e-16.el6_5.7.ppc.rpm

MD5: 9551056f251da05b82149947bbd7e344SHA-256:

6d2c3e4b013cf3342d90583003ebbe5d914fa2c7a4d918a62144d67f3000d72a

openssl-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: 0004165d7fb96e29ac8c329ceabf206cSHA-256:

888878deb04e6401f1cefb13574d338d1a6a0d6d0a4bd6a78b8a4602a9dba834

openssl-debuginfo-1.0.1e-16.el6_5.7.ppc.rpm

MD5: 0cd21f6343e2747c89d2fa718eeded54SHA-256:

b1a9f23d57660fadc3c1a94b89cb15ae4a4ec07d77bd79b46ffa5cf1d39e5189

openssl-debuginfo-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: 2cf3b892db2d9c8d4d6173f5346acbedSHA-256:

e2efd8d8bc77a3cce6c99ff36f2b7d1575409c26484c9c532b448fc24d7ab69a

openssl-devel-1.0.1e-16.el6_5.7.ppc.rpm

MD5: cc24300338edb3ebd79b45c7ae25d5a8SHA-256:

80081191dcd705b73c2fdec8c595ba67a0592fca3073fc13a337ed98de524526

openssl-devel-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: dabd894e8c12d8099c5cd2600ec0dea4SHA-256:

ebcb2520d935ac75dafbf775b9e8396a1b80fd7162076b98b68d33d8a815b0c5

openssl-perl-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: 1f17c100afee814a07d9ab3f1c90f938SHA-256:

f4f826e23f73c111716c3d6d7db0c62deb3144f02ac7632094b3bdcc68042c5b

openssl-static-1.0.1e-16.el6_5.7.ppc64.rpm

MD5: 7ee0ad9aec6b79d02d8238fa9cc2fe91SHA-256:

73268cf53f8778fa6be668bd663739b7ac7adc499cb83c437947ebbb239f58bb

s390x:

openssl-1.0.1e-16.el6_5.7.s390.rpm

MD5: ba5e1e1f5be9e2cccb0b3bc445b55ccbSHA-256:

413bf4dbb9b49a69e2cd9dcae4a857f28dd9157ea05734728420860c4bad6555

openssl-1.0.1e-16.el6_5.7.s390x.rpm

MD5: ae631cd74f8859e205c04012bf7f19eeSHA-256:

ba01c34c8cb72a5b3f1912bb078432f78a3114cbbe74c4c0c46b795f118a7dfa

openssl-debuginfo-1.0.1e-16.el6_5.7.s390.rpm

MD5: 5478d41f8af69e0c21468ff90d49f750SHA-256:

1e9693397028bfca10fed84ba85a3981e835213adf75ab032ac05ef0798f3013

openssl-debuginfo-1.0.1e-16.el6_5.7.s390x.rpm

MD5: 2a36a3495e5b933db6fa16cc89c43f98SHA-256:

ad3cd9120e80eee4e72a97882e1241cb1f70c84bf867f055727d585c026f4cf8

openssl-devel-1.0.1e-16.el6_5.7.s390.rpm

MD5: 9a6237cb10297cb39334212839902b94SHA-256:

5c89453fa1dbc9757b9e5f8576a7c0714bae3f9bea1ec72c9bf5996f39c6e680

openssl-devel-1.0.1e-16.el6_5.7.s390x.rpm

MD5: 4ffd801bce5975aa66f84cfa8670b5ffSHA-256:

18aca876de0b4240ca143cb25b4e62f382c91f0bd4de7b0237a7272e8b239e99

openssl-perl-1.0.1e-16.el6_5.7.s390x.rpm

MD5: 5ef579945625921d123248623f9e16a5SHA-256:

aa3ff1b08837eda40b16af1eb54e5334f3ab0cbf3e926230ed71efbd85b2a7bb

openssl-static-1.0.1e-16.el6_5.7.s390x.rpm

MD5: e31ad0c92b9cf260e79b25c28cb6143bSHA-256:

7f0a5f27786f7c2d375a805cf63bed410e5ea1df014f2cb89becde19adb596ba

x86_64:




openssl-1.0.1e-16.el6_5.7.x86_64.rpm



openssl-debuginfo- MD5: 3c0a1c3b3dd5e88adc2784a63a2c4e6e

1.0.1e-16.el6_5.7.i686.rpm

SHA-256: 30885b8f843a775d576440e3f929902cb29efb9a2f855c9d2ab084a0a44

e8140
















Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:




IA-32:
















x86_64:




openssl-1.0.1e-16.el6_5.7.x86_64.rpm


















openssl-static-1.0.1e- MD5: b8e2eb964b0b4f4d9fc6ea9676aba257

16.el6_5.7.x86_64.rpm

SHA-256: 82412749e48786c0f272ed83b391f6cf56410268e365ace556fedfcb0d0

4f8e1

(The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat

extension packets References https://www.redhat.com/security/data/cve/CVE-2014-0160.html

https://access.redhat.com/security/updates/classification/#important

[CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update Karanbir Singh kbsingh at centos.org Tue Apr 8 02:54:58 UTC 2014

Previous message: [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround

Next message: [CentOS-announce] CESA-2014:0383 Moderate CentOS 6 samba4 Update

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

CentOS Errata and Security Advisory 2014:0376 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 openssl-1.0.1e-16.el6_5.7.i686.rpm ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba openssl-devel-1.0.1e-16.el6_5.7.i686.rpm 5724d24708d8b62ee48585ea530d379c258a9dd537ce3d350a61af4489c11ea5 openssl-perl-1.0.1e-16.el6_5.7.i686.rpm 601108f27b4716355d972d70e8711b6ff53f4375962b3d6e81321736c6709b90 openssl-static-1.0.1e-16.el6_5.7.i686.rpm

x86_64: 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 openssl-1.0.1e-16.el6_5.7.i686.rpm 42cdc321aa3d46889c395c5d6dc11961ed86be5f4d98af0d6399d6c4e1233712 openssl-1.0.1e-16.el6_5.7.x86_64.rpm ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba openssl-devel-1.0.1e-16.el6_5.7.i686.rpm 3328f32f211b2e136c25ec8538c768049f288f0b410932b31880fa4b4de8e73b openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm 89cdbaed00f8348a6a6d567c6c1eb8aba9f94578653be475e826e24c51f10594 openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm 9222db08c5cbf4fded04fd7d060f5b91ed396665e2baa4c899fc2aa8aa9297d0 openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm Source: 3a08cda99f54b97c027ed32758e7b1ddcff635be5c3737c1e9084321561a015d openssl-1.0.1e-16.el6_5.7.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos at irc.freenode.net

Status on CVE-2014-0160, aka "Heartbleed" Robyn Bergeron rbergero at redhat.com Tue Apr 8 03:01:24 UTC 2014

Next message: Status on CVE-2014-0160, aka "Heartbleed" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greetings, Fedora community: We're aware of the recently disclosed CVE-2014-0160 (aka "Heartbleed"): https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl) https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl) The issue affects the currently supported Fedora 19 and Fedora 20 releases. Updates for openssl packages are available now, and mirrors near you will receive them shortly. If you do not want to wait for your local mirror to get updates, you can retrieve and install packages directly: For Fedora 19 x86_64:

yum -y install koji koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1 yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm For Fedora 20 x86_64: yum -y install koji koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1 yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20 only). Package updates for mingw-openssl will receive fixes shortly and we'll update the community when they are available. Note that Fedora 18, which is no longer supported by the Fedora community, is also affected by this issue. Fedora 17 and previous releases, also no longer supported, are not affected by this issue. Fedora Release Engineering is currently regenerating AMIs and qcow2/kvm images to include the fix. The Fedora Infrastructure team is working to assess any additional impact, and will update the community as we develop more information. Thanks for your patience as we work on this issue. ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing package updates, and Major Hayden for providing the manual update guidance above. -Robyn Bergeron

Vulnerability Note VU#720951 OpenSSL heartbeat extension read overflow discloses sensitive information Original Release date: 07 Apr 2014 | Last revised: 11 Apr 2014

Print Docum ent

Tweet

Like M e

Share

Overview

OpenSSL 1.0.1 contains a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed."

DescriptionOpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality (RFC6520). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of up to 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to increase the chances that a leaked chunk contains the intended secrets. The sensitive information that may be retrieved using this vulnerability include:

Prim ary key m aterial (secret keys) Secondary key m aterial (user nam es and passwords used by vulnerable

services) Protected content (sensitive data used by vulnerable services) Collateral (m em ory addresses and content that can be leveraged to

bypass exploit m itigations)

Please see the Heartbleed website for m ore details. Exploit code for this vulnerability is publicly available. Any service that supports STARTTLS (im ap,sm tp,http,pop) m ay also be affected.

ImpactBy attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.

SolutionApply an update This issue is addressed in OpenSSL 1.0.1g. Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items. Old keys should be revoked. Reports indicate that the use of mod_spdy can prevent the updated OpenSSL library from being utilized, as mod_spdy uses its own copy of OpenSSL. Please see https://code.google.com/p/mod-spdy/issues/detail?id=85 for more details.

Disable OpenSSL heartbeat support

This issue can be addressed by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the changes to take effect. Use Perfect Forward Secrecy (PFS) PFS can help minimize the damage in the case of a secret key leak by making it more difficult to decrypt already-captured network traffic. However, if a ticket key is leaked, then any sessions that use that ticket could be compromised. Ticket keys may only be regenerated when a web server is restarted.

VendorInformation(LearnMore)

Vendor Status

Date Notified

Date Updated

Am azon Affected - 09 Apr

2014

Aruba Networks, Inc. Affected - 09 Apr

2014

Bee W are Affected - 09 Apr

2014

Blue Coat System s Affected 07 Apr

2014 09 Apr

2014

Cisco System s, Inc. Affected 07 Apr

2014 10 Apr

2014

Debian GNU/Linux Affected 07 Apr

2014 08 Apr

2014

F5 Networks, Inc. Affected 07 Apr

2014 09 Apr

2014

Fedora Project Affected 07 Apr

2014 08 Apr

2014

Fortinet, Inc. Affected 07 Apr

2014 09 Apr

2014

FreeBSD Project Affected 07 Apr

2014 09 Apr

2014

Gentoo Linux Affected 07 Apr

2014 08 Apr

2014

Google Affected 07 Apr

2014 09 Apr

2014

IBM Corporation Affected 07 Apr

2014 11 Apr

2014

Juniper Networks, Inc. Affected 07 Apr

2014 09 Apr

2014

M andriva S. A. Affected 07 Apr

2014 07 Apr

2014

If you are a vendor and your product is affected, let us know.View M ore

CVSSMetrics(LearnMore)

Group Score

Vector

Base 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Tem poral

5.3 E:F/RL:OF/RC:C

Environm ental

7.5 CDP:LM /TD:H/CR:H/IR:H/AR:ND

References

http://heartbleed.com /

http://seclists.org/oss-sec/2014/q2/22 http://git.openssl.org/gitweb/?p=openssl.git;a=com m itdiff;h=96db902 https://tools.ietf.org/htm l/rfc6520 http://www.openssl.org/news/openssl-1.0.1-notes.htm l http://blog.cryptographyengineering.com /2014/04/attack-of-week-

openssl-heartbleed.htm l http://blog.fox-it.com /2014/04/08/openssl-heartbleed-bug-live-blog/ https://www.cert.fi/en/reports/2014/vulnerability788210.htm l https://code.google.com /p/m od-spdy/issues/detail?id=85 http://www.exploit-db.com /exploits/32745/ https://access.redhat.com /security/cve/CVE-2014-0160 http://www.ubuntu.com /usn/usn-2165-1/ http://www.freshports.org/security/openssl/ https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

Credit

This vulnerability was reported by OpenSSL, who in turn credits Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security.

This document was written by Will Dormann.

OtherInformation

CVE IDs: CVE-2014-0160 Date Public: 07 Apr 2014 Date First Published: 07 Apr 2014 Date Last Updated: 11 Apr 2014 Docum ent Revision: 125

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NCSC-FI Advisory on OpenSSL

Target

- servers and server applications - workstations and end user applications- network devices - embedded systems

- other

Access Vector - remote - no user interaction required - no authentication required

Impact - breach of confidentiality - security bypass

Remediation - fix provided by vendor - problem mitigation

Details A vulnerability has been found in the heartbeat protocol implementation of TLS (Transport Layer Security) and DTLS (Datagram TLS) of OpenSSL. OpenSSL replies a requested amount upto 64kB of random memory content as a reply to a heartbeat request. Sensitive data such as message contents, user credentials, session keys and server private keys have been observed within the reply contents. More memory contents can be acquired by sending more requests. The attacks have not been observed to leave traces in application logs.

Vulnerability Coordination Information and Acknowledgements The vulnerability was first reported to OpenSSL by Neel Mehta from Google Security. Matti Kamunen, Antti Karjalainen and Riku Hietamki from Codenomicon Oy reported the vulnerability to NCSC-FI, who reported it in turn to OpenSSL. NCSC-FI would like to thank Codenomicon for reporting and analysing the vulnerability.

Vendor Information OpenSSL versions from 1.0.1 to 1.0.1f. The vulnerability has been fixed in OpenSSL

1.0.1g.

Vulnerable Linux and BSD distributions include:

Red Hat Enterprise Linux 6.5 (OpenSSL 1.0.1e) Debian Wheezy (fixed in version 1.0.1e-2+deb7u5) Ubuntu 12.04 LTS, 13.04 and 13.10 Gentoo Linux Slackware 14.0, 14.1 and current OpenBSD 5.3 ja 5.4 FreeBSD, versions 10.x NetBSD, versions 6.1 - 6.1.3 ja 6.0 - 6.0.4 DragonflyBSD 3.6 Mandriva Business Server 1

Software using a vulnerable version of OpenSSL include:

Cisco AnyConnect Secure Mobility Client for iOS Cisco Desktop Collaboration Experience DX650 Cisco Unified 7800 series IP Phones Cisco Unified 8961 IP Phone Cisco Unified 9951 IP Phone Cisco Unified 9971 IP Phone Cisco TelePresence Video Communication Server (VCS) Cisco IOS XECisco UCS B-Series (Blade) Servers Cisco UCS C-Series (Stand alone Rack) Servers Cisco Unified Communication Manager (UCM) 10.0 FortiGate FortiOS 5.0.5 ja 5.0.6 Junos OS 13.3R1 Juniper Odyssey client 5.6r5 and newer Juniper SSL VPN (IVEOS) 7.4r1 and newer Juniper SSL VPN (IVEOS) 8.0r1 and newer Juniper UAC 4.4r1 and newer Juniper UAC 5.0r1 and newer Juniper Junos Pulse (Desktop) 5.0r1 and newer Juniper Junos Pulse (Desktop) 4.0r5 and newer Juniper Network Connect (windows) versions 7.4R5 - 7.4R9.1 & 8.0R1 to 8.0R3.1 Juniper Junos Pulse (Mobile) on Android 4.2R1 and newer Juniper Junos Pulse (Mobile) on iOS 4.2R1 F5 BIG-IP LTM versions 11.5.0 - 11.5.1 F5 BIG-IP AAM versions 11.5.0 - 11.5.1 F5 BIG-IP AFM versions 11.5.0 - 11.5.1 F5 BIG-IP Analytics versions 11.5.0 - 11.5.1 F5 BIG-IP APM versions 11.5.0 - 11.5.1 F5 BIG-IP ASM versions 11.5.0 - 11.5.1 F5 BIG-IP GTM versions 11.5.0 - 11.5.1 F5 BIG-IP Link Controller 11.5.0 - 11.5.1 F5 BIG-IP PEM versions 11.5.0 - 11.5.1 F5 BIG-IP PSM versions 11.5.0 - 11.5.1 F5 BIG-IP Edge Clients for Apple iOS versions 2.0.0 - 2.0.1 ja 1.0.5 F5 BIG-IP Edge Clients for Linux versions 7080 - 7101 F5 BIG-IP Edge Clients for MAC OS X versions 7080 - 7101 ja 6035 - 7071 F5 BIG-IP Edge Clients for Windows versions 7080 - 7101 ja 6035 - 7071 OpenVPN 2.3-rc2-I001 - 2.3.2-I003 Aruba ArubaOS versions 6.3.x, 6.4.x Aruba ClearPass versions 6.1.x, 6.2.x, 6.3.x Viscosity before version 1.4.8 WatchGuard XTM ja XCS before version 11.8.3 CSP Blue Coat Content Analysis System versions 1.1.1.1 - 1.1.5.1 Blue Coat Malware Analysis Appliance version 1.1.1 Blue Coat ProxyAV versions 3.5.1.1 - 3.5.1.6

Blue Coat ProxySG versions 6.5.1.1 - 6.5.3.5 Blue Coat SSL Visibility 3.7.0 Jolla F-Secure F-Secure Messaging Secure Gateway 7.5 F-Secure Protection Service for Email 7.5 F-Secure Anti-Theft Portal

Remediation Patch the vulnerable software components according to the guidance published by the vendor. Restart affected services after the update. The vulnerability can be mitigated by disabling the affected components. This can be done by compiling OpenSSL with the configuration option -DNO_OPENSSL_HEARTBEATS.

References

https://www.openssl.org/news/secadv_20140407.txt https://www.kb.cert.org/vuls/id/720951 http://heartbleed.com/ https://tools.ietf.org/html/rfc6520 CVE-2014-0160

Updates

o http://lists.centos.org/pipermail/centos-announce/2014-April/020248.html

o http://koji.fedoraproject.org/koji/buildinfo?buildid=509741 o https://www.debian.org/security/2014/dsa-2896 o https://access.redhat.com/security/cve/CVE-2014-0160 o http://www.ubuntu.com/usn/usn-2165-1/ o http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml o http://www.slackware.com/security/viewer.php?l=slackware-

security&y=2014&m=slackware-security.533622 o http://www.openbsd.org/errata53.html#014_openssl o http://www.openbsd.org/errata54.html#007_openssl o http://www.freebsd.org/security/advisories/FreeBSD-SA-

14:06.openssl.asc o http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-

SA2014-004.txt.asc o http://lists.dragonflybsd.org/pipermail/commits/2014-

April/269894.html

o http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:067/

o http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623

o http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

o https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_dogoviewsolutiondetails=&solutionid=sk100173

o http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

o https://community.openvpn.net/openvpn/wiki/heartbleed o http://www.arubanetworks.com/support/alerts/aid-040814.asc o https://www.sparklabs.com/viscosity/releasenotes/ o http://watchguardsecuritycenter.com/2014/04/08/the-

heartbleed-openssl-vulnerability-patch-openssl-asap/ o http://kb.bluecoat.com/index?page=content&id=SA79 o https://together.jolla.com/question/38508/release-notes-software-version-10516-

paarlampi/ o http://www.f-secure.com/en/web/labs_global/fsc-2014-1

Contact Information NCSC-FI Vulnerability Coordination can be contacted as follows: Email: [email protected] Please quote the advisory reference [FICORA #788210] in the subject line Telephone: +358 295 390 230 Monday - Friday 08:00 - 16:15 (EEST: UTC+2) Fax : +358 295 390 270 Post: Vulnerability Coordination FICORA/CERT-FI P.O. Box 313 FI-00181 Helsinki FINLAND CERT-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at

https://www.ncsc.fi/en/activities/contact/pgp-keys.html

The CERT-FI vulnerability coordination policy can be viewed at https://www.ncsc.fi/en/activities/Vulncoord/vulncoord-policy.html.

Revision History 8 Apr 2013, 07:45 UTC: Published 10 Apr 2014, 11:07 UTC: Updated vendor list and references 10 Apr 2014, 12:12 UTC: Removed erroneously added CheckPoint products from listing 10 Apr 2014, 13:27 UTC: Fixed affected FreeBSD versions 11 Apr 2014, 17:27 UTC: Update vendor list and references (Jolla, F-Secure)

Update - Schweres Sicherheitsproblem mit OpenSSL ("Heartbleed"-Lcke) 8. April 2014 Update 10. April 2014

Das OpenSSL-Projekt hat eine Warnung bezglich eines akuten Problems verffentlicht.

In einschlgigen Medien wird bereits berichtet, ob der Dringlichkeit und des Umfangs des Problems bittet CERT.at nochmals um Beachtung der folgenden Hinweise.

Beschreibung Durch einen Fehler in OpenSSL knnen Angreifer Teile des Hauptspeichers eines betroffenen Systems (in Schritten von 64kB) lesen. Dadurch ist es den Angreifern mglich, an diverse Informationen, unter Umstnden inklusive der "Private" Keys/X.509 Zertifikate, zu gelangen.

Eine ausfhrliche Beschreibung des Problems findet sich auf http://heartbleed.com/ (englisch).

Eintrag in der CVE-Datenbank: CVE-2014-0160.

Auswirkungen

Da davon auszugehen ist, dass Angreifer ber die Private Keys von mit verwundbaren OpenSSL-Versionen gesicherten Services verfgen, sind prinzipiell alle ber solche Services bermittelten Informationen als kompromittiert zu betrachten.

Falls die Services mit "Perfect Forward Secrecy" konfiguriert sind, knnen Angreifer allerdings nicht Informationen aus in der Vergangenheit mitprotokollierten Sitzungen entschlsseln. Aktuell bertragene Informationen sind trotzdem betroffen.

Betroffene Systeme Der Fehler betrifft alle OpenSSL Versionen von 1.0.1 bis inklusive 1.0.1f, die erste verwundbare Version 1.0.1 wurde am 14. Mrz 2012 verffentlicht. Das sind beispielsweise Systeme mit folgenden Betriebssystem-Versionen (Achtung, Liste ist nicht vollstndig):

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c) NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c)

Update 10. April 2014 Wir mchten hier auch nochmals ausdrcklich darauf hinweisen, dass dieses Problem nicht nur Webserver/Webseiten betrifft, sondern alle Software die auf OpenSSL aufsetzt und TLS verwendet. Aber natrlich sind auch alle Systeme/Services betroffen, auf denen eigens kompilierte/installierte Versionen von OpenSSL eingesetzt werden. Auch Installationen von zB "SSL-VPN"-Services knnen betroffen sein.

Nicht betroffen sind:

Systeme, auf denen OpenSSL 0.9.x eingesetzt wird weiters Installationen von OpenSSL, in denen die "Heartbeat"-Funktion durch einen

entsprechende Parameter (-DOPENSSL_NO_HEARTBEATS) beim Kompilieren ausgeschaltet wurde Update 10. April 2014: OpenSSH ist nicht betroffen, da es zwar OpenSSL aber nicht

TLS (und damit auch nicht die verwundbare "Heartbeat"-Extension) verwendet

Abhilfe

Es wird dringend empfohlen, die von den Betriebssystemen bereitgestellten Patches zu installieren. Wo dies nicht mglich ist, sollten betroffene OpenSSL-Versionen so konfiguriert werden, dass die "Heartbeat"-Funktion nicht untersttzt wird (Parameter -DOPENSSL_NO_HEARTBEATS beim Kompilieren).

Weiters sind alle Private Keys als kompromittiert zu betrachten, und es sollten nach Einspielen entsprechender Patches neue erzeugt, und gegebenenfalls bei den genutzten Certificate Authorities zur Signierung vorgelegt, werden. Wie zB Heise Security formuliert: Auerdem besteht natrlich die Gefahr, dass Angreifer mit guten technischen Ressourcen den Fehler bereits kannten und massenhaft Schlssel geklaut haben. Auch sollten die "alten" Keys fr ungltig erklrt (revoked) werden.

Fr Firmenumgebungen mit IDS/IPS-Installationen sind auch bereits erste Signaturen erhltlich, mit denen Versuche dieses Problem auszunutzen, erkannt werden knnen. Da dies aber nicht retroaktiv mglich ist, sind auch dort alle Private Keys als kompromittiert zu betrachten.

Update (2014-04-10): Benutzer von Linux-Systemen mit iptables knnen ein Ausnutzen dieser Lcke mit entsprechenden Rules (wie unter http://www.securityfocus.com/archive/1/531779 beschrieben) verhindern bzw. erkennen.

Auch Endbenutzer sollten ihre Systeme auf Verwendung von verwundbaren OpenSSL-Versionen berprfen, dies betrifft auch besonders Benutzer von mobilen Gerten wie Smartphones/Tablets.

Update (2014-04-10): Ob die eigenen Services betroffen sind, lsst sich beispielsweise mit folgenden Methoden herausfinden:

Online-Test: http://filippo.io/Heartbleed/ o Der Code zu diesem Online-Test ist auch fr eigene Benutzung verfgbar:

https://github.com/FiloSottile/Heartbleed Plugin fr den bekannten Security-Scanner nmap:

https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse

Alle diese Tests knnen natrlich ein Patchen/Umkonfigurieren/Schtzen der eigenen Systeme nicht ersetzen - Falscheinschtzungen sind auch hier mglich.

Hinweis Generell empfiehlt CERT.at, wo mglich die "automatisches Update"-Features von Software zu nutzen, parallel Firewall-Software aktiv und den Virenschutz aktuell zu halten.

Informationsquelle(n): OpenSSL Security Advisory (englisch)

https://www.openssl.org/news/secadv_20140407.txt Detaillierte Beschreibung des Problems (englisch) http://heartbleed.com/ Debian Security Advisory DSA-2896-1 (englisch) https://www.debian.org/security/2014/dsa-2896 Redhat Security Advisory RHSA-2014:0376-1 (englisch) https://rhn.redhat.com/errata/RHSA-2014-0376.html Meldung bei Heise Security (deutsch) http://www.heise.de/security/meldung/Der-GAU-fuer-Verschluesselung-im-Web-Horror-Bug-in-OpenSSL-2165517.html

TR-21 - OpenSSL Heartbeat Critical Vulnerability

TR21OpenSSLHeartbeatCriticalVulnerability

Back to Publications and Presentations

1. Overview 2. Recom m endations 3. How to test your TLS/SSL server? 4. Detecting OpenSSL Heartbleed with NIDS 5. Are the services like SM TP, XM PP, IM AP, SSL VPN using TLS affected? 6. Are OpenSSL clients vulnerable too? 7. W hat are the unaffected software or protocols by CVE-2014-0160? 8. References 9. Contact 10. Classification of this docum ent 11. Revision

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Overview OpenSSL software is vulnerable to memory leakage to the connected client or server. In other words, anyone can remotely retrieve sensitive information (e.g. secret keys, passwords, confidential document) from the memory of the remote servers without leaving traces. This is a critical vulnerability and you must patch your OpenSSL software as soon as possible.

OpenSSL version 1.0.1 and 1.0.2-beta releases are affected by this vulnerability including 1.0.1f and 1.0.2-beta1. Prior version are not vulnerable to this vulnerability.

After patching, all sensitive information need to be evaluated especially private keys or credentials. We recommend, at least, to regenerate the X.509 key materials and do an impact assessment on the potentially leaked information.

Recommendations You should apply the OpenSSL updates provided by the software distributors:

Ubuntu USN-2165-1: OpenSSL vulnerabilities Ubuntu CVE-2014-0160 detailed inform ation per release Debian DSA-2896-1 openssl security update Red Hat RHSA-2014:0376-1 Red Hat Enterprise Linux 6 Red Hat RHSA-2014:0377-1 Red Hat Storage Native Client for Red Hat

Enterprise Linux CentOS 6 CVE-2014-0160 CentOS 6 openssl heartbleed workaround Gentoo glsa-201404-07 OpenSSL: Inform ation Disclosure Novell/Suse SUSE Linux Enterprise Server 11 and older versions with

openssl 0.9.8 are not affected. Only openSUSE 12.3 and 13.1 are shipping affected versions currently.

Tor com ponents affected by OpenSSL bug CVE-2014-0160 m od_spdy binary bugfix release (v0.9.4.2) stunnel OpenSSL DLLs updated to version 1.0.1g. This version m itigates

TLS heartbeat read overrun (CVE-2014-0160) Fedora 19 Update: openssl-1.0.1e-37.fc19.1 Fedora 20 Update: openssl-1.0.1e-37.fc20.1 FreeBSD-SA-14:06.openssl OpenSSL m ultiple vulnerabilities OpenBSD 5.5 errata 2, Apr 8, 2014 OpenBSD 5.4 errata 7, Apr 8, 2014 OpenBSD 5.3 errata 14, Apr 8, 2014 FreeRADIUS version 2 and Version 3 of FreeRADIUS are vulnerable to the

attack OpenVPN Access Server 1.8.4 > 2.0.5

Its important to note that some distributions use their own version numbering scheme for the OpenSSL package. If the distribution backports functionalities from OpenSSL into older versions, you might be vulnerable too.

You may not have realized that Canonical changed its policy regarding the suppor