Heartbleed

Heartbleed is a software bug in the open-source cryptographylibrary OpenSSL, which allows an attacker to read the memory of a server or a client, allowing them to retrieve, for example, a server's SSL private keys.[3][4][5] Examinations of audit logs appear to show that some attackers may have exploited the flaw for at least five months before it was rediscovered and published.[6][7][8]

History[edit]

On April 7, 2014, it was announced that OpenSSL 1.0.2-beta, as well as all versions of OpenSSL in the 1.0.1 series prior to 1.0.1g had a severe memory handling bug in their implementation of the TLSHeartbeat Extension.[9][10] This defect could be used to reveal up to 64 kilobytes of the application's memory with every heartbeat.[11] Its CVE number is CVE-2014-0160.[12]
The bug is exercised by sending a malformed heartbeat request to the server in order to elicit the server's memory response. Due to a lack of bounds checking, the affected versions of OpenSSL never verified that the heartbeat request was valid, allowing attackers to bring about inappropriate server responses.[13]
The vulnerability has existed since December 31, 2011, and the vulnerable code has been in widespread use since the release of OpenSSL version 1.0.1 on March 14, 2012.[14][15][16]
The bug was named by an engineer at Codenomicon, a Finnish cybersecurity company.[17] According to Codenomicon, Neel Mehta of Google Security first reported the bug to OpenSSL, but both Google and Codenomicon discovered it independently.[14] The OpenSSL team also credits Mehta as the discoverer.[10] Both allegedly reported the problem to OpenSSL developers before the public disclosure.[citation needed]

Impact[edit]

By reading an arbitrary block of the web server's memory, attackers might receive sensitive data, compromising the security of the server and its users. Vulnerable data include the server's private master key,[14][16] which would enable attackers to decrypt current or stored traffic via passive man-in-the-middle attack (if perfect forward secrecy is not used by the server and client), or active man-in-the-middle if perfect forward secrecy is used. The attacker cannot control which data is returned, as the server responds with a random chunk of its own memory.
The bug might also reveal unencrypted parts of users' requests and responses, including any form post data in users' requests, session cookies and passwords, which might allow attackers to hijack the identity of another user of the service.[18] At its disclosure, some 17% or half a million of the Internet's secure web servers certified by trusted authorities were believed to have been vulnerable to an attack.[19] The Electronic Frontier Foundation,[20] Ars Technica,[21] and Bruce Schneier[22] all deemed the Heartbleed bug "catastrophic." Forbes cybersecurity columnist, Joseph Steinberg, described the bug as potentially "the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet."[23]

Affected versions of OpenSSL[edit]

Last updated as of April 9, 2014. Information via Heartbleed and OpenSSL sites.[14][10]

Affected[edit]

  • OpenSSL 1.0.2-beta
  • OpenSSL 1.0.1 – OpenSSL 1.0.1f

Unaffected[edit]

  • OpenSSL 1.0.2-beta2 (upcoming)
  • OpenSSL 1.0.1g
  • OpenSSL 1.0.0 (and 1.0.0 branch releases)
  • OpenSSL 0.9.8 (and 0.9.8 branch releases)
To resolve the bug, server administrators are advised to either use 1.0.1g or to recompile OpenSSL with-DOPENSSL_NO_HEARTBEATS, thus disabling the vulnerable feature until the server software can be updated.

Reaction[edit]

On the day of the announcement, the Tor Project issued an announcement on its blog and advised that anyone seeking "strong anonymity or privacy on the Internet" should "stay away from the Internet entirely for the next few days while things settle." They also recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor's multi-hop design minimizes the impact of exploiting a single relay.[24]
The Canada Revenue Agency (CRA) closed down its electronic services website over Heartbleed bug security concerns.[25]
Platform maintainers like the Wikimedia Foundation advised their users to change passwords.[26]
An analysis posted on GitHub of the top 1000 most visited websites as of April 8, 2014 revealed vulnerabilities in sites including Yahoo!ImgurStack OverflowSlate, and DuckDuckGo.[27][28]
Theo de Raadt, founder and leader of the OpenBSD and OpenSSH projects, has criticized the OpenSSL developers for explicitly circumventing OpenBSD C standard library exploit countermeasures, saying "OpenSSL is not developed by a responsible team."[29][30]
The author of the bug, Robin Seggelmann,[31] stated that he "missed validating a variable containing a length" and denied any intention to submit a flawed implementation.[32]

Affected websites and services[edit]

The following list shows the sites within the Alexa Top 1000 that were vulnerable until 8 April 2014.[27]
The following sites have made announcements recommending that users update passwords in response to the bug:
LastPass Password Manager was not vulnerable, due its use of forward secrecy, but it recommended users change passwords that LastPass stored for vulnerable websites.[98]
LogMeIn claimed to have "updated many products and parts of our services that rely on OpenSSL".[99]

Affected software applications[edit]

  • IPCop 2.1.4 was released on April 8, 2014 with a fix for "the OpenSSL library everybody is talking about".[100]
  • LibreOffice 4.2.3 was released on April 10, 2014 with a fix for CVE-2014-0160[101]
  • LogMeIn claimed to have "updated many products and parts of our services that rely on OpenSSL".[99]

The fix[edit]

The bug is classed as a buffer over-read,[102] a situation where software allows more data to be read than should be allowed.[103]
Version 1.0.1g of OpenSSL adds some bounds checks to prevent the buffer over-read. For example, the test
if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; /* silently discard per RFC 6520 sec. 4 */
has been added in front of the line
pl = p;
For a complete list of the changes, see git.openssl.org.[104]
Although patching software (the OpenSSL library and any statically linked binaries) fixes the bug, running software will continue to use its in-memory OpenSSL code with the bug until each application is shut down and restarted, so that the patched code can be loaded. Further, in order to regain privacy and secrecy, all private keys must be regenerated and all passwords changed, since it is not possible to know if they were compromised while the vulnerable code was in use.[105]

Testing for vulnerabilities[edit]

Several services were made available to test whether the Heartbleed bug was present on a given site, including:
  • Heartbleed testing tool by a European IT security company[106]
  • Heartbleed Scanner by Italian cryptologist Filippo Valsorda[107]
  • Metasploit Heartbleed scanner module[108]
  • Heartbleed Server Scanner by Rehmann[109]
  • Lookout Mobile Security Heartbleed Detector, an app for Android devices that determines the OpenSSL version of the device and indicates whether the vulnerable heartbeat is enabled[110]
  • Heartbleed checker hosted by LastPass[111]
  • Network range scanner for Heartbleed vulnerability by a security testing company [112]

Komentar

Posting Komentar

If you wish to comment, comments are nice and polite. if you can give us enter we will be very happy.

Jika Anda ingin memberikan komentar, komentarlah yang baik dan sopan. jika anda bisa memberikan kami masuk kami akan sangat senang.