Vulnerability Note VU#720951
OpenSSL TLS heartbeat extension read overflow discloses sensitive information
Original Release date: 07 Apr 2014 | Last revised: 25 Apr 2014
OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed."
OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2 beta through 1.0.2-beta1 contain a flaw in its implementation of the TLS/DTLS heartbeat functionality (RFC6520). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of up to 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to increase the chances that a leaked chunk contains the intended secrets. The sensitive information that may be retrieved using this vulnerability include:
Primary key material (secret keys)
Secondary key material (user names and passwords used by vulnerable services)
Protected content (sensitive data used by vulnerable services)
Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)
Please see the Heartbleed website for more details. Exploit code for this vulnerability is publicly available. Any service that supports STARTTLS (imap,smtp,http,pop) may also be affected.
By attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.
Apply an update
This issue is addressed in OpenSSL 1.0.1g. Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items. Old keys should be revoked.
Reports indicate that the use of mod_spdy can prevent the updated OpenSSL library from being utilized, as mod_spdy uses its own copy of OpenSSL. Please see https://code.google.com/p/mod-spdy/issues/detail?id=85 for more details.
Disable OpenSSL heartbeat support
This issue can be addressed by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the changes to take effect.
Use Perfect Forward Secrecy (PFS)
PFS can help minimize the damage in the case of a secret key leak by making it more difficult to decrypt already-captured network traffic. However, if a ticket key is leaked, then any sessions that use that ticket could be compromised. Ticket keys may only be regenerated when a web server is restarted.
Vendor Information (Learn More)
VendorStatusDate NotifiedDate UpdatedAmazonAffected-09 Apr 2014
Arch LinuxAffected-15 Apr 2014
Aruba Networks, Inc.Affected-09 Apr 2014
AttachmateAffected-14 Apr 2014
Bee WareAffected-09 Apr 2014
Blue Coat SystemsAffected07 Apr 201409 Apr 2014
CA TechnologiesAffected07 Apr 201425 Apr 2014
Cisco Systems, Inc.Affected07 Apr 201410 Apr 2014
Debian GNU/LinuxAffected07 Apr 201408 Apr 2014
Extreme NetworksAffected07 Apr 201416 Apr 2014
F5 Networks, Inc.Affected07 Apr 201409 Apr 2014
Fedora ProjectAffected07 Apr 201408 Apr 2014
Fortinet, Inc.Affected07 Apr 201409 Apr 2014
FreeBSD ProjectAffected07 Apr 201409 Apr 2014
Gentoo LinuxAffected07 Apr 201408 Apr 2014If you are a vendor and your product is affected, let
us know.View More »
CVSS Metrics (Learn More)
This vulnerability was reported by OpenSSL, who in turn credits Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security.
This document was written by Will Dormann.
07 Apr 2014
Date First Published:
07 Apr 2014
Date Last Updated:
25 Apr 2014
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.