Skip to main content

Security Alert: "Heartbleed" OpenSSL Flatlines

April 08, 2014

OpenSSL has released the following:

OpenSSL Security Advisory [07 Apr 2014]

========================================

TLS heartbeat read overrun (CVE-2014-0160)

==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

The impact of this vulnerability can be widespread since many organizations not only utilize the service on various servers (such as Apache or nginx), but many security vendors also employ the service for their security appliances. It is recommended that organizations consult with security staff or vendor(s) to identify impacted solutions and available fixes/patches.

At this time, researchers have not identified any distinguishable traces left from an attack, which provides organizations minimal mitigation or remediation efforts. However, due to the heartbeat request having its own protocol record type, IDS/IPS systems may be configured to identify the use of the heartbeat request and be correlated with the sizes of the request and response as a possible means of detecting a potential attack.

FishNet Security recommends all organizations that utilize OpenSSL patch their environment, revoke all keys, consider these keys compromised and reissue and distribute new keys for all primary key servers. For all secondary devices, all users utilizing the SSL connection should change their passwords. However, organizations must be aware that any traffic captured by an adversary prior to patching may still be vulnerable to decryption. It is also recommended that OpenSSL users upgrade to version 1.0.1g.

Snort Signatures provided by: http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

alert tcp any any -> any any (msg:"FOX-SRT - Suspicious - SSLv3 Large Heartbeat Response"; content:"|18 03 00|"; depth: 3; byte_test:2, >, 200, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000000; rev:1;)

alert tcp any any -> any any (msg:"FOX-SRT - Suspicious - TLSv1 Large Heartbeat Response"; content:"|18 03 01|"; depth: 3; byte_test:2, >, 200, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000001; rev:1;)

alert tcp any any -> any any (msg:"FOX-SRT - Suspicious - TLSv1.1 Large Heartbeat Response"; content:"|18 03 02|"; depth: 3; byte_test:2, >, 200, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000002; rev:1;)

alert tcp any any -> any any (msg:"FOX-SRT - Suspicious - TLSv1.2 Large Heartbeat Response"; content:"|18 03 03|"; depth: 3; byte_test:2, >, 200, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000003; rev:1;)

Additional material may be found at openssl.org/news, heartbleed.com and fullhn.com.

Related Blogs

May 10, 2018

Observations on Smoke Tests – Part 3

While attending one of our technology partner’s security training courses, the instructor presented on their product’s various features and capabiliti...

See Details

May 03, 2018

Getting Started with Postman for API Security Testing: Part 1

Postman is a useful tool used by many developers to document, test and interact with Application Programming Interfaces (APIs). With the ubiquity of A...

See Details

March 24, 2014

Security Alert: New Targeted Microsoft Word Zero Day

Microsoft has recently become aware of a potentially dangerous exploit in Microsoft Office using an RTF (Rich Text File) or Microsoft Outlook with Mic...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

January 26, 2018

Identity and Access Management Solutions

We help you minimize risk and maximize efficiency with our IAM solutions.

See Details

May 09, 2018

Application Security

Learn how Optiv can help protect your most critical enterprise applications from both internal and external threats.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.