+

MacLemon

Unixy on the fruity side

OpenSSL Heartbeat CVE-2014-0160

To get more information on the effects of the heartbeat vulnerability in OpenSSL 1.0.1 - 1.0.1f see http://heartbleed.com/

A Diagnosis of the OpenSSL Heartbleed bug by @ex509.

Check your installed version with openssl version -a. OpenSSL 0.9.8 is not vulnerable. OpenSSL 1.0.2 betas and later branches may not have received a patch yet, be careful if you need to use these versions. (1.1, etc.) On Linux (for example Debian or Ubuntu) be sure to check the distribution for backports! You can get a hint if you’re facing a backport by looking at the build date. Anything newer than 2014-04-07 is a good candidate.

Sample output on OS X with MacPorts OpenSSL 1.0.1g:

1
2
3
4
5
6
OpenSSL 1.0.1g 7 Apr 2014
built on: Tue Apr  8 03:34:46 CEST 2014
platform: darwin64-x86_64-cc
options:  bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: /usr/bin/clang -fPIC -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/opt/local/etc/openssl"

There are a few ways to test your TLS enabled service:

If you get an output of TLS server extension "heartbeat" (id=15), len=1 your server is likely affected.

Keep in mind that these test tools aren’t mature yet (obviously) and may report false positives or false negatives.

The use of forward secrecy ciphers seems to mitigate this mostly. Specific TLS sessions still may be affected if the session key has been leaked at that time. All recorded non-forward-secrecy traffic can be decrypted in retrospect.

Read the OpenSSL security advisory and if you like to dig into the code you can see the git diff of 1.0.1f - 1.0.1g.

Thanks to Julien Vehent (@jvehent) for the OpenSSL testing command.

Checking libraries

If you find libssl 1.0.1-1.0.1f anywhere you need to upgrade that library immediately!

OS X

The version of libssl used by OS X.

1
2
strings /usr/lib/libssl.dylib | grep "^OpenSSL "
OpenSSL 0.9.8y 5 Feb 2013

MacPorts

The version of libssl used by MacPorts.

1
2
strings /opt/local/lib/libssl.1.0.0.dylib | grep "^OpenSSL "
OpenSSL 1.0.1g 7 Apr 2014

any binary

You can check if any binary on OS X dynamically links against libssl

1
otool -L file

If you get a line about libssl you then need to check which specific version that OpenSSL library uses with the strings command as shown. If you do not get any libssl info but you know that a binary makes use of TLS/SSL then you need to check for statically linked libraries. Some binaries give you that info by passing --version | -v | -V as the only argument.

If you can recompile that binary update OpenSSL and link against that. If you don’t have the sourcecode to that software contact the vendor. If that is not possible as well, stop using that software now.

Where to go from here

Firstly update your OpenSSL to 1.0.1g or newer! Download the OpenSSL 1.0.1g source and its GPG signature and verify that signature. Check the public keys of Dr. Stephen Henson on the SKS Keyservers

1
2
gpg --recv-key D3577507FA40E9E2; gpg --list-sigs D3577507FA40E9E2
gpg --verify openssl-1.0.1g.tar.gz.asc

Then rebuild all the binaries on your machine that link against OpenSSL. Restart all services that use those binaries. When in doubt do a full restart.

Now the really fun part starts. Generate new keys for als SSL/TLS secured services. You may want to use this “opportunity” to upgrade your key length. Changing keys is necessary independently of your certificate authority in use. This also applies if you use self-signed certificates as the private keys themselves may be compromised.

Get new certificates for all the new keys and revoke the old certificates.

For secondary vulnerabilities see http://heartbleed.com/ and act accordingly. Yes, this likely means changing a lot of passwords (again), deleting cookies, invalidating OAuth tokens, etc.

Upgrading MacPorts

MacPorts already has an updated openssl package thanks to maintainer Markus W. Weißmann (mww).

1
2
3
port selfupdate
port upgrade openssl
port selfupdate #yes again

Check that your OpenSSL library is the correct one:

1
2
strings /opt/local/lib/libssl.1.0.0.dylib | grep "^OpenSSL "
OpenSSL 1.0.1g 7 Apr 2014

Then check for packages that depend on OpenSSL.

1
port depend openssl | cut -d " " -f 1

To upgrade all packages that depend on OpenSSL

1
port upgrade --force -s $(port depend openssl | cut -d " " -f 1 | awk 1 ORS=' ')

Then restart all services that you have just upgraded. This may for example be Apache or nginx.

Long term “fun” with this bug

A few ideas of devices that are likely to stay vulnerable for a long long time.

  • Firewall/plastic router web interfaces which rarely get updates if at all
  • Printers which get even less upates will be vulnerable for years to come
  • Tesla anyone?
  • any kind of appliance
  • especially embedded boxes
  • network switches
  • Your fridge
  • home automation systems
  • APIs that nobody ever looks at
  • iOS Apps that use OpenSSL

Thanks

@VividVisions Feedback on backports in Linux @ferebee Feedback on ambiguity of OpenSSL command line tests