OpenSSL HeartBleed Bug – Explanation and fix

Heartbleed is a recently discovered small bug that relates to the OpenSSL’s implementation of the TLS ‘heartbeat’ mechanism.

The bug is present only in the OpenSSL versions 1.0.1 through 1.0.1f!

By exploiting this bug, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. Since this is the same memory space where OpenSSL also stores the server’s private key material, an attacker can potentially obtain data such as:

1) private keys
2) TLS session keys
3) confidential data
4) session ticket keys.

The remedy

You can test if a given server is vulnerable using this tool: http://filippo.io/Heartbleed/ (enter your domain as for example: yourdomain.name:443)

To check the OpenSSL version running on your server, use the following command via SSH:

CentOS

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Ubuntu

# dpkg -s openssl | grep Version
Version: 1.0.1-4ubuntu5.6

Having identified a problem, the first step is to patch OpenSSL. Fortunately this is relatively easy. The 1.0.1g version is not vulnerable, and Debian has a patch. You can also recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS option.

Installing OpenSSL 1.0.1g on CentOS:

# cd /usr/local/src
# wget -N http://www.openssl.org/source/openssl-1.0.1g.tar.gz
# tar -xzvf openssl-1.0.1g.tar.gz
# cd openssl-1.0.1g
# ./config
# make
# make install
# alias cp=cp
# cp /usr/local/ssl/bin/openssl /usr/bin/openssl
# cd /usr/local/ssl/include
# ln -s /usr/local/ssl/include/openssl openssl

Once done, check the version again and restart the web server:

# openssl version
OpenSSL 1.0.1g 7 Apr 2014

Restart any services using SSL.

Installing OpenSSL 1.0.1g on Ubuntu:

# apt-get update
# apt-get install -y openssl libssl1.0.0

Restart any services using SSL.

What’s the TLS Heartbeat mechanism ?

The TLS Heartbeat mechanism is designed to keep connections alive even when no data is being transmitted. Heartbeat messages sent by one peer contain random data and a payload length. The other peer is suppose to respond with a mirror of exactly the same data.

If you want to read more about this, the best written article I’ve found on this topic can be found here: http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html

Leave a Reply