zeroSteiner's assessment of CVE-2014-0160 (AKA: Heartbleed) | AttackerKB

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Add Assessment

4

zeroSteiner (340)

April 13, 2020 8:54pm UTC (4 years ago)•Edited 4 years ago

Ratings

Attacker Value

High

Exploitability

Very High

Common in enterprise Easy to weaponize Unauthenticated Vulnerable in default configuration

Technical Analysis

A missing boundary check causes versions of OpenSSL 1.0.1 – 1.0.1f to be vulnerable to an out of bounds read as part of an SSL Heartbeat message. This vulnerability can be leveraged without authenticating in many instances to leak sensitive information such as passwords and private keys. Due to the vulnerability being in the OpenSSL library, exploits are implementation specific and may require changes to implement the applicable protocol.

The vulnerability was fixed in this patch.

Log in to Add Reply

1

dmelcher5151 (19)

April 15, 2020 4:14pm UTC (4 years ago)

Ratings

Attacker Value

High

Exploitability

Very High

Common in enterprise Easy to weaponize Unauthenticated Vulnerable in default configuration

Technical Analysis

A bit legendary at this point but memory chunks from VPN devices was a real problem. If vulnerable, got hit.

Log in to Add Reply

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.5 High

Impact Score:

3.6

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

broadcom,
canonical,
debian,
fedoraproject,
filezilla-project,
intellian,
mitel,
openssl,
opensuse,
redhat,
ricon,
siemens,
splunk

Products

Metasploit Modules

OpenSSL Heartbeat (Heartbleed) Information Leak (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb)

OpenSSL Heartbeat (Heartbleed) Client Memory Exposure (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/server/openssl_heartbeat_client_memory.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.ic3.gov/Media/News/2022/220126.pdf)

Reported: January 26, 2022 7:48pm UTC (2 years ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2022/05/04/cisa-adds-five-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:27am UTC (2 weeks ago)

References

Canonical

CVE-2014-0160 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)

BID-66690 (http://www.securityfocus.com/bid/66690)

Advisory

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

SECTRACK-1030077 (http://www.securitytracker.com/id/1030077)

20140408 heartbleed OpenSSL bug CVE-2014-0160 (http://seclists.org/fulldisclosure/2014/Apr/90)

http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases

DSA-2896 (http://www.debian.org/security/2014/dsa-2896)

HPSBGN03008 (http://marc.info?l=bugtraq&m=139774054614965&w=2)

HPSBMU03024 (http://marc.info?l=bugtraq&m=139889113431619&w=2)

http://rhn.redhat.com/errata/RHSA-2014-0396.html

HPSBHF03021 (http://marc.info?l=bugtraq&m=139835815211508&w=2)

HPSBHF03136 (http://marc.info?l=bugtraq&m=141287864628122&w=2)

VU#720951 (http://www.kb.cert.org/vuls/id/720951)

http://www.splunk.com/view/SP-CAAAMB3

HPSBMU03033 (http://marc.info?l=bugtraq&m=139905295427946&w=2)

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

HPSBGN03011 (http://marc.info?l=bugtraq&m=139833395230364&w=2)

http://www-01.ibm.com/support/docview.wss?uid=swg21670161

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

SSRT101846 (http://marc.info?l=bugtraq&m=142660345230545&w=2)

20140409 Re: heartbleed OpenSSL bug CVE-2014-0160 (http://seclists.org/fulldisclosure/2014/Apr/109)

HPSBMU03037 (http://marc.info?l=bugtraq&m=140724451518351&w=2)

SECTRACK-1030080 (http://www.securitytracker.com/id/1030080)

SECUNIA-57836 (http://secunia.com/advisories/57836)

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

HPSBMU03012 (http://marc.info?l=bugtraq&m=139808058921905&w=2)

HPSBST03001 (http://marc.info?l=bugtraq&m=139758572430452&w=2)

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

https://filezilla-project.org/versions.php?type=server

HPSBMU03023 (http://marc.info?l=bugtraq&m=139843768401936&w=2)

SECUNIA-57483 (http://secunia.com/advisories/57483)

20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed)

http://www.kerio.com/support/kerio-control/release-history

http://advisories.mageia.org/MGASA-2014-0165.html

http://www.blackberry.com/btsc/KB35882

HPSBMU03044 (http://marc.info?l=bugtraq&m=140075368411126&w=2)

HPSBMU03030 (http://marc.info?l=bugtraq&m=139905351928096&w=2)

SECTRACK-1030081 (http://www.securitytracker.com/id/1030081)

FEDORA-2014-4879 (http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html)

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (http://www.securityfocus.com/archive/1/534161/100/0/threaded)

FEDORA-2014-4910 (http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html)

https://bugzilla.redhat.com/show_bug.cgi?id=1084875

FEDORA-2014-9308 (http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html)

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

HPSBMU03013 (http://marc.info?l=bugtraq&m=139824993005633&w=2)

SECTRACK-1030079 (http://www.securitytracker.com/id/1030079)

http://rhn.redhat.com/errata/RHSA-2014-0377.html

HPSBMU02995 (http://marc.info?l=bugtraq&m=139722163017074&w=2)

HPSBPI03031 (http://marc.info?l=bugtraq&m=139889295732144&w=2)

https://code.google.com/p/mod-spdy/issues/detail?id=85

HPSBMU02999 (http://marc.info?l=bugtraq&m=139765756720506&w=2)

HPSBGN03010 (http://marc.info?l=bugtraq&m=139774703817488&w=2)

HPSBMU03029 (http://marc.info?l=bugtraq&m=139905202427693&w=2)

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release

HPSBMU03018 (http://marc.info?l=bugtraq&m=139817782017443&w=2)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

HPSBMU03040 (http://marc.info?l=bugtraq&m=140015787404650&w=2)

http://cogentdatahub.com/ReleaseNotes.html

HPSBMU03025 (http://marc.info?l=bugtraq&m=139869720529462&w=2)

HPSBST03016 (http://marc.info?l=bugtraq&m=139842151128341&w=2)

HPSBMU03028 (http://marc.info?l=bugtraq&m=139905243827825&w=2)

HPSBMU03009 (http://marc.info?l=bugtraq&m=139905458328378&w=2)

http://www.f-secure.com/en/web/labs_global/fsc-2014-1

TA14-098A (http://www.us-cert.gov/ncas/alerts/TA14-098A)

SECUNIA-57347 (http://secunia.com/advisories/57347)

[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released (https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html)

20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL (http://seclists.org/fulldisclosure/2014/Apr/173)

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

http://git.openssl.org/gitweb?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

HPSBST03000 (https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken)

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (http://seclists.org/fulldisclosure/2014/Dec/23)

HPSBST03004 (http://marc.info?l=bugtraq&m=139905653828999&w=2)

USN-2165-1 (http://www.ubuntu.com/usn/USN-2165-1)

http://rhn.redhat.com/errata/RHSA-2014-0378.html

HPSBMU02997 (http://marc.info?l=bugtraq&m=139757919027752&w=2)

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

EXPLOIT-DB-32764 (http://www.exploit-db.com/exploits/32764)

HPSBMU02994 (http://marc.info?l=bugtraq&m=139757726426985&w=2)

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

HPSBMU03022 (http://marc.info?l=bugtraq&m=139869891830365&w=2)

HPSBST03027 (http://marc.info?l=bugtraq&m=139905868529690&w=2)

HPSBMU03019 (http://marc.info?l=bugtraq&m=139817685517037&w=2)

HPSBMU03062 (http://marc.info?l=bugtraq&m=140752315422991&w=2)

20140408 Re: heartbleed OpenSSL bug CVE-2014-0160 (http://seclists.org/fulldisclosure/2014/Apr/91)

SECTRACK-1030078 (http://www.securitytracker.com/id/1030078)

SECUNIA-59243 (http://secunia.com/advisories/59243)

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

HPSBMU03020 (http://marc.info?l=bugtraq&m=139836085512508&w=2)

HPSBST03015 (http://marc.info?l=bugtraq&m=139824923705461&w=2)

http://rhn.redhat.com/errata/RHSA-2014-0376.html

HPSBPI03014 (http://marc.info?l=bugtraq&m=139835844111589&w=2)

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

SECUNIA-57721 (http://secunia.com/advisories/57721)

SECUNIA-57968 (http://secunia.com/advisories/57968)

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

HPSBMU03032 (http://marc.info?l=bugtraq&m=139905405728262&w=2)

SECTRACK-1030082 (http://www.securitytracker.com/id/1030082)

HPSBMU02998 (http://marc.info?l=bugtraq&m=139757819327350&w=2)

EXPLOIT-DB-32745 (http://www.exploit-db.com/exploits/32745)

20140412 Re: heartbleed OpenSSL bug CVE-2014-0160 (http://seclists.org/fulldisclosure/2014/Apr/190)

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

HPSBMU03017 (http://marc.info?l=bugtraq&m=139817727317190&w=2)

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

http://www.openssl.org/news/secadv_20140407.txt

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

SECTRACK-1030074 (http://www.securitytracker.com/id/1030074)

http://support.citrix.com/article/CTX140605

SECUNIA-59139 (http://secunia.com/advisories/59139)

http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release

SECUNIA-57966 (http://secunia.com/advisories/57966)

SECTRACK-1030026 (http://www.securitytracker.com/id/1030026)

SECUNIA-59347 (http://secunia.com/advisories/59347)

[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E)

https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E)

http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

HPSBGN03008 (http://marc.info/?l=bugtraq&m=139774054614965&w=2)

HPSBMU03024 (http://marc.info/?l=bugtraq&m=139889113431619&w=2)

HPSBHF03021 (http://marc.info/?l=bugtraq&m=139835815211508&w=2)

HPSBHF03136 (http://marc.info/?l=bugtraq&m=141287864628122&w=2)

HPSBMU03033 (http://marc.info/?l=bugtraq&m=139905295427946&w=2)

HPSBGN03011 (http://marc.info/?l=bugtraq&m=139833395230364&w=2)

SSRT101846 (http://marc.info/?l=bugtraq&m=142660345230545&w=2)

HPSBMU03037 (http://marc.info/?l=bugtraq&m=140724451518351&w=2)

HPSBMU03012 (http://marc.info/?l=bugtraq&m=139808058921905&w=2)

HPSBST03001 (http://marc.info/?l=bugtraq&m=139758572430452&w=2)

HPSBMU03023 (http://marc.info/?l=bugtraq&m=139843768401936&w=2)

HPSBMU03044 (http://marc.info/?l=bugtraq&m=140075368411126&w=2)

HPSBMU03030 (http://marc.info/?l=bugtraq&m=139905351928096&w=2)

HPSBMU03013 (http://marc.info/?l=bugtraq&m=139824993005633&w=2)

HPSBMU02995 (http://marc.info/?l=bugtraq&m=139722163017074&w=2)

HPSBPI03031 (http://marc.info/?l=bugtraq&m=139889295732144&w=2)

HPSBMU02999 (http://marc.info/?l=bugtraq&m=139765756720506&w=2)

HPSBGN03010 (http://marc.info/?l=bugtraq&m=139774703817488&w=2)

HPSBMU03029 (http://marc.info/?l=bugtraq&m=139905202427693&w=2)

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

HPSBMU03018 (http://marc.info/?l=bugtraq&m=139817782017443&w=2)

HPSBMU03040 (http://marc.info/?l=bugtraq&m=140015787404650&w=2)

HPSBMU03025 (http://marc.info/?l=bugtraq&m=139869720529462&w=2)

HPSBST03016 (http://marc.info/?l=bugtraq&m=139842151128341&w=2)

HPSBMU03028 (http://marc.info/?l=bugtraq&m=139905243827825&w=2)

HPSBMU03009 (http://marc.info/?l=bugtraq&m=139905458328378&w=2)

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

HPSBST03000 (https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken)

HPSBST03004 (http://marc.info/?l=bugtraq&m=139905653828999&w=2)

HPSBMU02997 (http://marc.info/?l=bugtraq&m=139757919027752&w=2)

HPSBMU02994 (http://marc.info/?l=bugtraq&m=139757726426985&w=2)

HPSBMU03022 (http://marc.info/?l=bugtraq&m=139869891830365&w=2)

HPSBST03027 (http://marc.info/?l=bugtraq&m=139905868529690&w=2)

HPSBMU03019 (http://marc.info/?l=bugtraq&m=139817685517037&w=2)

HPSBMU03062 (http://marc.info/?l=bugtraq&m=140752315422991&w=2)

HPSBMU03020 (http://marc.info/?l=bugtraq&m=139836085512508&w=2)

HPSBST03015 (http://marc.info/?l=bugtraq&m=139824923705461&w=2)

HPSBPI03014 (http://marc.info/?l=bugtraq&m=139835844111589&w=2)

HPSBMU03032 (http://marc.info/?l=bugtraq&m=139905405728262&w=2)

HPSBMU02998 (http://marc.info/?l=bugtraq&m=139757819327350&w=2)

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

HPSBMU03017 (http://marc.info/?l=bugtraq&m=139817727317190&w=2)

http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

Miscellaneous

http://heartbleed.com

https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

https://www.cert.fi/en/reports/2014/vulnerability788210.html

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog

https://gist.github.com/chapmajs/10473815

https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

http://heartbleed.com/

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

Rapid7

Technical Analysis