Heartbleed mitigation, anyone?

sneakyimp

OK so unless you have been living in a hole you have probably heard about an OpenSSL exploit called Heartbleed. It is so named because it relates to TLS heartbeat functionality of some kind.

I've been reading about this on Bruce Schneier's blog, on linuxquestions.org, etc. Unless I'm mistaken, it would seem to be a problem with one's web server and possibly email or instant messaging but not with ssh (?) Can someone confirm that SSH is not vulnerable?

I think the basic idea is that the bug lets one formulate a special request to a vulnerable machine and it will spit out a section of memory. I think, but am not certain, that the result would be access to the memory allocated to the vulnerable processes but not memory allocated to the system, to the root user, or to the other users on that machine (I'm talking linux here). I.e, I think you might get a segfault if you try to read memory that is out of bounds -- i.e., memory owned by some other user. My memory is really fuzzy on this point so I'd love to hear what someone else has to say.

Also, I'm wondering if these sites everyone is reocmmending look safe. E.g., heartbleed.com or the tester site recommended by Schneier ( http://filippo.io/Heartbleed/ ). The heartbleed.com site belongs to some Finnish dude.

Also, any mitigation/protection recommendations would be appreciated. Obviously these
1) patch the vulnerability
2) retire your SSL cert on your web server and issue a new one

But I'm wondering if a) the machine might have been compromised before somehow (e.g., if website passwords are also used as ssh passwords) and b) What else might one need to do?

NogDog

My limited understanding is that it can only be fixed on the web server itself via the two steps you itemized, if you're running a vulnerable version of OpenSSL.

laserlight

sneakyimp wrote:
Unless I'm mistaken, it would seem to be a problem with one's web server and possibly email or instant messaging but not with ssh (?) Can someone confirm that SSH is not vulnerable?

SSH is not affected, not even if your SSH implementation uses OpenSSL for crypto, other than of course the possibility of private keys having been stolen, but then you probably didn't place your private keys on a server. The bug is specifically an SSL implementation bug concerning OpenSSL versions 1.0.1 to 1.0.1f.

sneakyimp wrote:
I think the basic idea is that the bug lets one formulate a special request to a vulnerable machine and it will spit out a section of memory.

Yeah, I understand it to be a typical buffer overflow bug: Anatomy of a data leakage bug - the OpenSSL "heartbleed" buffer overflow

sneakyimp wrote:
1) patch the vulnerability
2) retire your SSL cert on your web server and issue a new one

You also need a new private key for #2.

Weedpacket

Obligatory xkcd: http://xkcd.com/1354/

dalecosp

Since Schneier recommended the http://filippo.io/Heartbleed/ site, I tried it, and confirmed we aren't vulnerable to this one.

From SSH, you can test your box:

[me@host:/www/] $ openssl version

bradgrafelman

dalecosp;11040309 wrote:
From SSH, you can test your box:
[me@host:/www/] $ openssl version

Does it indicate whether or not you're running a version with the heartbeat feature enabled? (In other words, version alone doesn't determine whether you're vulnerable.)

dalecosp

It's certainly worth checking though, because many SSL installations are running invulnerable (pre-Heartbeat) versions. Given that you have a vulnerable version, a logical next question to ask would be, "do I have the TLS Heartbeat enabled"?

But enough of that. Wasn't part of the issue that the TLS Heartbeat was enabled by default in the vulnerable versions of OpenSSL?