A flaw in OpenSSL that has been around since 2011, the Heartbleed Bug, lets hackers steal information protected by the SSL/TLS encryption used to secure the Internet.
Codenomics, which co-discovered the flaw at about the same time as Google’s Neel Mehta, tested some of its own services and found it could steal “the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business-critical documents and information, without using any privileged information or credentials.”
The flaw resulted from a programming mistake in the OpenSSL library, Codenomics said. It is present in OpenSSL 1.0.1 through 1.0.1f inclusive.
Linux distros including Debian Wheezy, Ubuntu 12.04 LTS, Fedora 18, Red Hat Enterprise Linux 6.5, OpenBSD 5.3 and 5.4, FreeBSD 10.0, NetBSD 5.0.2 and OpenSUSE 12.2 are affected by Heartbleed.
“Given the complexity of OpenSSL and the small size of the OpenSSL team, the real question should be why there haven’t been even more problems,” Steve Marquess, president of the OpenSSL Foundation, told LinuxInsider.
Putting the Fix In
Debian identified and fixed the problem “in less than one hour from the disclosure of the vulnerability,” Debian spokesperson Neil McGovern told LinuxInsider.
Red Hat customers can go here for information, Vincent Danen of the company’s product security team told LinuxInsider.
Canonical did not respond to our request to comment for this story.
More Details About Heartbleed
The flaw was a missing bounds check in the handling of the TLS heartbeat extension, said the OpenSSL Foundation.
The flaw itself is “the result of a relatively mundane coding error,” said Matthew Green, a cryptographer and research professor at Johns Hopkins University.
The memory space used by the code handling the heartbeat messages also is used by OpenSSL to store the server’s private key material — long-term server private keys, TLS session keys, confidential data such as passwords, and session ticket keys, Green said.
The flaw can be used to reveal up to 64 Kb of memory to a connected client or server per heartbeat, and attackers can keep reconnecting to steal information in 64 Kb chunks, Codenomics said.
Heartbleed’s Wide-Ranging Impact
“A hell of a lot of the security infrastructure you rely on is dependent in some way on OpenSSL,” Green pointed out.
OpenSSL is the most popular open source cryptographic library and TLS layer implementation used to encrypt traffic on the Internet, according to Codenomics.
Open source Web servers Apache and nginx use OpenSSL. In March, they had about 39 percent and 16 percent of the Web server market respectively, Netcraft reported.
“This is just more evidence that even talented and dedicated programmers and developers can make mistakes,” Charles King, principal analyst at Pund-IT, told LinuxInsider. “The scariest thing about it is that site owners may have been attacked or robbed and wouldn’t know a thing.”
The Tragedy of the Commons
OpenSSL work is done by volunteers.
While for-profit companies have not been shy about exploiting the results of that work to keep down their costs, their contributions in return have been relatively small.
“Commercial vendors worldwide have utilized OpenSSL heavily … but last year, which was typical, we received a grand total of (US)$1,987 in financial support not tied to specific work-for-hire deliverables,” Marquess pointed out.
Resolving the Heartbleed Problem
Service providers who have signed their certificates with a Certificate Authority need to check with the CA how to revoke compromised keys, and need new certificates issued for the new keys, Codenomics said.
Exploitation of the bug leaves no traces of abnormal activity in IT logs, but intrusion detection and prevention systems can be trained to detect use of the heartbeat request, Codenomics suggested. However, they cannot be used to block attacks without blocking heartbeat requests altogether.
The only remedies are upgrading to the fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the code, Codenomics said. The latter is a complex task.
The fix for the bug itself, Green said, is to add a bounds check.