Critical vulnerability in OpenSSL 1.0.1 and 1.0.2-beta

A few hours ago, The OpenSSL Project staff released a security bulletin reporting a critical CVE-2014-0160 vulnerability in the popular OpenSSL cryptographic library.

The vulnerability is due to the lack of necessary border checking in one of the Heartbeat extension procedures (RFC6520) for TLS / DTLS protocol. Because of this small error of one programmer, anyone gets direct access to the RAM of computers whose communications are “protected” by the vulnerable version of OpenSSL. In particular, the attacker gets access to the secret keys, usernames and passwords of users and all the content that should be transmitted in encrypted form. There is no trace of penetration into the system.

Someone who knew about the vulnerability could listen for “encrypted” traffic on almost the entire Internet from March 2012, when OpenSSL 1.0.1 was released. A successful attack on TLS (BEAST) was demonstrated at that time, and many switched to a secure version of TLS 1.2, the appearance of which coincided with the release of OpenSSL 1.0.1.

The vulnerable version of OpenSSL is used in popular Nginx and Apache web servers, on mail servers, IM servers, VPNs, as well as in many other programs. The damage from this bug is extremely high.
')
Some operating system distributions with a vulnerable version of OpenSSL:

• Debian Wheezy (stable), OpenSSL 1.0.1e-2 + deb7u4)
• Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11)
• CentOS 6.5, OpenSSL 1.0.1e-15)
• Fedora 18, OpenSSL 1.0.1e-4
• OpenBSD 5.3 (OpenSSL 1.0.1c) and 5.4 (OpenSSL 1.0.1c)
• FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c)
• NetBSD 5.0.2 (OpenSSL 1.0.1e)
• OpenSUSE 12.2 (OpenSSL 1.0.1c)

Distributions with earlier versions of OpenSSL: Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14, SUSE Linux Enterprise Server.

The bug is present in all versions of the OpenSSL 1.0.1 and 1.0.2-beta branches, including 1.0.1f and 1.0.2-beta1. The revised version is 1.0.1g, which all victims need to be installed immediately, after which it will generate new keys and certificates and take other security measures. Users should be warned about the possible leakage of their passwords. If it is impossible to immediately update the corrected version, you should recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag.

The vulnerability was discovered by information security specialists from Codenomicon, as well as, independently of them, Neil Mehta from Google Security. It was the latter who told The OpenSSL Project developers that they needed to fix the code urgently. The guys from the Codenomicon company prepared a detailed description of the bug and even opened for it a separate website Heartbleed.com with the image of a bleeding heart.