The heart is bleeding out: a new critical bug found in OpenSSL

April 8, 2014

A very serious flaw has just been discovered in OpenSSL – an open-source and very popular cryptographic library, which has already incited a minor (for now) panic amongst security experts. According to the freshly released security bulletin by The OpenSSL Project, a missing bounds check in the handling of the TLS Heartbeat Extension can be used to reveal up to 64k of memory to a connected client or server.


In practice, this allows the stealing of protected information (under normal conditions) by the SSL/TLS encryption used to secure the Internet.

SSL/TLS protocols provide communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). Attackers can steal secret keys, user names and passwords, instant messages, emails and business’ critical documents and communication – all of this without leaving a trace.

This makes the flaw (which has already received an alias ‘Heartbleed bug’) absolutely critical, so countermeasures should be taken promptly.

There is no word (yet) on how widely the flaw might have been exploited so far. However, the vulnerable OpenSSL 1.0.1 was released in March 2012. Whoever might have learned about the security flaw in question could have been eavesdropping any TSL/SSL-encrypted communications ever since. This makes the problem a potentially global one: OpenSSL is used by very popular server software such as Apache and nginx. Their combined market share is over 66%, according to Netcraft’s April 2014 Web Server Survey, and they are commonly used by businesses of all sizes.

As of today, a number of Nix*-like operating systems are affected too, since they are packaged with vulnerable OpenSSL:

  • Debian Wheezy (Stable), OpenSSL 1.0.1e-2+deb7u4)
  • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11)
  • CentOS 6.5, OpenSSL 1.0.1e-15)
  • Fedora 18, OpenSSL 1.0.1e-4
  • OpenBSD 5.3 (OpenSSL 1.0.1c) и 5.4 (OpenSSL 1.0.1c)
  • FreeBSD 8.4 (OpenSSL 1.0.1e) и 9.1 (OpenSSL 1.0.1c)
  • NetBSD 5.0.2 (OpenSSL 1.0.1e)
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)

Packages with older OpenSSL versions – Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14, SUSE Linux Enterprise Server – are free of this flaw.

Amongst the possibly affected parties are operating system vendors and distribution, appliance vendors, along with independent software vendors. They are strongly encouraged to adopt the fix – OpenSSL 1.0.1g – ASAP and notify their users about possible password leaks. New secret keys and certificates must be generated as well.

Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

An online tool, which allows for testing of any server by its hostname for CVE-2014-0160 bug is already in place, and it’s recommended you check it out.

Again, an attacker that might have exploited that vulnerability would leave absolutely no traces in the attacked systems, so there’s no way to learn if anyone was actually compromised. Every business that uses OpenSSL 1.0.1 through 1.0.1f is in danger, so the only reasonable action now is to plug this security sinkhole as soon as possible.