This week, the OpenSSL security team announced a high-risk vulnerability within a TLS extension of the popular open-source cryptography toolkit. The original advisory can be found here. The advisory indicates that a missing bounds check in a TLS extension could be used to leak memory contents to a connected client or server. All versions of OpenSSL 1.0.1 and 1.0.2-beta up to and including 1.0.1f and 1.0.2-beta1 were announced as affected.
MDSec performed analysis of the vulnerability to determine its impact and found that the issue is a critical security flaw that can be exploited in a wide range of scenarios against any application linked to a vulnerable OpenSSL library. The original OpenSSL commit to patch the vulnerability can be found here. The vulnerability exists due to unchecked bounds when handling TLS heartbeat payload lengths that could be used to return arbitrary memory from the process heap space. The impact of this vulnerability could allow for exposure of server or client application memory contents which may include cryptographic key material, credentials, application data such as e-mail or web requests and other sensitive information.
Affected applications include web servers, mail servers, VPNs, load balancers and client applications linked to the vulnerable library. MDSec have produced a proof-of-concept exploit code that can be used to check affected servers and clients to determine if the vulnerability is exploitable.
The vulnerability is particularly difficult to detect during exploitation as it is capable of evading IDS/IPS signature detection systems when transmitting the leaked information in an encrypted stream. Additionally for more advanced detection signatures, an attacker could exploit the flaw by requesting smaller amounts of leaked information over greater periods of time which would lessen the severity of the attack but dramatically decrease its ability to be detected.
You can download our exploit for the issue from our Github page.
MDSec advise that affected services and clients are updated to make use of fixed OpenSSL versions, cryptographic keys and passwords used on affected services should also be changed. It is advised that password changes are performed at a later date to prevent inadvertent exposure of plain-text passwords by individuals exploiting the vulnerability.