Posted by: bgopi | April 8, 2014

Heart bleed bug

Heart bleed bug is a serious vulnerability (CVE-2014-0160) in OpenSSL crypto, please go to heartbleed for more details. Fix is to update OpenSSL library version to 1.0.1g released yesterday (4/7/14). I tried to understand what is it and how it leaks data in memory,  here it is:

the heartbeat extension is used to check the connection is alive or not. Following snippet is from RFC-6250 : “The Heartbeat Extension provides a new protocol for TLS/DTLS allowing   the usage of keep-alive functionality without performing a  renegotiation and a basis for path MTU (PMTU) discovery for DTLS”.

This heartbeat works in such a way that when client sends heartbeat request message, server responds with the heartbeat response message. While sending the request, one can specify data size and data, max data allowed is 64 KB.  Then server response also contain 64 KB of data. This mechanism can be tricked by saying that you are sending 64 KB data but you really send 1 byte but server responds with 64 KB, your 1byte + 64KB-1 from memory (cooool, isn’t it), it could be sensitive information. And,if multiple requests are made, one may get multiple chunks of data from memory!

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: