Cyberoam offers a free testing tool to find if a web
server is vulnerable to the Heartbleed attack.
Heartbleed Vulnerability Test
As said by some of the experts at Cyberoam, its
customers need not bleed over Heartbleed exploit equally known as
CVE-2014-0160.
A test by ITRealms shows that you need to input
a domain name also known as Uniform Resource Locator (URL) on the submission
line at Cyberoam home page.
A URL, thus is an abbreviation of Uniform Resource
Locator; known as web address, particularly when used with HyperText Transfer
Protocol (HTTP), which is an application protocol for distributed,
collaborative, hypermedia information systems. Hence, HTTP is the foundation of
data communication for the World Wide Web.
However, after the input and the domain name does not
seem to be vulnerable, customers were advised to go on with their lives
normally, but in the case it does, they should use the remediation steps
provided in the Cyberoam blog and remain up and running by keeping their server
protected.
What is Heartbleed bug?
It is a bug in OpenSSL, a common encryption library
used on web servers.
What can you do to stop it?
* Patch affected systems
* Update your Intrusion Prevention Systems (IPS)
signatures to detect and block the vulnerability from being exploited.
How can you find out if a website
is affected by this vulnerability?
Cyberoam offers a free testing tool to find if a web
server is vulnerable to the Heartbleed attack, click here to test.
Are SSL related features on Cyberoam products
affected?
All GA versions of Cyberoam Firmwares including
10.04.X, 10.02.X and 10.01.X are NOT vulnerable, as they use an unaffected
version of the OpenSSL library.
The beta firmware versions 10.6.X are affected by this
vulnerability. Please be sure to upgrade the Cyberoam firmware to the latest
beta release candidate for 10.6 i.e. 10.6.1 RC-4.
As a Cyberoam customer, are you protected?
The Cyberoam Threat Research labs released IPS
signature versions 3.11.61 and 5.11.61 last week to help customers protect
themselves from the “C#Heartbleed” vulnerability being exploited against them.
You can check/update the IPS Signatures version through the appliance admin
GUI, at the System->Maintenance->Updates tab.
Signature(s) name: OpenSSL TLS DTLS Heartbeat
Information Disclosure
Default Action: Drop
Cyberoam customers are required to enable the Cyberoam
IPS policy on respective firewall rules.
What is OpenSSL?
The Open Secure Sockets Layer (OpenSSL) is a
collaborative project effort to develop a robust, commercial-grade,
full-featured, and Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a
full-strength general purpose cryptography library, based on the excellent
SSLeay library developed by Eric A. Young and Tim J. Hudson.
Bleed not over Heartbleed Abuse
says Cyberoam:
The Heartbleed vulnerability is in the news, owing to
the millions of passwords, credit card numbers and other personal information
that may be at risk because of this vulnerability that exists in OpenSSL.
The Open Secure Sockets Layer (OpenSSL) is a
collaborative project effort to develop a robust, commercial-grade,
full-featured, and Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a
full-strength general purpose cryptography library, based on the excellent SSLeay
library developed by Eric A. Young and Tim J. Hudson.
What is the ‘Heartbleed
vulnerability’?
The Heartbleed is a serious vulnerability in the
popular OpenSSL cryptographic software library. This weakness allows stealing
the information protected under normal conditions, by the SSL/TLS encryption
used to secure the Internet. SSL/TLS encryption provides communication security
and privacy over the Internet for applications such as web, email, instant
messaging (IM) and some Virtual Private Networks (VPNs).
The Heartbleed bug allows anyone on the Internet to
read the memory of the systems protected by the vulnerable versions of the
OpenSSL software. This compromises the secret keys used to identify the service
providers and to encrypt the traffic, the names and passwords of the users and
the actual content. This allows attackers to eavesdrop on communications, steal
data directly from the services and users and to impersonate services and
users. (Source: http://heartbleed.com)
Affected OpenSSL versions
The affected versions of OpenSSL include OpenSSL 1.0.1
through 1.0.1f (inclusive). OpenSSL 1.0.1g, OpenSSL 1.0.0 branch and OpenSSL
0.9.8 branch are NOT vulnerable.
Vulnerable Program: The vulnerable programme source
files are t1_lib.c and dl_both.c
Vulnerable Function: The vulnerable functions are
tls1_process_heartbeat() and dtls1_process_heartbeat().
Technical Mechanism:
Secure Socket Layer (SSL) and Transport Layer Security
(TLS) are cryptographic protocols that provide security, authentication and
data integrity for communication over TCP/IP networks. By using cryptography
primitives such as symmetric key ciphers, cryptographically secure hash
functions, and Public Key Infrastructure for asymmetric encryption/decryption
and authentication, these protocols enable hosts to communicate securely over
insecure networks.
Datagram Transport Layer Security (DTLS) is very
similar to TLS, which is used for communication over the TCP transport layer,
but includes among other features a retransmission mechanism to deal with the
unreliable UDP transport layer.
TLS/DTLS are layered protocols. All data exchanged
between the two endpoints are contained inside TLS/DTLS records, the bottom
layer of the protocol stack.
An information disclosure vulnerability exists in
OpenSSL. The vulnerable functions tls1_process_heartbeat() and
dtls1_process_heartbeat() fail to validate the Payload length value while
processing Heartbeat Request messages. While constructing a Heartbeat Response
message the vulnerable code copies Payload length bytes starting from the
Payload into a response buffer. If the Payload provided was less than Payload
length bytes, memcpy will fill in the response buffer with memory contents past
the Heartbeat Request message buffer in memory.
A remote unauthenticated attacker could exploit this
vulnerability by sending multiple crafted Heartbeat messages to the target
application. Successful exploitation would result in up to 64KB of memory
disclosure.
Should Cyberoam users worry?
Cyberoam research on this vulnerability is completed
by our research and development team. This vulnerability doesn’t affect the GA
released version of Cyberoam appliances which includes 10.04. X, 10.02.X and
10.01.X, as they use a protected version of OpenSSL. The firmware versions
10.6.X are affected by this vulnerability. Please be sure to upgrade the
Cyberoam appliance to the latest release candidate firmware for 10.6 i.e.
10.6.1 RC-4.
In addition, we have released IPS upgrades 3.11.61 and
5.11.61 to address “Heartbleed” exploit for all the Cyberoam GA and 10.6.X
versions:
Signature(s) name: OpenSSL TLS DTLS Heartbeat
Information Disclosure
Default Action: Drop
You can check/update the IPS Signatures version
through the appliance admin GUI, at the System->Maintenance->Updates tab.
Cyberoam customers are required to apply the Cyberoam
IPS policy on the respecting firewall rules.
Cyberoam has also released an exclusive Advisory on
Heartbleed exploit, available here.
Apart from this, Cyberoam also recommends all users to
not use any affected OpenSSL versions in their applications such as Web
services etc.
No comments:
Post a Comment