Christopher Parsons

Testing for “reverse” Heartbleed

Testing for “reverse” Heartbleed:

The Heartbleed vulnerabilityin OpenSSL allows a malicious TLS implementation to extract random chunks of memory from an unpatched peer. If you’re not up to speed on Heartbleed, check out the excellent documentation on that site andcheck your servers ASAPto see if you might be vulnerable.

Most of the attention around the Heartbleed attack has focused on the simplest and most obvious scenario: a malicious client attacking an HTTPS server to steal cookies, private keys, and other secrets. But this isn’t the only attack possible: a malicious server can also send bad heartbeat packets to a client that uses OpenSSL and extract data from that client. The TLS heartbeats used in this attack aresymmetric: they can be initiated by either the “client” or the “server” in a TLS connection, and both endpoints use the same vulnerable parsing code.

Importantly, even if the server that you are querying (e.g. Tumblr.com) is patched against this OpenSSL vulnerability the servers behind the front-end of the server may not be. As a result, payment gateways, agents responsible for fetching URLs, some identity federation protocols, and so forth may also be vulnerable. In Meldium’s tests, who have they announced was vulnerable?

  • An unnamed top 5 social network (we’re waiting for confirmation of their fix) that fetched our URL to generate a preview. The memory we extracted from their agent included results from internal API calls and snippets of python source code.
  • Reddit, which can use a URL to suggest a name for a new post, used a vulnerable agent that they’ve now patched. The memory we were able to extract from this agent was less sensitive, but we didn’t get as many samples because they patched so quickly (nice work!).
  • We registered a webhook to our malicious URL at rubygems.org to notify us whenever a gem was published. Within a few minutes, we captured chunks of S3 API calls that the Rubygems servers were making. After the disclosure, they quickly updated OpenSSL and are now protected (really nice work, especially from an all-volunteer staff!).

This is just a very, very small snippet of vulnerable parties. And given how many backend systems will simply not be updated for fear of breaking compatibility (e.g. in the case of payment gateways) this will be a long-term vulnerability.

SSL: the solution to a problem that is persistently generating problems unsolvable by SSL itself.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close