Blog

HeartBleed Aftermath Part 2

June 20, 2014 by Ixia Blog Team

In our Part 1 blog post, we talked about a new attack that was targeting the GnuTLS cryptographic library and that was discovered by the same company that uncovered the Heartbleed bug. We also briefly mentioned two other critical vulnerabilities disclosed on the 5th of June in the OpenSSL library. Heartbleed is what all these events have in common. It provided measurable proof, since the Snowden leaks, that the cryptographic libraries that we have come to rely on are not as secure as initially thought.

CVE-2014-0224 [1], also known as the Change Cipher Spec injection vulnerability, allows an attacker to perform a man-in-the-middle attack between a vulnerable server and client to fully decrypt traffic across all SSL/TLS versions. The attack is quite simple, and involves sending a ChangeCipherSpec message before the client has sent the pre-master key. This leads to using a zero-length pre-master key and then deriving all the keying material as such. As the algorithm is public, this means that the attacker can easily derive the keys used to encrypt the communication and freely intercept all traffic.

For the attack to work, both server and client must be using a vulnerable version of the OpenSSL library, which means that most desktop browsers are safe against this attack, but also that Android/IOS apps that communicate over HTTP should be verified and patched. What is extremely interesting is that the bug has been present since the very first release of OpenSSL more than 16 years ago. Masashi Kikuchi, the person who uncovered the flaw, set out to verify the correctness of implementation of the TLS calculations in various libraries. His report says that “it is easy to correctly implement CSS” and that “If the reviewers had enough experiences, they should have verified OpenSSL code in the same way they do their own code. They could have detected the problem.” [2]

CVE-2014-0195 [3] is a vulnerability in DTLS, a variant of TLS meant to work over UDP. Due to improper handling of overlapping offsets when TLS records are fragmented over multiple packets, a memory corruption is triggered [4]. Simply sending a couple of malicious packets would cause an instant denial of service (DoS) on services using the vulnerable version of the OpenSSL library, but attackers may very easily leverage this to cause remote code execution. The interesting thing is that the commit logs show that the person who introduced this bug was also responsible for the Heartbleed bug. When interviewed for the Heartbleed bug, Dr. Robin Seggelmann, cataloged the flaw as being “trivial” despite its rather severe impact [5].

The ATI (Application and Threat Intelligence) team analyzed both flaws quickly and have already implemented variants for both. The BreakingPoint system strives to emulate real attack patterns, so aside from the randomness we build into every strike, our advanced evasion engine offers the possibility of customizing payload delivery at all levels of the OSI stack.

Leverage Subscription Service to Stay Ahead of Attacks

The Ixia BreakingPoint Application and Threat Intelligence (ATI) program provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.

Additional Resources:

View Ixia’s Full ATI Protocol List

 

[1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224

[2] http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
[3] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0195

[4] http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002

[5] http://arstechnica.com/information-technology/2014/04/heartbleed-developer-explains-openssl-mistake-that-put-web-at-risk/