[OmniOS-discuss] OmniOS OpenSSL 1.0.1g and CVE-2014-0160

Chris Siebenmann cks at cs.toronto.edu
Tue Apr 8 15:13:42 UTC 2014


| On 2014-04-08 15:44, Saso Kiselkov wrote:
| > Anything below OpenSSL 1.0.0 (inclusive) isn't vulnerable to this. (Most
| > legacy systems, including OI, still run on the OpenSSL 0.9.8
| > release train)
| 
| Thanks, I've read that statement ;)
| 
| I just wanted to make sure that if we have an OpenSSL 0.9.8 enabled
| server and an OpenSSL 1.0.1* (vulnerable) client, and someone has
| sniffed and saved the traffic, does indeed or does not that disclose
| the sensitive data?
| 
| For instance, I can't yet figure out if this heartbeat handshake is
| something new introduced in 1.0.1 series and so the whole procedure is
| skipped when a new OpenSSL connects with an old OpenSSL? Or not?..

 My understanding of the bug is that it requires active exploitation by
one end of the connection (either the client against the server or the
server against the client, if the client holds any sensitive material).
It's not a passive bug that can be exploited by a third party that is
just listening in because it involves introducing a deliberate protocol
violation[*].

 The bug is only present in OpenSSL versions that support heartbeats.
This was apparently introduced in 1.0.1, which dates from early 2012
(and is closed in 1.0.1g or patched versions of earlier 1.0.1 releases).

	- cks
[*: very crudely summarized, the bug is that you send the other end a
    heartbeat request that says 'echo back these 64K bytes' but
    don't actually supply anywhere near that many bytes to echo back.
    The other end then overruns your input buffer and sends you back
    whatever memory was beyond it.
]


More information about the OmniOS-discuss mailing list