This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned encrypted and is then decrypted, decompressed and wrote to a file to annoy IDS/forensics. The exploit can set the heatbeart payload length arbitrarily or use two preset values for 0x00 and MAX length. The vulnerability occurs due to bounds checking not being performed on a heap value which is user supplied and returned to the user as part of DTLS/TLS heartbeat SSL extension. All versions of OpenSSL 1.0.1 to 1.0.1f are known affected. You must run this against a target which is linked to a vulnerable OpenSSL library using DTLS/TLS.
68bcedd2a727967e92d3a342ff6f366dc236929be5c2a5f69dba9ed2c35f299aCisco Security Advisory - Cisco Adaptive Security Appliance (ASA) Software is affected by privilege escalation, denial of service, and authentication bypass vulnerabilities. These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system. Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN. Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability may cause the exhaustion of available memory. This may cause system instability and in some cases lead to a reload of the affected system, creating a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for some of the vulnerabilities.
5ffa540e1b4add8c5abe5610ec11ee29186c48e865781549c862029d466feeecSlackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
cbd69fa7127b1d2897618471567a32c476868f13b4a86d93ce55cb40cf6bd0f5OpenSSL TLS Heartbeat extension memory disclosure proof of concept. Expansion of the original exploit from Jared Stafford - this one supports multiple SSL/TLS versions.
eacf96cd5f65b639ffd1574293f581a43f690b7ab4f4237f23f7ea69179e7347This python script is a modification of the heartbleed proof of concept exploit that looks for cookies, specifically user sessions.
6be146c172695396122c8d40d4638e904f2ee1a827bd6f5062014ed22f051f9fThis Perl script listens on TCP port 443 and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford's (jspenguin@jspenguin.org) demo for CVE-2014-0160 'Heartbleed'. Run as root for the privileged port. Outputs IPs of suspected heartbleed scan to the console. Rickrolls scanner in the hex dump.
796ad9cc3fad4c720764e5e9bf2d2d16466658b294a8ea3c9c7312235cba21cdThis memory disclosure exploit is a quick and dirty demonstration of the TLS heartbeat extension vulnerability.
52f0798dad98c4a1b6cab83a8eda203099ba005a12190fde8917fba6bb4fbe85Red Hat Security Advisory 2014-0378-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
85f3267b23c3a2c746ab13cf225702438ff173d13d36e28e69a306ae88cbb914Gentoo Linux Security Advisory 201404-7 - Multiple Information Disclosure vulnerabilities in OpenSSL allow remote attackers to obtain sensitive information via various vectors. Versions less than 1.0.1g are affected.
5a052eecc5f9820f2774d8bfc627f2dcb6074aeb700f13c087a5702f55105ceeRed Hat Security Advisory 2014-0377-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
8f7c4d4d016c55715c90ff4dff65e34096a229969fb8f1a6a46114297025d9faRed Hat Security Advisory 2014-0376-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
d29801163552d6c5ef3d311980862e909fec81f30ffc610d069125419da17ffeDebian Linux Security Advisory 2896-2 - This revision to the recent OpenSSL update, DSA-2896-1, checks for some services that may use OpenSSL in a way that they expose the vulnerability. Such services are proposed to be restarted during the upgrade to help in the actual deployment of the fix.
bdc2b441a742338d68217274b585f77a71fb0818c37b23e2611c5800372cdb67Debian Linux Security Advisory 2896-1 - A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory.
b46b7cdf2bdf994b775cf460ae5825957211930d6a2c4d11361546b5cd798cc0This is a modified version of ssltest.py that will do a mass scan for the Heartbleed TLS heartbeat vulnerability.
82c6e88d81229fdc66b6164151c0633d131f032bbe9893c23498032d22ddb017This exploit is a quick and dirty demonstration of the Heartbleed TLS vulnerability.
0415e43e7ef638d6c409ac662bd691d4eaf202ca6d154493d8cc75be1e929801OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.
4f8f0dc9e93799002c4bef191b0e8f5e142452409064b95a52255aa7f737badbUbuntu Security Notice 2165-1 - Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. Various other issues were also addressed.
f2b6af710c9e36df9d737d33d189c7c4552996014d2a9d3f94e1a4b698dfa7de
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed