This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned encrypted and is then decrypted, decompressed and wrote to a file to annoy IDS/forensics. The exploit can set the heatbeart payload length arbitrarily or use two preset values for 0x00 and MAX length. The vulnerability occurs due to bounds checking not being performed on a heap value which is user supplied and returned to the user as part of DTLS/TLS heartbeat SSL extension. All versions of OpenSSL 1.0.1 to 1.0.1f are known affected. You must run this against a target which is linked to a vulnerable OpenSSL library using DTLS/TLS.
68bcedd2a727967e92d3a342ff6f366dc236929be5c2a5f69dba9ed2c35f299a
Cisco Security Advisory - Cisco Adaptive Security Appliance (ASA) Software is affected by privilege escalation, denial of service, and authentication bypass vulnerabilities. These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system. Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN. Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability may cause the exhaustion of available memory. This may cause system instability and in some cases lead to a reload of the affected system, creating a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for some of the vulnerabilities.
5ffa540e1b4add8c5abe5610ec11ee29186c48e865781549c862029d466feeec
Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
cbd69fa7127b1d2897618471567a32c476868f13b4a86d93ce55cb40cf6bd0f5
OpenSSL TLS Heartbeat extension memory disclosure proof of concept. Expansion of the original exploit from Jared Stafford - this one supports multiple SSL/TLS versions.
eacf96cd5f65b639ffd1574293f581a43f690b7ab4f4237f23f7ea69179e7347
This python script is a modification of the heartbleed proof of concept exploit that looks for cookies, specifically user sessions.
6be146c172695396122c8d40d4638e904f2ee1a827bd6f5062014ed22f051f9f
This Perl script listens on TCP port 443 and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford's (jspenguin@jspenguin.org) demo for CVE-2014-0160 'Heartbleed'. Run as root for the privileged port. Outputs IPs of suspected heartbleed scan to the console. Rickrolls scanner in the hex dump.
796ad9cc3fad4c720764e5e9bf2d2d16466658b294a8ea3c9c7312235cba21cd
This memory disclosure exploit is a quick and dirty demonstration of the TLS heartbeat extension vulnerability.
52f0798dad98c4a1b6cab83a8eda203099ba005a12190fde8917fba6bb4fbe85
Red Hat Security Advisory 2014-0378-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
85f3267b23c3a2c746ab13cf225702438ff173d13d36e28e69a306ae88cbb914
Gentoo Linux Security Advisory 201404-7 - Multiple Information Disclosure vulnerabilities in OpenSSL allow remote attackers to obtain sensitive information via various vectors. Versions less than 1.0.1g are affected.
5a052eecc5f9820f2774d8bfc627f2dcb6074aeb700f13c087a5702f55105cee
Red Hat Security Advisory 2014-0377-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
8f7c4d4d016c55715c90ff4dff65e34096a229969fb8f1a6a46114297025d9fa
Red Hat Security Advisory 2014-0376-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
d29801163552d6c5ef3d311980862e909fec81f30ffc610d069125419da17ffe
Debian Linux Security Advisory 2896-2 - This revision to the recent OpenSSL update, DSA-2896-1, checks for some services that may use OpenSSL in a way that they expose the vulnerability. Such services are proposed to be restarted during the upgrade to help in the actual deployment of the fix.
bdc2b441a742338d68217274b585f77a71fb0818c37b23e2611c5800372cdb67
Debian Linux Security Advisory 2896-1 - A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory.
b46b7cdf2bdf994b775cf460ae5825957211930d6a2c4d11361546b5cd798cc0
This is a modified version of ssltest.py that will do a mass scan for the Heartbleed TLS heartbeat vulnerability.
82c6e88d81229fdc66b6164151c0633d131f032bbe9893c23498032d22ddb017
This exploit is a quick and dirty demonstration of the Heartbleed TLS vulnerability.
0415e43e7ef638d6c409ac662bd691d4eaf202ca6d154493d8cc75be1e929801
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.
4f8f0dc9e93799002c4bef191b0e8f5e142452409064b95a52255aa7f737badb
Ubuntu Security Notice 2165-1 - Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. Various other issues were also addressed.
f2b6af710c9e36df9d737d33d189c7c4552996014d2a9d3f94e1a4b698dfa7de