Skip to content ↓ | Skip to navigation ↓

The Heartbleed vulnerability is a very serious issue as it affects the popular OpenSSL open source library used throughout the Internet and private networks. Since OpenSSL is used in a variety of networking products, more than one application or device on your network could be vulnerable.

Tripwire Vulnerability Management solutions provide extensive detection rules to squash the Heartbleed bug wherever it may hide on your network, including remote and local vulnerability checks:

  • Remote checks are basic rules to detect instances of the Heartbleed bug that are affecting services running on your network such as web servers, FTP servers, and email servers.
  • Local checks take a deeper look into system configurations by using administrative credentials to closely inspect machines for traces of the Heartbleed bug.

Only Tripwire provides both remote and local checks to detect devices on your network that are vulnerable to the Heartbleed bug. Devices on your network may have a vulnerable version of OpenSSL installed but it may not be running at the time of a scan. Local checks are necessary to detect all vulnerable applications whether they’re running or not.

If you’re not already a Tripwire IP360 customer, you can use the free Tripwire SecureScan to respond to Heartbleed threats in your environment. Tripwire Vulnerability Management products contain checks for the Heartbleed vulnerabilities below:

Remote Checks

TLS ‘Heartbleed’ Vulnerability (Tripwire ID: 92851)

A vulnerability exists in the OpenSSL implementation of the TLS heartbeat extension.  Successful exploitation of this vulnerability can undermine the privacy assurances of strong cryptography by revealing private keys, decrypted communications, and details of the vulnerable system’s architecture.

XMPP TLS Heartbleed Vulnerability (Tripwire ID: 92874)

Various implementations of XMPP over TLS are prone to the Heartbleed attack.  Heartbleed exploits a vulnerability in OpenSSL’s implementation of the TLS Heartbeat extension (RFC6520) which reveals contents of system memory in response to an unauthenticated connection.  Successful exploitation of this condition can reveal secret keys and other confidential data to an attacker.

POP3 TLS Heartbleed Vulnerability (Tripwire ID: 92873)

Various implementations of POP3 over TLS are prone to the Heartbleed attack.  Heartbleed exploits a vulnerability in OpenSSL’s implementation of the TLS Heartbeat extension (RFC6520) which reveals contents of system memory in response to an unauthenticated connection.  Successful exploitation of this condition can reveal secret keys and other confidential data to an attacker.

IMAP TLS Heartbleed Vulnerability (Tripwire ID: 92872)

Various implementations of IMAP over TLS are prone to the Heartbleed attack.  Heartbleed exploits a vulnerability in OpenSSL’s implementation of the TLS Heartbeat extension (RFC6520) which reveals contents of system memory in response to an unauthenticated connection.  Successful exploitation of this condition can reveal secret keys and other confidential data to an attacker.

FTP TLS Heartbleed Vulnerability (Tripwire ID: 92869)

Various implementations of FTP over TLS are prone to the Heartbleed attack.  Heartbleed exploits a vulnerability in OpenSSL’s implementation of the TLS Heartbeat extension (RFC6520) which reveals contents of system memory in response to an unauthenticated connection.  Successful exploitation of this condition can reveal secret keys and other confidential data to an attacker.

SMTP TLS Heartbleed Vulnerability (Tripwire ID: 92865)

Various implementations of SMTP over TLS are prone to the Heartbleed attack.  Heartbleed exploits a vulnerability in OpenSSL’s implementation of the TLS Heartbeat extension (RFC6520) which reveals contents of system memory in response to an unauthenticated connection.  Successful exploitation of this condition can reveal secret keys and other confidential data to an attacker.

OpenSSL TLS ‘Heartbleed’ Vulnerability (Tripwire ID: 92868)

Note: This remote PCI check is only available to Tripwire PureCloud PCI customers.

A vulnerability exists in the OpenSSL implementation of the TLS heartbeat extension. The vulnerability exists due to a missing bounds check in the handling of the TLS heartbeat extension.

Successful exploitation of this vulnerability can undermine the privacy assurances of strong cryptography by revealing private keys, decrypted communications, and details of the vulnerable system’s architecture.

SSL/TLS Certificate Issued Before Heartbleed Public Disclosure (Tripwire ID: 92867)

A SSL/TLS certificate was issued prior to April 8, 2014 when a critical vulnerability in OpenSSL was publicly disclosed.  The private key material may have been compromised if this certificate was used with a service vulnerable to CVE-2014-0160 (Heartbleed attack).

Notes on remote checks for Heartbleed:

The remote rules for Heartbleed are built on the same core design:

pic

  1. A host may still have vulnerable libraries but may have the heartbeat functionality disabled. In this case, a remote check wouldn’t find the host vulnerable and local detection would be required. Although, the risk is also greatly reduced.
  2. Heartbeat response are designed as a form of keep alive / health check. There are times when they are not returned. This could be due to a timeout due to network congestion, host prioritization of responses, or any number of other reasons.

Local Checks

OpenSUSE TLS Heartbleed Vulnerability (Tripwire ID: 92871)

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c.

Oracle ELSA-2014-0376: Oracle Linux 6 Heartbleed Vulnerability (Tripwire ID: 92866)

A vulnerability exists in the OpenSSL implementation of the TLS heartbeat extension.  Successful exploitation of this vulnerability can undermine the privacy assurances of strong cryptography by revealing private keys, decrypted communications, and details of the vulnerable system’s architecture.

USN-2165-1: OpenSSL CVE-2014-0160 Vulnerability (Tripwire ID: 92864)

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbleed Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c.

CESA-2014:0376: OpenSSL CVE-2014-0160 Vulnerability (Tripwire ID: 92831)

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbleed Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c.

RHSA-2014:0376: OpenSSL CVE-2014-0160 Vulnerability (Tripwire ID: 92821)

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c.

OpenVPN TLS Heartbleed Vulnerability (Tripwire ID: 92870)

A vulnerability exists in the OpenSSL implementation of the TLS heartbeat extension.  Successful exploitation of this vulnerability can undermine the privacy assurances of strong cryptography by revealing private keys, decrypted communications, and details of the vulnerable system’s architecture.

  • Affected versions: OpenVPN 2.3.2 – OpenVPN 2.3.2-I003

And be sure to join us for the webcast Heartbleed Outpatient Care: Steps for Secure Recovery on Thursday, April 17, 2014 1:00 PM EDT/10:00 AM PDT where we will be discussing the need for a robust security strategy for rapid reaction to vulnerabilities and threats.

In this webcast we will examine:

  • The  Heartbleed vulnerability in detail, how it occurred with examples of how it can be used against your organization
  • How you can identify your business exposure and what systems are vulnerable
  • How Tripwire’s solutions work together to help you close the detection, remediation and prevention gaps around Heartbleed

pic

 

Related Articles:

 

Resources:

picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service  for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.

 

picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

 

Title image courtesy of ShutterStock