Heartbleed is
the vulnerable which is identifying in very famous TSL level security library
call OpenSSL. It is widely used to implement TSL level security. Heartbleed
is effecting if user using vulnerable OpenSSL instance for the client side or
server side. Note that only the number of OpenSSL version are reported as an
effected by vulnerability.
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
- OpenSSL 0.9.7 branch is NOT vulnerable
CVE-2014-0160 is the official name for this vulnerability. These vulnerability names are maintain by the CVE (http://cve.mitre.org/)
What actually happened?
When Heartbleed is exploited it leads to the leak of memory information from the server to the client and from client to the server side. RFC6520 is for the transport layer security (TLS) and datagram transport layer security (DTLS). RFC6520 heartbeat extension is providing link to send heartbeat message which consisting of payload between client and server. Sender send 16 bit message and receiver should reply with the same message. The affected version of OpenSSL allocate a memory buffer for the message to be returned base on the length field in the requesting message, without regard the actual size of the message payload. Because of this failure to do proper bound checking, the message returned consist of the payload, possible followed by whatever else happened to be the allocated memory buffer.
In that case Heartbleed can send heartbeat request with smaller payload with larger length field.
Following image show how it happen.
When Heartbleed is exploited it leads to the leak of memory information from the server to the client and from client to the server side. RFC6520 is for the transport layer security (TLS) and datagram transport layer security (DTLS). RFC6520 heartbeat extension is providing link to send heartbeat message which consisting of payload between client and server. Sender send 16 bit message and receiver should reply with the same message. The affected version of OpenSSL allocate a memory buffer for the message to be returned base on the length field in the requesting message, without regard the actual size of the message payload. Because of this failure to do proper bound checking, the message returned consist of the payload, possible followed by whatever else happened to be the allocated memory buffer.
In that case Heartbleed can send heartbeat request with smaller payload with larger length field.
Following image show how it happen.
[Ref:-Wikipedia]
Comments