Skip to main content

Heartbleed

Heartbleed is the vulnerable which is identifying in very famous TSL level security library call OpenSSL. It is widely used to implement TSL level security. Heartbleed is effecting if user using vulnerable OpenSSL instance for the client side or server side. Note that only the number of OpenSSL version are reported as an effected by vulnerability.
  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable
  • OpenSSL 0.9.7 branch is NOT vulnerable

CVE-2014-0160 is the official name for this vulnerability. These vulnerability names are maintain by the CVE (http://cve.mitre.org/)


What actually happened?
When Heartbleed is exploited it leads to the leak of memory information from the server to the client and from client to the server side. RFC6520 is for the transport layer security (TLS) and datagram transport layer security (DTLS). RFC6520 heartbeat extension is providing link to send heartbeat message which consisting of payload between client and server. Sender send 16 bit message and receiver should reply with the same message. The affected version of OpenSSL allocate a memory buffer for the message to be returned base on the length field in the requesting message, without regard the actual size of the message payload. Because of this failure to do proper bound checking, the message returned consist of the payload, possible followed by whatever else happened to be the allocated memory buffer.
               In that case Heartbleed can send heartbeat request with smaller payload with larger length field.

 Following image show how it happen.

[Ref:-Wikipedia]

Comments

Post a Comment

Popular posts from this blog

How to enable proxy service security in ESB 4.9.0?

Security is  one of the major concern when we developing API base integrations or application developments. WSO2 supports WS Security , WS-Policy and WS-Security Policy specifications. These specifications define a behavior model for web services. Proxy service security requirements are different from each others. WSO2 ESB providing pre-define commonly used twenty security scenarios to choose based on the security requirements. This functionality is provided by the security management feature which is bundled by default in service management feature in ESB. This configuration can be done via the web console until ESB 4.8.1 release, but this has been removed from the ESB 4.9.0. Even though this feature isn't provided by the ESB web console itself same functionality can be achieved by the new WSO2 Dev Studio . WSO2 always motivate to use dev studio to prepare required artifacts to the ESB rather than the web console. Better way to explain this scenario is by example. Following...
3 comments
Read more

How SSL Tunneling working in the WSO2 ESB

This blog post assumes that the user who reads has some basic understanding of SSL tunneling and the basic message flow of the ESB. If you are not familiar with the concepts of the SSL tunneling you can refer my previous blog post about the SSL tunneling and you can get detail idea about the message flow from this article . I will give brief introduction about the targetHandler for understand concepts easily. As you may already know TargetHandler(TH) is responsible for handling requests and responses for the backend side. It is maintaining status (REQUEST_READY, RESPONSE_READY .. ,etc) based on the events which fired by the IOReactor and executing relevant methods. As the example if a response which is coming from the backend side hits to the ESB, IOReactor fire the responseRecived method in the targetHandler side. Followings are the basic methods contain in the target handler and their responsibilities. Connect: -  This is executed when new outgoing connection needed. ...
9 comments
Read more

Select different backend pools based on the HTTP Headers in Nginx

Some scenarios we need to select different backend pools based on some attributes in the request. Nginx has that capability to selecting different backend pools based on the request header value. To accomplish this in Nginx you can use the following code in your configuration. upstream gold { server 127.0.0.1:8080; server 127.0.0.1:8081; server 127.0.0.1:8082; } upstream platinum { server 127.0.0.1:8083; server 127.0.0.1:8084; server 127.0.0.1:8085; } upstream silver { server 127.0.0.1:8086; server 127.0.0.1:8087; } # map to different upstream backends based on header map $customer_type $pool { default "gold"; platinum "platinum"; silver "silver"; } server { listen 80; server_name localhost; location / { proxy_pass http://$pool; #standard proxy settings proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; p...
Post a Comment
Read more