Nash's world

Demonstration of Reverse OpenSSL Reverse Heart Bleed Bug CVE-2014-0160

by on Apr.11, 2014, under Programing

heart-bleed-bug Heart Bleed is turning out to be one of the worst bugs to hit web. While sys admins every where have been rushing to fix the web facing servers. Worst of it was thought to be mitigated by patching the servers and loadbalancers that terminated the SSL connections. It has now been demonstrated that clients that use openssl is also effected and these include

  • MariaDB 5.5.36
  • wget 1.15 (leaks memory of earlier connections and own state)
  • curl 7.36.0
  • git 1.9.1 (tested clone / push, leaks not much)
  • nginx 1.4.7 (in proxy mode, leaks memory of previous requests)
  • links 2.8 (leaks contents of previous visits!)
  • links is a great example that demonstrates the effect of this bug on clients. It is a text-based browser that leaks details including headers (cookies, authorization tokens) and page contents

A malicious server can take advantage of this and copy the memory contents from an unsuspecting client memorys as demoed here

rv heart bleed demo 2

here I am trying to load a Image from one of my servers that has social media content then after i load the page i connect to a malicious server that tries to exploit this bug.

Here is the content the server was to able to grab from from the client.
rv heart bleed demo 1

As you can seen I am able to get exif data of the loaded image and partial content of image.

Here is another demo where by i try to connect to maybanklogin page. then connect to my malicious server. As you can see I am able to get the header passed by the page and partial content of the page too

rv heart bleed demo 3

rv heart bleed demo 4

Please do note this is not a bug on server side but a bug on client side so go and update your OpenSSL library asap. You can get the demo code from https://github.com/Lekensteyn/pacemaker

Enhanced by Zemanta
:, , , , , , , , , , ,

Leave a Reply

*

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...

IDL

Member of The Internet Defense League