SSL: OpenSSL TLS DTLS Heartbeat Information Disclosure (Server, Client, and STARTTLS Support)

This signature detects attempts to exploit a known flaw in OpenSSL. An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server. This signature is an alternate version to SSL:OPENSSL-TLS-DTLS-HEARTBEAT that supports both clients as well as servers, including STARTTLS connections. It is, however, extremely performance impacting and could also be false-positive prone. Its use, therefore, is not recommended in a general configuration and should only be used in specific circumstances where it is required. This is a non-Recommended, performance-impacting signature. It will not be in any predefined groups. You must add this signature, by name, manually to your policy, or create your own custom dynamic group.

Extended Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Affected Products

Broadcom symantec_messaging_gateway

References

BugTraq: 66690

CVE: CVE-2014-0160

URL: http://www.openssl.org/news/secadv_20140407.txt http://heartbleed.com/

Short Name

SSL:OPENSSL-HEARTBEAT-ALTERNATE

Severity

Major

Recommended

False

Recommended Action

None

SSL: OpenSSL TLS DTLS Heartbeat Information Disclosure (Server, Client, and STARTTLS Support)

Extended Description

Affected Products

References

Found a potential security threat?