SSL: OpenSSL TLS DTLS Heartbeat Information Disclosure
This signature detects attempts to exploit a known flaw in OpenSSL. An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server. This version only protects OpenSSL SERVERS. For client protection (not Recommended, and for most customers, not needed), please use SSL:OPENSSL-HEARTBEAT-ALTERNATE *instead* of this signature. NOTE: This is a performance-impacting signature, and therefore will NOT be in the pre-defined dynamic group "[Recommended]SSL" but instead in the "[Recommended]Misc_SSL". Alternatively, you can add this signature directly by name to your policy to ensure you have the correct protection.
Extended Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Affected Products
Broadcom symantec_messaging_gateway
References
BugTraq: 66690
CVE: CVE-2014-0160
URL: http://heartbleed.com/ http://www.openssl.org/news/secadv_20140407.txt
Short Name
SSL:OPENSSL-TLS-DTLS-HEARTBEAT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SSL
Keywords
CVE-2014-0160 DTLS Disclosure Heartbeat Information OpenSSL TLS bid:66690
Release Date
04/09/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3719
False Positive
Unknown
Vendors
Filezilla-project
Redhat
Fedoraproject
Broadcom
Openssl
Opensuse
Siemens
Mitel
Splunk
Debian
Canonical
CVSS Score
5.0