Openssl Heart[beat|bleed]

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

Update 4-11-2014:
Inside job?

Current issues, 1 word:
Patch yourself people. This is bad!
If you can't patch, just down for now and ip block for what you can't down!

Think of the following:
pFsense (not 1.2.3, but 2.1 versions)!
Any ssl enabled Apache site compiled against Openssl libs.
Any mail server running IMAP or POP3 over SSL.
Any SSL based VPN.
There is exploit code out there.

To check your versions of procs:
Follow up by checking the date and time of the lib (and version if you can).
You are shooting for libcrypto 1.0.1g and a date of 4/7/14 (Monday) for Ubuntu stuff.
cat /proc/*/maps | grep -i libcrypto

Pyopenssl does "detect" this attack. You should see:
[08/Apr/2014:21:36:12] ENGINE AttributeError("'module' object has no attribute 'socket_errors_to_ignore'",)
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/", line 1292, in communicate
  File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/", line 580, in parse_request
    success = self.read_request_line()
  File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/", line 611, in read_request_line
    request_line = self.rfile.readline()
  File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/", line 274, in readline
    data = self.rfile.readline(256)
  File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/", line 1114, in readline
    data = self.recv(self._rbufsize)
  File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/", line 103, in recv
    data = self._safe_call(True, r, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/", line 75, in _safe_call
    if is_reader and errnum in wsgiserver.socket_errors_to_ignore:
AttributeError: 'module' object has no attribute 'socket_errors_to_ignore'