Situational Awareness Alert for OpenSSL Vulnerability (UPDATE A)

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS-ALERT-14-009-01 Situational Awareness Alert for OpenSSL Vulnerability that was published April 9, 2014, on the ICS-CERT web page.

table.gridtable {
font-family: verdana,arial,sans-serif;
font-size:11px;
color:#333333;
border-width: 1px;
border-color: #666666;
border-collapse: collapse;
}
table.gridtable th {
border-width: 1px;
padding: 8px;
border-style: solid;
border-color: #666666;
background-color: #dedede;
}
table.gridtable td {
border-width: 1px;
padding: 8px;
border-style: solid;
border-color: #666666;
background-color: #ffffff;
}

SUMMARY

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS-ALERT-14-009-01 Situational Awareness Alert for OpenSSL Vulnerability that was published April 9, 2014, on the ICS-CERT web page.

NCCIC/ICS-CERT is aware of a public report of a vulnerability with proof-of-concept (PoC) exploit code that could expose private SSL keys used in the OpenSSL implementation of secure communication. According to this report, the vulnerability in OpenSSL Versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the transport layer security/datagram transport layer security (TLS/DTLS) heartbeat functionality that could disclose private/encrypted information to an attacker. This vulnerability is commonly referred to as “heartbleed.” This vulnerability was discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who reported this vulnerability to the National Cyber Security Centre Finland (NCSC-FI) for vulnerability coordination and reporting to the OpenSSL team. This report was released without coordination with either the vendor or ICS-CERT. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to this and other cybersecurity attacks.

The report included vulnerability details and PoC exploit code for the following vulnerability:

CVE-2014-0160CVE, http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160, web site last accessed April 10, 2014. has been assigned. A CVSS score of 6.4 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:P/A:N)NVD, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:N, web site last accessed April 10, 2014.

The vulnerability exists in the Heartbeat extension (RFC6520) to OpenSSL’s Transport Layer Security (TLS) and the Datagram Transport Layer Security (DTLS) protocols. The Heartbeat extension is functionally a “keep-alive” between end-users and the secure server. It works by sending periodic “data pulses” of 64 KB in size to the secure server and once the server receives that data; it reciprocates by resending the same data at the same size.CVE, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160, web site last accessed April 10, 2014.

The out-of-bounds “read” vulnerability exists because the Heartbeat extension does not properly validate the data being sent from the end-user. As a result, a malicious actor could send a specially crafted heartbeat request to the vulnerable server and obtain sensitive information stored in memory on the server. Furthermore, even though each heartbeat only allows requests to have a data size limited to 64 KB segments, it is possible to send repeated requests to retrieve more 64 KB segments, which could include encryption keys used for certificates, passwords, usernames, and even sensitive content that were stored at the time. An attacker could harvest enough data from the 64 KB segments to piece together larger groupings of information, which could help an attacker develop a broader understanding of the information being acquired.SANS OpenSSL Vulnerability, http://digital-forensics.sans.org/blog/2014/04/10/heartbleed-links-simulcast-etc/, web site last accessed April 10, 2014.

The following OpenSSL libraries are affected:

OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2-beta1

--------- End Update A Part 1 of 2----------

ICS-CERT encourages any asset owners/operators, developers, or vendors to coordinate known implementations of the affected products directly with ICS-CERT.

As OpenSSL may be used as a third-party component, asset owners, operators, and SCADA software developers are encouraged to investigate the use of the affected versions of OpenSSL in their environments.

MITIGATION

OpenSSL Version 1.0.1g has addressed and mitigates this vulnerability. Please contact your software vendor to check for availability of updates. Any system that may be affected by this vulnerability should regenerate any credential information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items.

--------- Begin Update A Part 2 of 2 --------

Upgrade affected TLS/TDLS clients and servers to OpenSSL version 1.0.1g. Alternatively, affected versions of OpenSSL may be recompiled with the option “-DOPENSSL_NO_HEARTBEATS” to mitigate the vulnerability until an upgrade can be performed.

Contact equipment vendors for specific mitigation information as the implementations may vary. In addition, IDS signatures are available that may provide awareness of an attack of this nature occurring. An example of these rule sets can be found heref:

alert tcp any [!80,!445] -> any [!80,!445] (msg:"FOX-SRT - Suspicious - SSLv3 Large Heartbeat Response"; flow:established,to_client; content:"|18 03 00|"; depth: 3; byte_test:2, >, 200, 3, big; byte_test:2, <, 16385, 3, big; threshold:type limit, track by_src, count 1, seconds 600; reference:cve,2014-0160; classtype:bad-unknown; sid: 1000000; rev:4;)

NOTE:  ICS-CERT has not tested the validity or efficacy of these rule sets and cautions users to thoroughly test these solutions before implementing them into production environments!

--------- End Update A Part 2 of 2----------

ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

• Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.g
• Locate control system networks and devices behind firewalls, and isolate them from the business network.

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

ICS-CERT also provides a recommended practices section for control systems on the ICS-CERT web site (http://ics-cert.us-cert.gov). Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Organizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

This earlier update contained an inaccuracy that has since been removed.

• f. IDS signature examples, http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/, web site last accessed April 10, 2014.
• g. ICS-CERT ALERT, http://ics-cert.us-cert.gov/alerts/ICS-ALERT-10-301-01, web site last accessed April 9, 2014.

• Other