Twitter | Search | |
Neel Mehta 8 Apr 14
Heap allocation patterns make private key exposure unlikely for .
Reply Retweet Favorite
Tomas Rzepka
We can extract the private key successfully on FreeBSD after restarting apache and making the first request with ssltest.py
Reply Retweet Favorite More
Philip 8 Apr 14
Ieeeeek. Ok, do you have proof because this is significant discovery with major financial ramifications. similar results on Linux?
Reply Retweet Favorite
Tomas Rzepka 8 Apr 14
Does not work on Debian. We patched the FreeBSD machine but I will see if we can gather some evidence. :)
Reply Retweet Favorite
Philip 9 Apr 14
Ive been smashing TLS daemons on my Debian lab machine but haven't seen anything interesting. What is it about the FreeBSD alloc??
Reply Retweet Favorite
Tomas Rzepka 9 Apr 14
Maybe that freebsd uses mmap to implement malloc?
Reply Retweet Favorite
Philip 9 Apr 14
that's easily the best writeup on it I've seen. Thanks.
Reply Retweet Favorite
Tomas Rzepka 9 Apr 14
Reply Retweet Favorite
Philip 9 Apr 14
nice one. That's all the proof we need to start revoking. I'd love to know similar exposures on other platforms.
Reply Retweet Favorite
Liaf 9 Apr 14
what version of OpenSSL did you run on this FreeBSD?
Reply Retweet Favorite
FreeBSD Help 9 Apr 14
Must have been pre-fixed ports (security/openssl) 9.1-RELEASE has 0.9.8y in base
Reply Retweet Favorite
Liaf 9 Apr 14
0.9.8y isn't compromised, is it?
Reply Retweet Favorite
FreeBSD Help 9 Apr 14
It is not vulnerable to but is to CVE-2014-0076 See:
Reply Retweet Favorite
Tomas Rzepka 9 Apr 14
Server: Apache/2.2.27 (FreeBSD) mod_ssl/2.2.27 OpenSSL/1.0.1f DAV/2
Reply Retweet Favorite
Mako 9 Apr 14
Cool! I've recovered it from Apache on Gentoo as a bare prime factor in binary, but your demo's a lot clearer.
Reply Retweet Favorite
Ryan Barnett 9 Apr 14
attackers just need to send payloads at midnight when most sites run daily log rollover/restart scripts.
Reply Retweet Favorite
Tomas Rzepka 9 Apr 14
Cool, do need to restart apache or just send enough requests?
Reply Retweet Favorite
Tomas Rzepka 9 Apr 14
Yes, or if your lucky, find a DOS-vuln and wait for admin to restart.
Reply Retweet Favorite
Ollivier Robert 9 Apr 14
there you go, you are running 1.0.1f thus non-patched one. Please upgrade your port.
Reply Retweet Favorite
Mako 9 Apr 14
@thegruqq It has a lowish success rate, more tries on the same connection don't help, reconnecting may, restarting probably won't.
Reply Retweet Favorite