Openssl is an opensource software which is widely used for implementing the transport layer security like SSL and TSL. Openssl provides a cryptographic functions and lot of other functions. Almost two years ago ,there is new function injected to openssl version 1.0.1 which is called heartbeat. What the heartbeat protocol does on openssl ? Heartbeat keep the secure connection alive for a bit.It keeps the session alive so it doesn’t get the connection taken down. Typically the SSL connections will be terminated immediately if there is no activity . By using the heartbeat protocol, attackers can steal the memory contents without leaving any trace on the system that the system being hacked.
This flaw allows an attacker to retrieve the private memory of an application that uses the vulnerable openssl libssl library in chunks of 64k at any time. Note that an attacker can repeatedly leverage the vulnerability to retrieve as many 64K chunks of memory as are necessary to retrieve the intended secrets.(Like credit card information,passwords, and other sensitive information etc..). So heartbeat protocol leaks the memory contents and that’s why this bug is named as heartbleed .
In order to coordinate recovery from this bug , opensource have classified the compromised secrets to four categories
primary key material (secret keys)
Secondary key material (Username and password)
Protected content (sensitive data)
Collateral (Memory address)
Any service that supports STARTLS (imap,smtp,http,pop) may also be affected. You can find more information about heartbleed here.
Here is the impacted and non-impacted openssl version.
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
1. How can you find if VMware ESXi node is affected by heartbleed or not ?
You can check the openssl version using the below command.VMware ESXi 5.5 has vulnerable openssl .Login to ESXi server and execute the below mentioned commands.
2.How can i find if my VMware vCenter server is affected by heartbleed or not ? (Vmware vCenter server 5.5 is impacted )
Login to vcenter server and start – > run – > cmd (Press Enter)
In my case, i have two version of openssl and openssl 1.0.1e has the vulnerable.
3.How to fix the issue ?
As of now there is no direct patch has been released by VMware to fix the vulnerable openssl. But you can isolate the management network from the internet. Normally virtual machines are exposed to the internet and exposuring the Vsphere components directly on the internet is strongly discouraged .
Here is the small test to find whether the heartbeat is enabled or not .
Login to VMware ESXi 5.5 server and run the below command.
If you see “TLS server extension “heartbeat” (id=15), len=1″ in the above command output,then the host has the heartbleed bug.
Refer the VMware KB to find the other impacted Vmware products on this bug.
Hope this article is informative to you. Share it ! Comment it !! Be Sociable !!!
The post Heartbleed vulnerability on VMware ESXI 5.5 and Vcenter 5.5 appeared first on UnixArena.