This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

OpenSSL Heartbleed bug: CVE-2014-0160

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

OpenSSL Heartbleed bug: CVE-2014-0160

AdamBatey
L1 Bithead

‎04-07-2014 10:35 PM

Hi,

Just wondering if any Palo Alto versions are affected by this bug in OpenSSL?

http://heartbleed.com/

Regards

64 REPLIES 64

miwright
Not applicable

‎04-09-2014 08:08 AM

Yes, it looks to have just went live. Any reason as to why it was originally pulled and then re-released?

HULK
L7 Applicator
In response to miwright

‎04-09-2014 08:15 AM

Initially there was an issue, the newly added signature was not visible until the user logout and login again into the GUI.

Thanks

rgreens
L2 Linker
In response to miwright

‎04-09-2014 08:16 AM

I have applied it but when we test our websites using Test your server for Heartbleed (CVE-2014-0160) it reports our sites as vulnerable.

infotech
L4 Transporter
In response to HULK

‎04-09-2014 08:18 AM

So this update can be installed during work hours and not cause any issues to the operation of the PA

mario11584
L4 Transporter
In response to infotech

‎04-09-2014 08:23 AM

Is that a question? If it is the answer is yes.

mario11584
L4 Transporter
In response to rgreens

‎04-09-2014 08:25 AM

rgreens, mine is doing the same thing still. Is the update not working?

vickmarkr
L1 Bithead
In response to rgreens

‎04-09-2014 08:26 AM

rgreens, Are you seeing the vulnerability signature firing in the Threat Log?  When we try either that website or the Python script that is going around against our websites, I do not see anything in the Threat log after we have applied 429-2164.

rgreens
L2 Linker
In response to vickmarkr

‎04-09-2014 08:30 AM

Nothing in the threat log either.

ericgearhart
L4 Transporter

‎04-09-2014 08:35 AM

I'm using ssltest.py to test various sites both behind a pair of PA firewalls and internal sites where traffic is monitored by a PA4020 in tap mode only, and I can't get the threat alert to fire off when I test sites. Is anyone else having trouble verifying the threat rule is working?

For reference I'm using ssltest.py from here:

Python Heartbleed (CVE-2014-0160) Proof of Concept

gafrol
L4 Transporter
In response to ericgearhart

‎04-09-2014 11:55 AM

I was not able to get the signature to fire neither....

infotech
L4 Transporter

‎04-09-2014 12:46 PM

Has anyone actually gotten hit by  heartbleed? If so how does it show in the PA etc.

mss.support
L2 Linker

‎04-09-2014 01:17 PM

Is this it?

Threat/Content Name   OpenSSL TLS Heartbeat Information Disclosure Vulnerability

HULK
L7 Applicator
In response to mss.support

‎04-09-2014 01:21 PM

IPS vulnerability signature ID 36416 ("OpenSSL TLS Heartbeat Information Disclosure Vulnerability")

mss.support
L2 Linker

‎04-09-2014 01:25 PM

I think you guys were searching for the wrong thing.  It was there all along Smiley Happy

OpenSSL TLS Heartbeat Information Disclosure Vulnerability

36416

OpenSSL is prone to a information leak vulnerability while parsing certain crafted SSL requests. The vulnerability is due to the TLS heartbeat extension failing to properly handle SSL request. An attacker could exploit the vulnerability by sending many crafted SSL requests. A successful attack could lead to leak of the server sensitive information.

CVE-2014-0160

http://www.openssl.org/news/secadv_20140407.txt

HWSAdmin
Not applicable
In response to gafrol

‎04-09-2014 01:57 PM

Me neither.

For good measure, I deleted the existing Threat Definitions and pulled down new ones as I thought perhaps I had originally installed the version that had been pulled by engineering.

Still can't get it to recognize threat hits.

Will this signature/SSL Decoder only work in a situation where the PA is performing decryption?

  • 28615 Views
  • 64 replies
  • 5 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks