Security Research
Showing results for 
Search instead for 
Do you mean 

Once Bled, Twice Shy (OpenSSL: CVE-2014-0195)

spovolny ‎06-05-2014 09:52 AM - edited ‎06-05-2014 03:19 PM

Authored by: Ricky Lawshae (headlesszeke)


Several weeks back, a vulnerability in OpenSSL's "heartbeat" functionality came to light which bled the contents of a server's memory into its response packets. It was appropriately dubbed "heartbleed" and was kind of a big deal.

One happy side-effect of this vulnerability, however, was a sudden and significant increase in scrutiny of the OpenSSL codebase from the security research community, which is long overdue for something relied on so heavily and universally. It should come as no surprise that heartbleed was just the tip of the vulnerability iceberg.

Earlier today, ZDI published an advisory for a critical bug discovered by Jüri Aedla in OpenSSL's implementation of Datagram Transport Layer Security (DTLS). What makes this bug serious is the fact that it can actually lead to remote code execution from an attacker. For a more in-depth analysis and technical details ofthis vulnerability and its implications, please see the Zero Day Initiative blog posting.

From a high level, the bug involves an implicit trusting of length values specified in fragmented DTLS Client Hello messages. When a DTLS packet is fragmented, it specifies the lengths of each fragment as part of that fragment's header data. These length values are then used to create a buffer and determine how much data is read into that buffer: 


However, only the initial fragment length is used when creating the buffer, while subsequent fragment lengths are still used for deciding how much data to read into it. If a Client Hello message contains an initial fragment with a very small length, and a second fragment with a very large length, this can cause more data to be read into memory than the process was prepared to handle, leading to a buffer overflow. Obviously, this is a very serious flaw, but as usual, the Digital Vaccine team has come to the rescue.

Since DVLabs became aware of this vulnerability last month, HP TippingPoint customers have been provided with three different levels of protection against it in the form of filters 13873, 13874, and 13875. While filter 13874 is designed to detect the attack itself, filters 13873 and 13875 are geared towards broader methods of coverage. Filter 13875 will detect the usage of fragmentation in DTLS Client Hello messages. In a normal DTLS session negotiation, it's pretty rare to see fragmentation being used on a message as small as a Client Hello, so it is fairly safe to assume that something out of the ordinary is going on when it is seen. And if our customers want to take things even further, the usage of DTLS in general can be detected by enabling filter 13873. Obviously, there is nothing inherently malicious in using DTLS, but if it is not needed or normally seen in a particular environment, then this filter can make sure it never is. With this type of customizable detection granularity, an effective level of protection can be achieved in any environment.

This is probably not going to be the last vulnerability that is uncovered with all the focus being giving to OpenSSL, and more than likely others will be following quickly. But rest assured that when they do, the Digital Vaccine team will be there to provide the prompt and effective coverage that everyone needs.

0 Kudos
About the Author


Steve Povolny is a Senior Manager for DVLabs Security Research and Development teams at HP TippingPoint.

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all