Caros
Creio que todos tenham sido informados sobre uma vulnerabilidade descoberta no dia 09 de abril de 2014 (a 02 dias!) e que afeta diretamente qualquer dispositivo que esteja utilizando OpenSSL.
A Dell SonicWALL realizou a atualização as assinaturas do IPS ontem mesmo (dia 09/04) com isto, qualquer Servidor ou Dispositivo que utilize o OpenSSL afetado mas que esteja atrás de um Appliance Dell SonicWALL não sofrerá com esta vulnerabilidade.
Abaixo listo o informativo enviado ontem a noite pela Dell SonicWALL:
==================================================================
SonicWALL Security Center
OpenSSL HeartBleed Vulnerability(CVE-2014-0160) Actively Targeted(Apr 9, 2014)
Description
Dell SonicWALL Threats Research Team has observed the OpenSSL HeartBleed Vulnerability being actively targeted in the wild.
This Critical vulnerability has been assigned CVE-2014-0160. This is an Information Disclosure Vulnerability which can be used to reveal up to 64K of memory due to an incorrect bounds check. OpenSSL has also released a Security Advisory that addresses this issue.
Dell SonicWALL firewalls with activated Intrusion Prevention protect customers’ servers against this attack with the following signatures by testing the bytes in the heartbeat packet against the limits that are outside the normal bounds:
- IPS:3616 OpenSSL Heartbleed Information Disclosure 1
- IPS:3638 OpenSSL Heartbleed Information Disclosure 2
- IPS:3652 OpenSSL Heartbleed Information Disclosure 3
- IPS:3653 OpenSSL Heartbleed Information Disclosure 4
The following is the format of a HeartBeat Request. Malicious attackers can craft this specific request to extract sensitive information from vulnerable servers not behind a Next Gen firewall.
Following stats show how this attack is being actively exploited.
Here, it is quite evident that the hourly hits are increasing.
The distribution below shows USA being targeted the most.
Espero que ajude!
Igor Casalecchi
Instrutor SonicWALL