Remember Heartbleed?
Although he has deliberately not attempted to do so, he said he wouldn’t be surprised if the flaw exposed the same types of sensitive information that were exposed by Heartbleed, an extremely high-severity bug in the OpenSSL cryptographic library that came to light in 2014. As a Cloudflare community challenge quickly demonstrated, Heartbleed could be exploited to reveal the secret cryptographic key attackers needed to impersonate a vulnerable website.
“I didn’t want to risk obtaining key material of a third party, and, anyway, low-level memory analysis is not my expertise,” he told Ars. “The Cloudflare Heartbleed challenge taught us that optimistic assumptions can prove wrong under better scrutiny, so both F5 and I just assumed all memory could be potentially compromised since allocation patterns are undefined.”
The bug is technically known as a buffer overread. It’s the result of F5 developers hardcoding a value of 32 for the length of a Session ID and not accounting for the possibility of receiving shorter lengths. The failure “suggests that F5 software is written in a language that lacks memory safety (possibly C, like OpenSSL and a lot of Internet software today),” Valsorda wrote in an e-mail. “This vulnerability couldn’t have happened in a Go or a Rust codebase. Switching is much easier said than done, but this underscores how important it is.”
F5 has issued mitigation guidance for the vulnerability, which is indexed as CVE-2016-9244 and has been dubbed Ticketbleed. The advisory says that vulnerable sites can also work around the bug by turning off session-ticket capabilities. There currently is no patch available. Kudelski Security, a firm that provides services to corporations and public-sector organizations, has more guidance here.
Discussions of the bug on social media are rife with comparisons to Heartbleed, and there are some clear similarities. For instance, they both stem from a vulnerability in a widely used TLS implementation that undermines the security of encrypted connections. Both also leak random uninitialized memory, are the result of mistakes made in programming languages that provide no memory safety, and are exploitable using simple code.
But there are also some key differences. For one, the F5 implementation is proprietary and not as widely used as the open source OpenSSL package. Another difference is that Ticketbleed exposes much smaller chunks of memory, a trait that requires more effort to exploit. In short, Ticketbleed is no Heartbleed, but it’s still worth addressing immediately.
Post corrected to reflect that no software patch is available.