OpenSSL CVE-2014-0160 Heartbleed bug and Red Hat Enterprise Linux

-

OpenSSL CVE-2014-0160 Heartbleed bug and Red Hat Enterprise Linux

Issue

  • Does CVE-2014-0160 affect Red Hat Enterprise Linux?
  • Need fix for openssl heartbleed bug
  • What versions of Red Hat Enterprise Linux are affected by openssl heartbleed vulnerability?
  • Do we have a list of packages/services we ship with RHEL that need a restart after OpenSSL has been updated?

Environment

  • Red Hat Enterprise Linux 7 Release Candidate (RC) not affected
  • Red Hat Enterprise Linux 7 Beta affected
  • Red Hat Enterprise Linux 6 affected
  • Red Hat Enterprise Linux 5 not affected
  • Red Hat Enterprise Linux 4 not affected
  • For other affected products, refer to https://access.redhat.com/site/announcements/781953

Resolution

Step 1: Determine if RHEL system is vulnerable to flaw described in CVE-2014-0160

  • Red Hat Enterprise Linux 7 Release Candidate (RC)
    • Red Hat Enterprise Linux 7 RC include OpenSSL version openssl-1.0.1e-34.el7 which includes a fix backported from openssl-1.0.1g
  • Red Hat Enterprise Linux 7 Beta
    • OpenSSL versions openssl-1.0.1e-33.el7 and earlier include a flawed libssl.so library vulnerable to the issue
    • To determine openssl version, use the command: rpm -q openssl
    • Version openssl-1.0.1e-34.el7 included a fix backported from openssl-1.0.1g
    • See footnote for considerations specific to RHEL 7 Beta1
  • Red Hat Enterprise Linux 6
    • OpenSSL versions openssl-1.0.1e-15 through openssl-1.0.1e-16.el6_5.4 include a flawed libssl.so library vulnerable to the issue
    • The first affected version shipped with RHEL 6.5 (RHEL 6.4 and older shipped with the unaffected openssl-1.0.0 series)
      • Systems which report as RHEL 6.0 - 6.3 could still have been updated to a newer [vulnerable] openssl-1.0.1 series package
    • To determine openssl version, use the command: rpm -q openssl
    • Version openssl-1.0.1e-16.el6_5.7 included a fix backported from openssl-1.0.1g
  • Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 4
    • Vulnerable OpenSSL 1.0.1 series versions never shipped in RHEL 5 or earlier

Optional Step 2: Look for and/or query processes which are using the vulnerable libssl library

Step 3: Upgrade the openssl package

  • Red Hat Enterprise Linux 7 Beta
    • Update to openssl-1.0.1e-34.el7 (which corrected the flaw) or later
  • Red Hat Enterprise Linux 6
    • Update to openssl-1.0.1e-16.el6_5.7 (which corrected the flaw, as described in RHSA-2014:0376) or later
  • As always, registered systems with internet access (or any RHEL 7 Beta system, or systems connected to Satellites, etc) can be updated via yum, e.g.:
    • yum update openssl
  • Otherwise, use a connected system to download the package or download the package directly from the Customer Portal2
    • After that, transfer the package to the system in question and install it manually with yum, e.g.:
      • yum update <path-to-openssl*rpm>

Step 4: After updating openssl, restart all processes using the flawed libssl.so3

  • The safest & simplest thing to do: perform a system reboot
  • Alternatively: use the commands from Optional Step 2 to determine which processes need to be restarted and then act accordingly

Optional Step 5: Re-scan updated systems with one of the Heartbleed Detector tools

Optional Step 6: Take additional remediation steps as desired

  • Official statement from Red Hat Security Response Team:
    Red Hat is not aware of any public exploit being used in the wild for this issue prior to the date of disclosure. However, a number of public exploits were published shortly after the issue was disclosed.4 These exploits could lead to the disclosure of information handled by applications using OpenSSL, including private keys, session tokens, and data submitted by users, which could include authentication credentials. It is recommended that you assess the risk this could pose to your systems, and perform additional remediation as you deem appropriate.

Root Cause

  • Official statement from Security Advisory RHSA-2014:0376:
    An information disclosure flaw was found in the way OpenSSL handled TLS and
    DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server
    could send a specially crafted TLS or DTLS Heartbeat packet to disclose a
    limited portion of memory per request from a connected client or server.
    Note that the disclosed portions of memory could potentially include
    sensitive information such as private keys. (CVE-2014-0160)
  • For links to more detail, see the entry for CVE-2014-0160 in Red Hat's CVE Database

Comments

Post a Comment

Popular posts from this blog

Python reference Interview questions

-
1)HCL Python scripting developer Interview questions:- 1) How do you check list of files in the given path in python ?? 2) How do you check whether file is exist or not in python 3) How do you perform copy file cmd in python ?? 4) What is d use of setup.py in python 5) What is d use of __init__=__main__: condition in python?? 6) What is d type of *args and **kargs ?? 7) sys.path use in python ??   2) CES Limited Python developer Interview Face2Face Interview questions:- 1.Basic questions on oops:   *.Implement Base class using Instance, static and Abstract method     instance method - takes two arguments to add operation     static method - takes two args to multiply operation     abstract method - takes two args to div operation   *. Implement child class using 3 instance methods     instance - takes three args for add operation     instance - takes two args for multiplicatio operation     instance - takes two args for div opration     create a
Read more

[SOLVED]* Please wait for the system Event Notification service

-
Image
There are different ways to solve this issue , Few of them are mentioned below .A permanent fix for this issue is yet to find. Solution : 1 Remove "Windows Live Messenger" from their terminal server resolved logout issues. Solution : 2 Start "Remote Desktop Services Manager" Identify the user ID in the Users tab In the Processes tab sort by ID Go down to the user ID and end the winlogon.exe process the user session will be logged off Solution : 3 From: mikefrobbins.com by graham ross From a command prompt on my PC or another computer on the domain I ran this to find out the PID of the svchost.exe associated with SENS sc \servername queryex SENS Note down the PID of that process and kill that process using PID. taskkill /S servername /PID xxxx /F Solution: 4 From : Windows Sever Forum The COM+ Event System timed out attempting to fire the Logoff method on event class {D5978650-5B9F-11D1-8DD2-00AA004ABD5E} for publisher and subscriber . The subscriber failed
Read more

Rebuild the initial ramdisk image in Red Hat Enterprise Linux

-
How to rebuild the initial ramdisk image in Red Hat Enterprise Linux  SOLUTION VERIFIED  - Updated  April 12 2016 at 10:15 AM  -  English  Environment Red Hat Enterprise Linux (RHEL) 3 Red Hat Enterprise Linux (RHEL) 4 Red Hat Enterprise Linux (RHEL) 5 Red Hat Enterprise Linux (RHEL) 6 Red Hat Enterprise Linux (RHEL) 7 initrd / initramfs image Issue How to rebuild the initial ramdisk image in Red Hat Enterprise Linux How to remake or recreate the initrd or initramfs The  /etc/lvm/lvm.conf  and root file system resides on a logical volume. How to ensure the changes are applied upon rebooting? The  /etc/multipath.conf  and my root file system resides on a multipath device. How to ensure the changes are applied upon rebooting? The module options in  /etc/modprobe.conf  or  /etc/modprobe.d/  have been modified. How to ensure the changes are applied upon rebooting? Resolution When adding new hardware to a system, or after changing configuration files that may be
Read more