Announcement Announcement Module
Collapse
No announcement yet.
Update and Patch for OpenSSL MITM vulnarability(CVE-2014-0224) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Update and Patch for OpenSSL MITM vulnarability(CVE-2014-0224)

    MITM is nothing but Man-In-The-Middle vulnarability.

    You will not be get passed by a PCI scan firm if your server hasn't been applied with the required patches in server. We can get rid of from this vulnarability by updating OpenSSL.

    Pre-Update Verification

    Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1g and 1.0.2-beta1.
    You can view which version of OpenSSL is installed by running the following command:

    root@server] yum info openssl

    You should receive information similar to the following:

    Installed Packages
    Name : openssl
    Arch : x86_64
    Version : 1.0.1e
    Release : 16.el6_5.7
    Size : 4.0 M
    Repo : installed



    In this case, 1.0.1e 16.el6_5.7 is vulnerable, and we’ll want to patch the server.
    You can also check the local changelog to verify whether or not OpenSSL is patched against the vulnerability with the following command:

    root@server] rpm -q --changelog openssl | grep CVE-2014-0224

    If a result is not returned, then you must patch OpenSSL.

    Installation

    It is a matter of just running one command for installation via yum:

    root@server] yum update openssl

    You should receive output similar to the following:

    --> Running transaction check
    ---> Package openssl-devel.x86_64 0:1.0.1e-16.el6_5.7 will be updated
    ---> Package openssl-devel.x86_64 0:1.0.1e-16.el6_5.14 will be an update
    --> Finished Dependency Resolution


    Now run the command in server:

    root@server] rpm -q --changelog openssl | grep CVE-2014-0224

    You should be received an output an like below.

    - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
    - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability



    That's it, you have done it :-)
Tag Cloud Tag Cloud Module
Collapse
Working...
X