Solved

HeartBleed Vulnerability

Posted on 2014-04-10
5
498 Views
Last Modified: 2014-04-11
I am running CenOS 5.x and 6.x on my several servers with Nginx and some with Apache almost all use Comodo SSL certificates. My question is how to mitigate the risk of HeartBleed Vulnerability? I have already update OpenSSL packages. Is that enough?
0
Comment
Question by:sysautomation
5 Comments
 
LVL 88

Assisted Solution

by:rindi
rindi earned 125 total points
ID: 39991190
You should also renew the SSL certificates you have, as those could have been copied while the vulnerability was still there. Besides, yum update to completely keep your OS up-to-date (not just SSL) should be done regularly, as there can always be other vulnerabilities that get patched that way.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 125 total points
ID: 39991291
Agreed.

Step one is to visit https://www.ssllabs.com/ssltest/ or a similar testing site and verify you are properly patched now (it will also check some other common stuff for you at the same time)

Step Two is to *assume* that your server keys and user accounts could have been compromised and take the steps appropriate to that - obtain and install a new SSL key/cert pair, revoke the old cert, and advise customers that the bug may apply and to change their passwords as soon as possible.

I think one of the ironic things is that if you hadn't updated SSL since before March 2012, you were safe :)
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 125 total points
ID: 39991571
unless you are running 6.5, it probably isn't an issue for you

OpenSSL CVE-2014-0160 Heartbleed bug and Red Hat Enterprise Linux
https://access.redhat.com/site/solutions/781793

if you don't have access to read that article, it states that RHEL 5 is not affected and RHEL 6 is not affected through release 4 when using openssl-1.0.0

Any system reportedly running Red Hat Enterprise Linux 6.5 is likely affected, but more specifically, any RHEL 6 system with versions of the openssl package from openssl-1.0.1e-15.el6 through openssl-1.0.1e-16.el6_5.4 is affected
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 125 total points
ID: 39992113
It impacts OpenSSL 1.0.1 through 1.0.1f.

If you are on 1.0.1 or 1.0.1g+, you are not affected and does not need to do anything.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39993546
one of those cases where you need to know what you upgraded from, I guess.

If you have upgraded openssl from 1.0.0 to 1.0.1 at any point, then you were vulnerable. if you have now gone to 1.0.1g then you are no longer vulnerable, but only by knowing if you WERE vulnerable do you know if that mattered...
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now