Solved

HeartBleed Vulnerability

Posted on 2014-04-10
5
495 Views
Last Modified: 2014-04-11
I am running CenOS 5.x and 6.x on my several servers with Nginx and some with Apache almost all use Comodo SSL certificates. My question is how to mitigate the risk of HeartBleed Vulnerability? I have already update OpenSSL packages. Is that enough?
0
Comment
Question by:sysautomation
5 Comments
 
LVL 87

Assisted Solution

by:rindi
rindi earned 125 total points
ID: 39991190
You should also renew the SSL certificates you have, as those could have been copied while the vulnerability was still there. Besides, yum update to completely keep your OS up-to-date (not just SSL) should be done regularly, as there can always be other vulnerabilities that get patched that way.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 125 total points
ID: 39991291
Agreed.

Step one is to visit https://www.ssllabs.com/ssltest/ or a similar testing site and verify you are properly patched now (it will also check some other common stuff for you at the same time)

Step Two is to *assume* that your server keys and user accounts could have been compromised and take the steps appropriate to that - obtain and install a new SSL key/cert pair, revoke the old cert, and advise customers that the bug may apply and to change their passwords as soon as possible.

I think one of the ironic things is that if you hadn't updated SSL since before March 2012, you were safe :)
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 125 total points
ID: 39991571
unless you are running 6.5, it probably isn't an issue for you

OpenSSL CVE-2014-0160 Heartbleed bug and Red Hat Enterprise Linux
https://access.redhat.com/site/solutions/781793

if you don't have access to read that article, it states that RHEL 5 is not affected and RHEL 6 is not affected through release 4 when using openssl-1.0.0

Any system reportedly running Red Hat Enterprise Linux 6.5 is likely affected, but more specifically, any RHEL 6 system with versions of the openssl package from openssl-1.0.1e-15.el6 through openssl-1.0.1e-16.el6_5.4 is affected
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 125 total points
ID: 39992113
It impacts OpenSSL 1.0.1 through 1.0.1f.

If you are on 1.0.1 or 1.0.1g+, you are not affected and does not need to do anything.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39993546
one of those cases where you need to know what you upgraded from, I guess.

If you have upgraded openssl from 1.0.0 to 1.0.1 at any point, then you were vulnerable. if you have now gone to 1.0.1g then you are no longer vulnerable, but only by knowing if you WERE vulnerable do you know if that mattered...
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now