CVE-2014-0224 PoC — OpenSSL 加密问题漏洞

Source

Associated Vulnerability

Title:OpenSSL 加密问题漏洞 (CVE-2014-0224)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL中存在安全漏洞，该漏洞源于程序没有正确限制ChangeCipherSpec消息的处理。攻击者可借助特制的TLS握手利用该漏洞实施中间人攻击，在OpenSSL-to-OpenSSL通信过程中使用零长度的主密钥，劫持会话或获取敏感消息。以下版本受到影响：OpenSSL 0.9.8y及之前的版本，1.0

Description

Used for evaluating hosts for CVE-2014-0224

Readme

Evaluates hosts for CVE-2014-0224 vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

Usage:

>ccs-eval.py list-of-hosts.txt

-Takes in a list of hosts, line seperated. Checks the host for common SSL ports using 
nmap. Peforms PoC injection test supplied by RedHat (fake-client-early-ccs.pl). Writes 
results to "local-results-list-of-hosts.txt"

File Snapshot


 [4.0K]  /data/pocs/2bed6f46ecac4ee835a4ddd8fdc19d077dc0f8b8
├── [2.0K]  ccs-eval.py
├── [3.7K]  fake-client-early-ccs.pl
└── [ 371]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!