Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-3566 PoC — OpenSSL 加密问题漏洞

Source
https://github.com/cloudpassage/mangy-beast
Associated Vulnerability
Title:OpenSSL 加密问题漏洞 (CVE-2014-3566)
Description:OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.0.1i版本及之前版本存在加密问题漏洞,该漏洞源于程序使用非确定性的CBC填充。攻击者利用该漏洞实施中间人攻击,获取明文数据。
Description
CloudPassage Halo policy for detecting vulnerability to CVE-2014-3566 (AKA POODLE)
Readme
##Mangy Beast

###CloudPassage Halo policy for detecting vulnerability to CVE-2014-3566 (AKA POODLE) for Red Hat hosts running Apache and mod_ssl or mod_nss and Windows Server 2008 and 2012 (server processes only)
===========

**We're not going to rehash the minute details of CVE-2014-3566, otherwise known as POODLE.  If you've found your way here, you're likely looking for a method to reliably detect and remediate.**

**Background:**  POODLE affects the Secure Sockets Layer (SSL) protocol version 3.  The danger is that an attacker who can manipulate network traffic and intercept packets from an SSLv3-encrypted datastream can potentially determine the repeated contents of the datastream (like a session key in a cookie).

**Detection:**  Download the json policy files linked at the end of this article and upload them into your Halo portal account.  Assign the policy to a group containing supported workload images (see supported platforms, below) and force a scan across all suspects.  

**Linux Notes** Bear in mind that there are two configuration item checks that will conflict for workloads running mod_nss.  Earlier versions don't have as broad support of TLS as newer versions, so if you see alerts from the mod_nss set of checks you may need to disable the one that doesn't apply to your workloads.  If you're scanning against multiple OS versions (RHEL5.10 and RHEL6.5, for instance) you should clone this policy and disable the inappropriate rule for each use case.  

**Windows Notes** Because the Windows registry path to disable SSLv3 does not exist, the check will show 'indeterminate.'  In this case, indeterminate = vulnerable because the default behavior of the Windows Server operating system is to enable SSLv3.

**Remediation:**  Disable the unsafe protocol versions in your Apache configs.  Specific details can be found in the remediation instructions within the policy.

**Supported platforms:** RHEL-ish operating systems running Apache (tested on CentOS and Oracle Linux versions 5.10 and 6.5), Windows Server 2008, and Windows Server 2012

**Files:**

  **cve-2014-3566-poodle-rpm-based-distributions.policy.json**

  **cve-2014-3566-poodle-windows-server-2008-2012.policy.json**

<!---
#CPTAGS:community-unsupported policy
#TBICON:images/json_icon.png
-->
File Snapshot

 [4.0K]  /data/pocs/40d6a11e08d6ec0370c6a6a48dfa678077c2ae1f
├── [2.2K]  cve-2014-3566-poodle-rpm-based-distributions.policy.json
├── [1.5K]  cve-2014-3566-poodle-windows-server-2008-2012.policy.json
└── [2.2K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.