Technology Blog

Heart Bleed Bug – OpenSSL – part 2

0

I keep greater than 30 servers and a number of other of them was affected with Heartbleed bug. CentOS launched update for OpenSSL package deal(s) so there are not any excuses to not update (yum update openssl, … ).

In the meantime, there are a whole lot of sysadmins which nonetheless didn’t do something to guard their servers and shoppers (https://gist.github.com/dberkholz/10169691).

Testing REMOVED.com for instance:

[email protected] ~/Downloads $   ./check.py REMOVED.com Connecting... Sending Client Hello... Waiting for Server Hello...  ... acquired message: sort = 22, ver = 0302, size = fifty eight  ... acquired message: sort = 22, ver = 0302, size = 4837  ... acquired message: sort = 22, ver = 0302, size = A Sending heartbeat request...  ... acquired message: sort = 24, ver = 0302, size = 16384 Received heartbeat response:   0000: 02 forty 00 D8 03 02 fifty three forty three 5B ninety 9D 9B seventy two 0B BC 0C  [email protected][...r...   0010: BC 2B ninety two A8 forty eight ninety seven CF BD 39 04 CC sixteen 0A eighty five 03 ninety  .+..T...N.......   0020: 9F seventy seven 04 33 D4 DE 00 00 sixty six C0 14 C0 0A C0 22 C0  .w.O....f.....".   0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00  !.N.H.........H.   0040: eighty four C0 12 C0 08 C0 1C C0 1B 00 sixteen 00 thirteen C0 0D C0  ................   0050: 03 00 0A C0 thirteen C0 09 C0 1F C0 1E 00 33 00 32 00  ............O.2.   0060: 9A 00 ninety nine 00 forty five 00 forty four C0 0E C0 04 00 2F 00 ninety six 00  ....W.A...../...   0070: forty one C0 eleven C0 07 C0 0C C0 02 00 05 00 04 00 15 00  A...............   0080: 12 00 09 00 14 00 eleven 00 08 00 06 00 03 00 FF 01  ................   0090: 00 00 forty nine 00 0B 00 04 03 00 01 02 00 0A 00 34 00  ..I...........A.   00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00  2...............   00b0: 0A 00 sixteen 00 17 00 08 00 06 00 07 00 14 00 15 00  ................   00c0: 04 00 05 00 12 00 thirteen 00 01 00 02 00 03 00 0F 00  ................   00d0: 10 00 eleven 00 23 00 00 00 0F 00 01 01 sixty seven 3A 20 sixty seven  ....#.......g: g   00e0: 7A sixty nine 70 2C 20 sixty four sixty five sixty six 6C sixty one seventy four sixty five 0D 0A fifty two sixty five  zip, deflate..Re   00f0: sixty six sixty five seventy two sixty five seventy two 3A 20 sixty eight seventy four seventy four 70 seventy three 3A 2F 2F seventy seven  ferer: https://w   0100: seventy seven seventy seven 2E seventy four 6F seventy three sixty eight sixty nine sixty two sixty one 2E sixty three 6F 6D 2F seventy four  ww.REMOVED.com/t   0110: sixty nine sixty three 2F 70 seventy two 6F sixty four seventy five sixty three seventy four 2F seventy six 32 30 30 30  ic/product/v2000   0120: 2D seventy three sixty five seventy two sixty nine sixty five seventy three 2D seventy three 6D sixty one 6C 6C 2D 70 6C  -collection-small-pl   0130: sixty three seventy three 0D 0A forty three 6F 6F 6B sixty nine sixty five 3A 20 4A fifty three forty five fifty three  cs..Cookie: JSES   0140: fifty three forty nine 4F 4E forty nine forty four 3D forty four 39 37 36 34 38 30 32 30  SIONID=D97648020   0150: forty one forty five 36 32 31 forty six forty five forty one 31 forty four 38 forty five 30 37 33 forty two  AE621FEA1D8E073B   0160: forty two 38 31 forty four forty four 32 36 2E seventy four sixty one 3B 20 sixty three sixty nine seventy four seventy two  B81DD26.ta; citr   0170: sixty nine seventy eight 5F 6E seventy three 5F sixty nine sixty four 3D sixty two 35 fifty three 33 fifty eight 6A 6B  ix_ns_id=b5S3Xjk   0180: 4A forty nine fifty nine 4B fifty three 31 6E forty two 2F 31 forty five seventy three 4B 6C fifty eight forty six  JIYKS1nB/1EsKlXF   0190: 6D 70 seventy one forty five forty one 30 30 30 0D 0A forty three 6F 6E 6E sixty five sixty three  mpqEA000..Connec   01a0: seventy four sixty nine 6F 6E 3A 20 6B sixty five sixty five 70 2D sixty one 6C sixty nine seventy six sixty five  tion: hold-alive   01b0: 0D 0A forty nine sixty six 2D 4D 6F sixty four sixty nine sixty six sixty nine sixty five sixty four 2D fifty three sixty nine  ..If-Modified-Si   01c0: 6E sixty three sixty five 3A 20 fifty four seventy five sixty five 2C 20 30 35 20 4E 6F seventy six  nce: Tue, 05 Nov   01d0: 20 32 30 31 33 20 31 34 3A 32 30 3A 33 34 20 forty seven   2013 14:20:34 M   01e0: 4D fifty four 0D 0A 0D 0A sixty nine sixty five 1F 0E 88 sixty five 6C forty eight 9C E1  MT....ie...elH..   01f0: 7C 8F FD AC 1C ninety three.......~.......   0200: 0D 0A forty nine sixty six 2D 4E 6F 6E sixty five 2D 4D sixty one seventy four sixty three sixty eight 3A  ..If-None-Match:   0210: 20 22 31 sixty one sixty six 38 36 31 2D 37 34 2D 34 sixty four sixty six 32   "1af861-seventy four-4df2   0220: 32 34 31 34 38 39 33 30 30 22 0D 0A 0D 0A 4E 1A  241489300"....I. ....   3fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   3fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   3fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   3ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   WARNING: server returned extra knowledge than it ought to - server is weak!

For safety causes, actual area which I examined is changed with “REMOVED”

Some hosts from the record I posted above are already patched (which is sweet)

[email protected] ~/Downloads $   ./check.py zoho.com Connecting... Sending Client Hello... Waiting for Server Hello...  ... acquired message: sort = 22, ver = 0302, size = sixty six  ... acquired message: sort = 22, ver = 0302, size = 2399  ... acquired message: sort = 22, ver = 0302, size = 331  ... acquired message: sort = 22, ver = 0302, size = A Sending heartbeat request... Unexpected EOF receiving document header - server closed connection No heartbeat response acquired, server doubtless not weak

Throwing rocks to OpenSSL builders isn’t the great concept. Donating cash for paid builders is a lot better choice…