Address: http://blog.csdn.net/hujkay
Author: Jekkay Hu (34538980@qq.com)
Keywords: openssl, heartbleed, CVE-2014-0160, vulnerability repair, patch download
Time:
1. Overview
On the heartbleed official website, detailed information about the CVE-2014-0160 vulnerability, this is about the OpenSSL Information Leakage vulnerability caused by security issues. Changing the Heartbleed bug allows anyone on the Internet to read system-protected memory. This compromise key is used to identify service providers and encrypted traffic, user names and passwords, and actual content. This vulnerability allows attackers to intercept communication and directly steal data from service providers by simulating service providers and users.
The affected RedHat 6.x and CentOS 6.x released the openssl vulnerability patches immediately,
RHEL.6 for openssl Security Announcement number is: RHSA-2014: 0376-1, more detailed please open the following connection:
https://rhn.redhat.com/errata/RHSA-2014-0376.html
2. Vulnerability Detection
First, download the vulnerability patch file from the connection at the end of this Article. After decompression, there should be the following files:
Run the following command:
# Python ssltest. py 127.0.0.1
As shown in the following figure:Server likely not vulnerableIs normal, as follows:
If the result is:Server is vulnerableThe vulnerability is as follows:
If it is detectedConnection refused, Indicating that the HTTPS service has not been activated. Check whether the server has activated openssl-related services. If not, you do not need to upgrade the server temporarily.
3. Repair
Upload the patch to the service and run the following command:
yum install perl-WWW-Curl-4.09-3.el6.x86_64.rpm -yyum install *.rpm --skip-broken --setopt=protected_multilib=false -y
4. patch download
The official website patch provided by Redhat can be downloaded from the following link:
http://download.csdn.net/detail/hujkay/7165571
[Click here to send coffee] [https://me.alipay.com/jekkay]
Hu, Jekkay Hu