Resolution for POODLE: SSLv3 vulnerability (CVE-2014-3566)

This vulnerability allows a  attacker to decrypt ciphertext using a padding oracle side-channel attack.

POODLE affects Secure Socket Layer (SSL) version 3.0. It does not affect Transport Layer Security (TLS).

To remediate this vulnerability SSL 3.0 should be disabled

To check if your server is vulnerable

follow the below steps

Make a script file say poodle.sh and copy the contents as seen below

#vi poodle.sh

#!/bin/bash
ret=$(echo Q | timeout 5 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3 2> /dev/null)
if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
  if echo "${ret}" | grep -q 'Cipher.*0000'; then
    echo "SSL 3.0 disabled"
  else
    echo "SSL 3.0 enabled"
 fi
else
  echo "SSL disabled or other error"
fi

save and exit

wq!

give permissions for the poodle.sh file to execute

#chomd u+x poodle.sh

next run the command for vulnerability check

#./poodle.sh linuxbrainbox.com                                                    #note change linuxbrainbox.com with your server names.

you will get an output as

ssl 3.0 is enabled

if your server is vulnerable else you will get a output

ssl 3.0 is disabled

if your server is not vulnerable

if you see ssl 3.0 is enabled, follow the below steps

append the ssl.conf file for httpd service(443) with the below command .

sed -i ‘/^SSLProtocol/c\SSLProtocol ALL -SSLv2 -SSLv3’ /etc/httpd/conf.d/ssl.conf

and recheck to see the vulnerability is gone.

 

,

Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *

eXTReMe Tracker