Shulou(Shulou.com)05/31 Report--

How to check openssl vulnerabilities, I believe that many inexperienced people are at a loss about this. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

According to the monitoring and forecast of the Internet Security Center, the security protocol OpenSSL has recently exposed serious security loopholes. This security flaw is known as "Heartbleed". The security flaw version of OpenSSL1.01 has been available since March 12, 2012. This means that tens of millions of websites are already potentially dangerous. OpenSSL fixed this vulnerability by launching OpenSSL 1.01g on April 7 this year.

OpenSSL is a security protocol that provides security and data integrity for network communication. It can realize message digits, encryption and decryption of files, digital certificates, digital signatures and random numbers, etc., including the main cryptographic algorithms, commonly used key and certificate encapsulation management functions and SSL protocol. At present, it is widely used in important websites, such as online banking, online payment, e-commerce websites, portals, e-mail and so on.

OpenSSL the flaw of this vulnerability is that Web servers that use certain versions of OpenSSL will store some data that is not protected by security. You can obtain this data, reconstruct information about the user or key, and obtain the user's encrypted data.

Because OpenSSL is the default SSL / TLS certificate for Apache and NGINX Web servers, many websites are more likely to be vulnerable to Heartbleed vulnerabilities.

Operating system companies are now providing customers with patches for OpenSSL. So far, the fixed Linux operating systems include: CentOS,Debian,Fedora,Red Hat,openSUSE and Ubuntu. The SUSE Linux Enterprise Server (SLES) is not affected.

The specific affected openssl versions are:

OpenSSL Project OpenSSL 1.0.2-beta (including 1.0.2-beta and 1.0.2-beta1)

OpenSSL Project OpenSSL 1.0.1 (including 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)

Unaffected version:

OpenSSL Project OpenSSL 0.98,1.0.0, 1.0.1g and 1.0.2-beta2

Self-check on the linux host:

$whereis openssl # find openssl location

Openssl: / usr/bin/openssl / usr/include/openssl / usr/share/man/man1/openssl.1

Version information of $ldd / usr/bin/openssl # openssl is stored in libcrypto.so

/ usr/bin/openssl needs:

/ usr/lib/libc.a (shr.o)

/ usr/lib/libpthreads.a (shr_comm.o)

/ usr/lib/libpthreads.a (shr_xpg5.o)

/ usr/lib/libcrypto.a (libcrypto.so.0.9.8)

/ usr/lib/libssl.a (libssl.so.0.9.8)

/ unix

/ usr/lib/libcrypt.a (shr.o)

$ssh-V # shows the version of openssl

OpenSSH_5.8p1, OpenSSL 0.9.8r 8 Feb 2011

This version of openssh is not affected.

$cat / etc/issue

Welcome to SUSE Linux Enterprise Server 11 SP2 (x86 / 64)-Kernel\ r (\ l).

Suse Enterprise Edition 11 is not affected.

Other system and OPENSSL versions need to be patched or upgraded.

Centos repair # yum-y install openssl

Other # apt-get install openssl

After reading the above, have you mastered the method of how to check openssl vulnerabilities? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.