Shulou(Shulou.com)06/01 Report--

Note: this vulnerability was proposed by the openssl team on 2014-5-1, and contacted Red Hat and other derivative versions on June 2, and informed the public on June 5!

The OpenSSL team was notified about this issue on May 1, 2014, and contacted Red Hat and other OS distributions on June 2, 2014. This issue was made public on June 5, 2014.

OpenSSL explodes another loophole: it can be used for "middleman" *

Relevant media reports:

Http://news.zol.com.cn/459/4590770.html

Http://internet.voc.com.cn/512088/683588264695b.shtml

Http://digi.163.com/14/0606/09/9U1VJJIQ00162OUT.html

Related links:

Http://www.oschina.net/news/52530/openssl-ccs-injection

Https://access.redhat.com/site/articles/904433

(OpenSSL CCS Injection Vulnerability (CVE-2014-0224) Alert)

Vulnerability description:

OpenSSL's ChangeCipherSpec processing rereports a serious security vulnerability that allows people to intercept malicious intermediate nodes to encrypt and decrypt data while forcing SSL clients using weak keys to be exposed to malicious nodes.

When the software uses the affected version of OpenSSL, there is a risk of tampering with encrypted communications such as web browsing, e-mail, and authentication.

The affected versions include:

OpenSSL 1.0.1 through 1.0.1g

OpenSSL 1.0.0 through 1.0.0l

All versions before OpenSSL 0.9.8y

The version is not affected:

OpenSSL 1.0.1h

OpenSSL 1.0.0m

OpenSSL 0.9.8za

#

This system is CentOS 5.

Upgrade openssl:

Latest address of OpenSSL:

Http://www.openssl.org/source/openssl-1.0.1h.tar.gz

View openssl version

# openssl version

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

If you need zlib library support, you can install it!

Yum install-y zlib

Install the latest version:

Wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz

Tar xvzf openssl-1.0.1h.tar.gz

. / config shared zlib # supports zlib compression and decompression, and creates shared libraries

Make

Make install

Mv / usr/bin/openssl / usr/bin/openssl.bak

Mv / usr/include/openssl / usr/include/openssl.bak

Ln-s / usr/local/ssl/bin/openssl / usr/bin/openssl

Ln-s / usr/local/ssl/include/openssl / usr/include/openssl

Echo "/ usr/local/ssl/lib" > > / etc/ld.so.conf

Ldconfig-v

Check the version:

# openssl version

OpenSSL 1.0.1h 5 Jun 2014

Upgrade complete!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.