SSL/TLS: Renegotiation DoS Vulnerability
-
Hey there! These vulnerabilities are from 2011, so it would be odd that they would exist on a modern server. Can you please provide the output of the following commands? rpm -qa | grep openssl- cat /etc/redhat-release
Once we see that information we can get you more details.0 -
Hi cPRex, Thanks for your reply. Please see the output: # rpm -qa | grep openssl- openssl-libs-1.0.2k-25.el7_9.x86_64 cpanel-perl-532-crypt-openssl-rsa-0.31-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-pkcs12-1.3-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-pkcs10-0.16-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-random-0.15-1.cp1198.x86_64 ea-openssl-1.0.2u-2.2.1.cpanel.x86_64 openssl-1.0.2k-25.el7_9.x86_64 cpanel-perl-532-crypt-openssl-ec-1.32-1.cp1198.x86_64 openssl-devel-1.0.2k-25.el7_9.x86_64 cpanel-perl-532-crypt-openssl-bignum-0.09-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-dsa-0.19-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-x509-1.813-1.cp1198.x86_64
# cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core)
0 -
Hi cPRex,
my security scanner is currently flaging the same vulnerability on 6 ports and I am on Almalinux 8.9.Here is the output of rpm -qa | grep openssl:
cpanel-perl-536-crypt-openssl-dsa-0.20-1.cp108~el8.x86_64
openssl-pkcs11-0.4.10-3.el8.i686
cpanel-perl-536-crypt-openssl-ec-1.32-1.cp108~el8.x86_64
cpanel-perl-536-crypt-openssl-rsa-0.33-1.cp108~el8.x86_64
openssl-devel-1.1.1k-12.el8_9.x86_64
alt-openssl-libs-1.0.2k-2.el8.cloudlinux.10.x86_64
openssl-pkcs11-0.4.10-3.el8.x86_64
alt-openssl11-1.1.1w-1.el8.x86_64
openssl-libs-1.1.1k-12.el8_9.x86_64
compat-openssl10-1.0.2o-4.el8_6.x86_64
openssl-libs-1.1.1k-12.el8_9.i686
cpanel-perl-536-crypt-openssl-random-0.15-1.cp108~el8.x86_64
alt-openssl11-libs-1.1.1w-1.el8.x86_64
cpanel-perl-536-crypt-openssl-bignum-0.09-1.cp108~el8.x86_64
openssl-1.1.1k-12.el8_9.x86_64
cpanel-perl-536-crypt-openssl-x509-1.914-1.cp108~el8.x86_64
ea-openssl11-1.1.1m-1.1.2.cpanel.x86_64cat /etc/redhat-release
AlmaLinux release 8.9 (Midnight Oncilla)How can I get rid of those?
Best,
T1
0 -
TOne1 - you'll likely need to create a changelog on your system and show that to the security scanning company as these are patched in modern systems. You can do that with the following command:
rpm -q openssl --changelog > output.txt
and then you can place the output.txt file somewhere public on your server or download that as you wish.
0
Please sign in to leave a comment.
Comments
5 comments