Skip to main content

SSL/TLS: Renegotiation DoS Vulnerability

Comments

5 comments

  • cPRex Jurassic Moderator
    Hey there! These vulnerabilities are from 2011, so it would be odd that they would exist on a modern server. Can you please provide the output of the following commands? rpm -qa | grep openssl- cat /etc/redhat-release
    Once we see that information we can get you more details.
    0
  • amstel
    Hi cPRex, Thanks for your reply. Please see the output: # rpm -qa | grep openssl- openssl-libs-1.0.2k-25.el7_9.x86_64 cpanel-perl-532-crypt-openssl-rsa-0.31-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-pkcs12-1.3-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-pkcs10-0.16-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-random-0.15-1.cp1198.x86_64 ea-openssl-1.0.2u-2.2.1.cpanel.x86_64 openssl-1.0.2k-25.el7_9.x86_64 cpanel-perl-532-crypt-openssl-ec-1.32-1.cp1198.x86_64 openssl-devel-1.0.2k-25.el7_9.x86_64 cpanel-perl-532-crypt-openssl-bignum-0.09-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-dsa-0.19-1.cp1198.x86_64 cpanel-perl-532-crypt-openssl-x509-1.813-1.cp1198.x86_64
    # cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core)
    0
  • cPRex Jurassic Moderator
    Thanks for those details. While you should move off CentOS 7 in the near future, I wouldn't expect your machine to be vulnerable to this issue. Here's some details in a thread when this issue originally was discovered:
    0
  • TOne1

    Hi cPRex,
    my security scanner is currently flaging the same vulnerability on 6 ports and I am on Almalinux 8.9.

    Here is the output of rpm -qa | grep openssl:

    cpanel-perl-536-crypt-openssl-dsa-0.20-1.cp108~el8.x86_64
    openssl-pkcs11-0.4.10-3.el8.i686
    cpanel-perl-536-crypt-openssl-ec-1.32-1.cp108~el8.x86_64
    cpanel-perl-536-crypt-openssl-rsa-0.33-1.cp108~el8.x86_64
    openssl-devel-1.1.1k-12.el8_9.x86_64
    alt-openssl-libs-1.0.2k-2.el8.cloudlinux.10.x86_64
    openssl-pkcs11-0.4.10-3.el8.x86_64
    alt-openssl11-1.1.1w-1.el8.x86_64
    openssl-libs-1.1.1k-12.el8_9.x86_64
    compat-openssl10-1.0.2o-4.el8_6.x86_64
    openssl-libs-1.1.1k-12.el8_9.i686
    cpanel-perl-536-crypt-openssl-random-0.15-1.cp108~el8.x86_64
    alt-openssl11-libs-1.1.1w-1.el8.x86_64
    cpanel-perl-536-crypt-openssl-bignum-0.09-1.cp108~el8.x86_64
    openssl-1.1.1k-12.el8_9.x86_64
    cpanel-perl-536-crypt-openssl-x509-1.914-1.cp108~el8.x86_64
    ea-openssl11-1.1.1m-1.1.2.cpanel.x86_64

    cat /etc/redhat-release
    AlmaLinux release 8.9 (Midnight Oncilla)

    How can I get rid of those?

    Best,

    T1

     

     

     

    0
  • cPRex Jurassic Moderator

    TOne1 - you'll likely need to create a changelog on your system and show that to the security scanning company as these are patched in modern systems.  You can do that with the following command:

    rpm -q openssl --changelog > output.txt

    and then you can place the output.txt file somewhere public on your server or download that as you wish.

    0

Please sign in to leave a comment.