SSLv3 POODLE vulnerability on your server and the fixes

The SSLv3 Poodle vulnerability which was released on October 14th 2014, is an attack on the SSL 3.0 protocol and it is completely protocol based vulnerability.

POODLE stands for “Padding Oracle On Downgraded Legacy Encryption”. The padding attack happens when a plain text is converted to ciphertext. The plain text message often has to be expanded to be compatible with the underlying cryptographic structure and the leakage of data mainly occur during the decryption of the cipher text.

The SSLv3 poodle vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle attack. Continue reading…

VENOM – QEMU vulnerability – CVE-2015-3456

VENOM vulnerability also known as QEMU exploit is the most recent vulnerability reported on May 13, 2015 and it is discovered by Jason Geffner while performing a security review of virtual machine hypervisors.

VENOM stands for “Virtualized Environment Neglected Operations Manipulation”.

This venom exploits QEMU, an open source machine emulator. The venom CVE-2015-3456 vulnerability resides in the virtual floppy drive code (FDC) used by the virtualization platforms. If it gets exploited, it allows an attacker to gain full control of the operating system hosting them and as well as on the other guest VMs running on the same host machine.

 

Failure to mitigate this issue, this exploited virtual machine escape could open access to the host system and all other VMs running on that host, potentially giving elevated access to the host’s local network and adjacent systems running on the network.

Generally, to eliminate the possibility of exploitation, proceed with the following.

To install the updates using the yum package manager, execute the command given below.

yum update

To update the QEMU package and its dependencies alone, execute the command given below.

yum update qemu-kvm

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Glibc – GHOST vulnerability – CVE-2015-0235 and the Fix

In Linux servers, more than 60 binaries and major services such as SSH, Named, Bash etcrely on the glibc libraries. A heap-based buffer overflow was found in __nss_hostname_digits_dots() and an attacker could use this flaw to execute arbitrary code with the privilege of the users running the application using the function gethostbyname()

 

Check if your server is GHOST vulnerable

If the glibc version in your server is lower than 2.18, then your server is most exposed to this vulnerability.

You can check the glibc version in your server using the command given below.

#ldd –version Continue reading…

An Introduction to FirewallD (Dynamic firewall)

FirewallD is a new firewall suite being introduced to Linux distribution. At present, the all-new popular CentOs 7 has it as the default firewall suite which in near future will be implemented in servers. FirewallD, as usual, was developed by the Fedora community and was implemented in the 20th version of the same. It is also being used in arch Linux and others till the date.

FirewallD is a dynamic firewall, dynamic in the sense that any change in the firewall will be implemented as soon as the amendment is made. That is unlike the previous firewall suite (iptable) where no hard reset or restart is needed to implement the rule amended or included. Iptables is deprecated in the early release version of CentOs 7, which means sooner or later the package would be replaced by FirewallD. Since FirewallD is not completely compatible with  Iptable it is still present. Although deprecated the concept of iptables can be implemented via firewallD using the direct option available. Continue reading…