CloudStack and the HeartBleed vulnerability
-
Upload
john-kinsella -
Category
Technology
-
view
426 -
download
1
description
Transcript of CloudStack and the HeartBleed vulnerability
![Page 1: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/1.jpg)
CloudStack and “HeartBleed”
![Page 2: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/2.jpg)
We’re here to talk about…
![Page 3: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/3.jpg)
What is Vulnerable• Apache CloudStack 4.2 – 4.3• SystemVMs have vulnerable version of OpenSSL installed• In particular, SSVM is running vulnerable services
![Page 4: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/4.jpg)
FRIENDS DON’T LET FRIENDS USE REALHOSTIP
![Page 5: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/5.jpg)
Status• Apache CloudStack has issued patch instructions
• We’re working on updated SystemVM templates
![Page 6: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/6.jpg)
How to patch• ssh to SystemVM• apt-get update• apt-get install openssl libssl1.0.0 • /etc/init.d/apache2 restart
![Page 7: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/7.jpg)
How to verifydpkg -l|grep ssl
ii libssl1.0.0:i386 1.0.1e-2+deb7u6 i386 SSL shared librariesii openssl 1.0.1e-2+deb7u6 i386 Secure Socket Layer (SSL) binary
![Page 8: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/8.jpg)
External tests• http://filippo.io/Heartbleed/
• https://gist.github.com/takeshixx/10107280 - run yourself
![Page 9: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/9.jpg)
HoneypotUsing http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt
$ sudo perl heartbleed_honeypot.pl
182.118.60.51
182.118.60.51
182.118.60.51
182.118.60.51
![Page 10: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/10.jpg)
Honeypot sniff
![Page 11: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/11.jpg)
Honeypot sniff
![Page 12: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/12.jpg)
Honeypot sniff
![Page 13: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/13.jpg)
ASF Infrastructure team:
“Thank you for your patience while we have worked to sort this out.We expect to reset all LDAP passwords within the next 48 hours or so,so do not be alarmed when your password stops working.”
![Page 14: CloudStack and the HeartBleed vulnerability](https://reader038.fdocuments.net/reader038/viewer/2022102721/54b7286d4a795916198b4739/html5/thumbnails/14.jpg)
kthxbye!• http://cloudstack.apache.org
@johnlkinsella