Security – POODLE: SSLv3 vulnerability (CVE-2014-3566) with Apache24 on FreeBSD-9.2

apache-2.4freebsdpoodleSecurity

I'm using FreeBSD 9.2-RELEASE-p5 with apache24-2.4.10_2 package. According to CVE-2014-3566 (POODLE), I went ahead and disabled SSLProtocol -SSLv3 following by restart of apache24 service, yet after running checks it seems like SSLv3 still enabled.

<IfModule ssl_module.c>
    SSLCipherSuite      HIGH:MEDIUM:!aNULL:!MD5
    SSLProtocol         -SSLv3
    SSLPassPhraseDialog builtin
    SSLSessionCache     "shmcb:/var/run/ssl_scache(512000)"
    SSLSessionCacheTimeout  300
</IfModule>

One of checks that I ran was this:

openssl s_client -connect <server>:<port> -ssl3

* UPDATE *

I had minor misconfiguration and after replacing <IfModule ssl_module.c> to <IfModule ssl_module>, apache24 DID accept my SSLProtocol:

[alexus@wcmisdlin02 ~]$ openssl s_client -connect j.alexus.org:443 -ssl3
CONNECTED(00000003)
139809335551816:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
139809335551816:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1413476188
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
[alexus@wcmisdlin02 ~]$

Best Answer

According to Mozilla, this configuration should work:

<VirtualHost *:443>
    ...
    SSLProtocol all -SSLv2 -SSLv3
    ...
</VirtualHost>

Related Solutions

Security – How does the updated Shellshock vulnerability test for CVE-2014-7169 work

I've been digging around the webs for a bit since I first posted this question.

According the original discoverer of the bug, bash prior to the CVE-2014-6271 patch imported a function such as:

foo=() {
  code
}

by replacing the equals sign with a space and interpreting it... which meant interpreting beyond the function definition was possible.

The patch for CVE-2014-6271 introduced a special mode of the parse_and_execute() function to limit evaluation to the function definition, and not beyond it.

However, as explained in this thread, the specially crafted environment variable of the CVE-2014-7169 vulnerability test is designed to 1) confuse the parser to death 2) leave scraps in the buffer 3) completely change what the original bash command does when it combines with the scraps already in the buffer.

So to dissect the environment variable:

X='() { (a)=>\'

The parser will analyze () { (a)=>\. Note that \ is part of the string; it is not escaping the trailing single quotation.

() {

The parser identifies this as a function definition.

(a)=

This confuses the parser to death.

>\

The parser leaves the final two characters sitting in the buffer.

>\[NEWLINE]

At some point before the sh command is run, a newline is placed in the buffer.

>\[NEWLINE]echo date

When sh is called (which is probably a symlink to bash in this case), it adds its command arguments, echo date, to the characters already existing in the buffer.

>echo date

Since the newline is escaped, bash will parse the buffer as >echo date, which has the same effect as date > echo. A file named echo is created and the stdout of the date command is redirected into it.

; cat echo

The second command simply displays the contents of the newly created file.

Security – How to tell if the website is vulnerable to CVE-2014-3566 (POODLE)

SSLv3 is Broken

With the advent of POODLE, all the cipher suites used by SSLv3 have been compromised, and the protocol should be considered irreparably broken.

Websites

You can check if your website is available over SSLv3 with curl(1):

curl -v -3 -X HEAD https://www.example.com

The -v argument turns on verbose output, -3 forces curl to use SSLv3, and the -X HEAD limits the output on a successful connection.

If you are not vulnerable, you should not be able to connect, and your output should look something like this:

* SSL peer handshake failed, the server most likely requires a client certificate to connect

If you are vulnerable, you should see normal connection output, including the line:

* SSL 3.0 connection using SSL_NULL_WITH_NULL_NULL

Other Services

It's not just websites that are available over SSL. Mail, irc, and LDAP are three examples of services available via secured connections, and are similarly vulnerable to POODLE when they accept SSLv3 connections.

To connect to a service using SSLv3, you can use the openssl(1) s_client(1) command:

openssl s_client -connect imap.example.com:993 -ssl3 < /dev/null

The -connect argument takes a hostname:port parameter, the -ssl3 argument limits the protocol versions negotiated to SSLv3, and piping in /dev/null to STDIN immediately terminates the connection after opening it.

If you connect successfully, SSLv3 is enabled; if you get a ssl handshake failure then it is not.