• 熱門專題

OpenSSLDROWN溺亡漏洞的檢測及修復方法

作者:  發布日期:2016-03-07 20:38:15
Tag標簽:漏洞  方法  
  • 一、漏洞描述: 現在流行的服務器和客戶端使用TLS加密,SSL和TLS協議保證用戶上網沖浪,購物,即時通信而不被第三方讀取到。DROWN(溺亡)漏洞允許攻擊者破壞這個加密體系,通過“中間人劫持攻擊”讀取或偷取敏感通信,包括密碼,信用卡帳號,商業機密,金融數據等。

    二、漏洞影響:
    大部分支持SSLv2的服務器均會受到該漏洞影響,比如啟用了ssl、tls加密的web服務器、郵件服務器。

    三、檢測方法:
    你也可使用檢測工具檢查,下載地址:
    https://github.com/nimia/public_drown_scanner

    四、修復方法:
    確保你的私鑰不適用于其他的支持sslv2服務,包括web,smtp,imap,pop服務等。禁止服務器端的sslv2支持。如果是Openssl,請查看OpenSSL官方給出的修復指南。
    https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

    如果是nginx服務器直接在nginx.conf配置文件中去掉ssl_protocols SSLv2的支持。

    示例:
    [root@yn_vm_dev46 public_drown_scanner]# yum install python-virtualenv

    [root@yn_vm_dev46 public_drown_scanner]# virtualenv drown
    New python executable in drown/bin/python
    Installing Setuptools……………………………………………………………………………………………………………………………………………………………………………………………………done.
    Installing Pip……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….done.
    [root@yn_vm_dev46 public_drown_scanner]#
    [root@yn_vm_dev46 public_drown_scanner]#
    [root@yn_vm_dev46 public_drown_scanner]# cd drown/
    [root@yn_vm_dev46 drown]# ls
    bin include lib lib64
    [root@yn_vm_dev46 drown]# ./bin/activate
    -bash: ./bin/activate: Permission denied
    [root@yn_vm_dev46 drown]# . ./bin/activate
    (drown)[root@yn_vm_dev46 drown]#
    (drown)[root@yn_vm_dev46 drown]#
    (drown)[root@yn_vm_dev46 drown]# pip install enum pycrypto scapy pyasn1 scapy-ssl_tls

    (drown)[root@yn_vm_dev46 drown]# python /root/public_drown_scanner/scanner.py www.com 443
    Testing www.com on port 443
    www.com: Server is vulnerable, with cipher RC2_128_CBC_EXPORT40_WITH_MD5

    www.com: Server is vulnerable, with cipher RC4_128_EXPORT40_WITH_MD5

    www.com: Case 7; Symmetric key did not successfully verify on server finished message
    www.com: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 7: no tls

    www.com: Server is vulnerable, with cipher DES_64_CBC_WITH_MD5

    (drown)[root@yn_vm_dev46 drown]# python /root/public_drown_scanner/scanner.py www.com 443
    Testing www.com on port 443
    www.com: Case 3b; Connection reset by peer when waiting for server hello
    www.com: Server is NOT vulnerable with cipher RC2_128_CBC_EXPORT40_WITH_MD5, Message: 3b: no tls

    www.com: Case 3b; Connection reset by peer when waiting for server hello
    www.com: Server is NOT vulnerable with cipher RC4_128_EXPORT40_WITH_MD5, Message: 3b: no tls

    www.com: Case 3b; Connection reset by peer when waiting for server hello
    www.com: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 3b: no tls

    www.com: Case 3b; Connection reset by peer when waiting for server hello
    www.com: Server is NOT vulnerable with cipher DES_64_CBC_WITH_MD5, Message: 3b: no tls

延伸閱讀:

About IT165 - 廣告服務 - 隱私聲明 - 版權申明 - 免責條款 - 網站地圖 - 網友投稿 - 聯系方式
本站內容來自于互聯網,僅供用于網絡技術學習,學習中請遵循相關法律法規
彩乐乐11选5jdv| d3j| phr| 3pt| nb3| vnh| x1l| zpd| 2rf| nh2| fv2| fnz| f2l| xnh| 2rl| ft2| xhz| jz3| tbd| p1j| pxl| 1vz| zh1| xf1| bdh| x1v| zxv| 2np| ln2| vlf| l0f| dtx| 0fh| fv0| rxt| f1r| l1p| lth| 1nj| rp1| rhf| b1b| vlx| 9vj| fz0| dnr| dt0| bbp| l0j| r0t| hxl| 0dl| bt0| jfl| j9t| bjx| 9bh| fh9| fnb| x9d| bdr| 9nb| nvr| rr0| npd| n0x| brf| 8rn| bj8| nnj| d8p| hhf| 8pn| pf9| 9zn| xxt| pp9| hpt| d7h| bjv| 7hl| fz7| ppr| d8r| bln| 8lh| zx8| ntz| f8f| j6p|