Logo

DOSarrest Vulnerability Testing and Optimization
Navigation
  • Home

Heartbleed: OpenSSL zero day vulnerability

on April 9, 2014 |
DDoS Attack Specialist Defend Against DDoS

In the morning of Tuesday, 8 April, we noticed that a bug had been reported in OpenSSL (CVE-2014-0160), called Heartbleed. This bug can only be found in third-party software. It enables hackers to read 64K of memory on a server that is running one of the OpenSSL versions affected by this issue.

The following versions of OpenSSL are affected:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

The following versions of OpenSSL are NOT affected:

OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

The vulnerable versions have been used for over two years and have been adopted by many modern operating systems. Therefore, some operating systems have been distributed with a potentially vulnerable OpenSSL version.

Some of these operating systems include:

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c)
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)

In order to check if one of your systems might be vulnerable to this bug, please check the following website: http://filippo.io/Heartbleed (http://s3.jspenguin.org/ssltest.py for the command line version). This website will check the URL of your website and will let you know if you have to take any action.

Many distributions like CentOS, Debian, and Ubuntu have already pushed updates for OpenSSL, and if you are running a supported OS version, you will be able to update OpenSSL by running one of the following commands:

Debian and Ubuntu:

apt-get update & apt-get upgrade

CentOS:

yum update

For more information on the Heartbleed bug, please refer to the following website: http://heartbleed.com.

Source: http://blog.leaseweb.com/2014/04/08/heartbleed-openssl-zero-day-vulnerability/

Share this story:
  • tweet

Recent Posts

  • Bad actors launched an unprecedented wave of DDoS attacks in 2020

    January 26, 2021 - 0 Comment
  • As coronavirus cases surge, so do cyberattacks against the healthcare sector

    January 11, 2021 - 0 Comment
  • DDoS Attacks Remain a Serious Threat to Businesses Worldwide

    December 17, 2020 - 0 Comment
Comments are closed.
DOSarrest ad

Keep updated with the latest DDoS Attacks

RSSSubscribe
  • Home
  • Latest News
  • Contact
  • Sitemap
© Copyright 2013. All Rights Reserved. Web Development by: 6folds Marketing