\

POODLE: SSLv3 vulnerability (CVE-2014-3566)

There is a new vulnerability found in the SSL 3.0 protocol,  All implementations of SSL 3.0 are affected.

Red Hat CVE CVE-2014-3566

What Is POODLE Vulnerability?

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt the Cipher-text using a padding oracle side-channel attack. More details are available in the OpenSSL advisory.

POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3.0. It does not affect the newer encryption mechanism known as Transport Socket Layer (TLS).

SSL certificates are not effected. Ie,  you don’t need to reissue your certificate even if you found your server as vulnerable.

Recommendations

To mitigate this vulnerability SSL 3.0 should be disabled in all affected packages.

Determining Vulnerability

Run the Following Script from your server. If you get SSL 3.0 enabled – VULNERABLE. 

You are safe, If you get SSL 3.0 enabled – Not vulnerable,

#!/bin/bash
ret=$(echo Q | timeout 5 openssl s_client -connect "$1:${2-443}" -ssl3 2> /dev/null)
if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
if echo "${ret}" | grep -q 'Cipher.*0000'; then
echo "SSL 3.0 disabled - $1 Not Vulnerable"
else
echo "SSL 3.0 enabled - $1 VULNERABLE"
fi
else
echo "SSL disabled or other error"
fi

Usage : poodle.sh www.exampe.com

Redhat Customers can use the Online tool From Red Hat labs.

Resolution

Disable SSLv2 and SSLv3 (Enable everything except SSLv2 and SSLv3), in httpd.conf

SSLProtocol All -SSLv2 -SSLv3

Restart httpd Service

# service httpd restart

 

Links

Red Hat Article – POODLE SSLv3 vulnerability

 

Jobin Joseph

More Posts

Follow Me:
TwitterFacebookLinkedInYouTube