Post on 15-Jan-2015
description
CloudStack and “HeartBleed”
We’re here to talk about…
What is Vulnerable• Apache CloudStack 4.2 – 4.3• SystemVMs have vulnerable version of OpenSSL installed• In particular, SSVM is running vulnerable services
FRIENDS DON’T LET FRIENDS USE REALHOSTIP
Status• Apache CloudStack has issued patch instructions
• We’re working on updated SystemVM templates
How to patch• ssh to SystemVM• apt-get update• apt-get install openssl libssl1.0.0 • /etc/init.d/apache2 restart
How to verifydpkg -l|grep ssl
ii libssl1.0.0:i386 1.0.1e-2+deb7u6 i386 SSL shared librariesii openssl 1.0.1e-2+deb7u6 i386 Secure Socket Layer (SSL) binary
External tests• http://filippo.io/Heartbleed/
• https://gist.github.com/takeshixx/10107280 - run yourself
HoneypotUsing http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt
$ sudo perl heartbleed_honeypot.pl
182.118.60.51
182.118.60.51
182.118.60.51
182.118.60.51
Honeypot sniff
Honeypot sniff
Honeypot sniff
ASF Infrastructure team:
“Thank you for your patience while we have worked to sort this out.We expect to reset all LDAP passwords within the next 48 hours or so,so do not be alarmed when your password stops working.”
kthxbye!• http://cloudstack.apache.org
jlk@stratosec.co
@johnlkinsella