CVE-2014-3566 PoC — OpenSSL 加密问题漏洞

Source

https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook

Associated Vulnerability

Title:OpenSSL 加密问题漏洞 (CVE-2014-3566)
Description:The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Readme

# CVE-2014-3566-poodle

This cookbook will error out your chef run if your server is vulnerable to [CVE-2014-3566](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566).

Although this cookbook can be used to watch for failed chef runs, it is also a proof of concept.

## Supported Platforms

- Ubuntu 12.04
- Centos-6.4

## Attributes

<table>
  <tr>
    <th>Key</th>
    <th>Type</th>
    <th>Description</th>
    <th>Default</th>
  </tr>
  <tr>
    <td><tt>['CVE-2014-3566-poodle']['ports']</tt></td>
    <td>Array</td>
    <td>Ports to check for vulnerability</td>
    <td><tt>['443','8443']</tt></td>
  </tr>
</table>

## Usage

### CVE-2014-3566-poodle::default

Include `CVE-2014-3566-poodle` in your node's `run_list`:

```json
{
  "run_list": [
    "recipe[CVE-2014-3566-poodle::default]"
  ]
}
```

## Testing
This cookbook includes a psuedo test suite.  The first 2 suites should pass as they test a blank instance and an instance with defaunt nginx.  The third squite should fail on all platforms as port 443 ssl is opened in Nginx.

## License and Authors

Author:: Mike Splain (<mike.splain@gmail.com>)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →