Developers Documentation

×

Warning

0 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


CVE 2016-2183

'The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.'

ClearCenter response

This issue affects ClearOS 7 and ClearOS 6. The fix here is to prefer other encryption methods above 3DES but leave 3DES support for compatibility reasons.

Short response

This issue was addressed in the backported fixes of versions of:

  • openssl version 1.0.1e-51 and later in ClearOS 7

The attack requires that the attack collect data on a 3DES connection made by older machines that require 3DES. Updating client systems mitigates this risk while keeping backwards compatibility.

Long response

This issue was addressed in the backported fixes of versions of:

  • openssl version 1.0.1e-51 and later in ClearOS 7

Any attack using this method requires that the attack collect data on a 3DES connection made by older machines that require 3DES. Since 3DES is not preferred and should not be present except for compatibility reasons, updating client systems mitigates this risk while keeping backwards compatibility.

Resolution

Make sure that client access devices are up to date and do not require older protocols to function. If you are running ClearOS 7, please ensure that you are running the latest updates:

yum update

You may also validate your version by running:

rpm -qi httpd

You should validate that you are running:

ClearOS 7
  • openssl version 1.0.1e-51 or later
ClearOS 6

Users of ClearOS 6 should update to ClearOS 7 to address risks presented by this flaw.

content/en_us/announcements_cve_cve-2016-2183.txt · Last modified: 2018/10/03 07:19 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Aannouncements_cve_cve-2016-2183&1568839099