CloudStack and the HeartBleed vulnerability
Upcoming SlideShare
Loading in...5
×
 

CloudStack and the HeartBleed vulnerability

on

  • 496 views

Slides from my talk about how the HeartBleed OpenSSL vulnerability affects Apache CloudStack and how to mitigate the vulnerability. From CloudStack Collaboration Conference 2014 in Denver, CO

Slides from my talk about how the HeartBleed OpenSSL vulnerability affects Apache CloudStack and how to mitigate the vulnerability. From CloudStack Collaboration Conference 2014 in Denver, CO

Statistics

Views

Total Views
496
Views on SlideShare
492
Embed Views
4

Actions

Likes
0
Downloads
17
Comments
0

3 Embeds 4

http://www.slideee.com 2
https://twitter.com 1
http://poweroverprocrastination.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CloudStack and the HeartBleed vulnerability CloudStack and the HeartBleed vulnerability Presentation Transcript

  • CloudStack and “HeartBleed”
  • We’re here to talk about…
  • What is Vulnerable • Apache CloudStack 4.2 – 4.3 • SystemVMs have vulnerable version of OpenSSL installed • In particular, SSVM is running vulnerable services View slide
  • FRIENDS DON’T LET FRIENDS USE REALHOSTIP View slide
  • Status • Apache CloudStack has issued patch instructions • We’re working on updated SystemVM templates
  • How to patch • ssh to SystemVM • apt-get update • apt-get install openssl libssl1.0.0 • /etc/init.d/apache2 restart
  • How to verify dpkg -l|grep ssl ii libssl1.0.0:i386 1.0.1e-2+deb7u6 i386 SSL shared libraries ii openssl 1.0.1e-2+deb7u6 i386 Secure Socket Layer (SSL) binary
  • External tests • http://filippo.io/Heartbleed/ • https://gist.github.com/takeshixx/10107280 - run yourself
  • Honeypot Using http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt $ sudo perl heartbleed_honeypot.pl 182.118.60.51 182.118.60.51 182.118.60.51 182.118.60.51
  • Honeypot sniff
  • Honeypot sniff
  • Honeypot sniff
  • ASF Infrastructure team: “Thank you for your patience while we have worked to sort this out. We expect to reset all LDAP passwords within the next 48 hours or so, so do not be alarmed when your password stops working.”
  • kthxbye! • http://cloudstack.apache.org jlk@stratosec.co @johnlkinsella