{"id":1504,"date":"2014-10-15T19:00:38","date_gmt":"2014-10-15T10:00:38","guid":{"rendered":"http:\/\/www.skyarch.net\/blog\/?p=1504"},"modified":"2014-11-11T22:32:24","modified_gmt":"2014-11-11T13:32:24","slug":"sslv3-poodle%e8%84%86%e5%bc%b1%e6%80%a7%e5%af%be%e5%bf%9c","status":"publish","type":"post","link":"https:\/\/www.skyarch.net\/blog\/sslv3-poodle%e8%84%86%e5%bc%b1%e6%80%a7%e5%af%be%e5%bf%9c\/","title":{"rendered":"SSLv3 POODLE\u8106\u5f31\u6027\u5bfe\u5fdc"},"content":{"rendered":"<h4>2014\/10\/16 15:30 \u8ffd\u8a18\/\u7de8\u96c6\u3057\u307e\u3057\u305f<\/h4>\n<p>SSLv2\/3\u306b\u8106\u5f31\u6027\u304c\u898b\u3064\u304b\u308a\u307e\u3057\u305f\u3002POODLE\u3068\u547c\u3070\u308c\u3066\u5bfe\u7b56\u304c\u6025\u304c\u308c\u3066\u3044\u307e\u3059\u3002<br \/>\n(CVE-2014-3566) (CVE-2014-3513\/CVE-2014-3567\/CVE-2014-3568)<br \/>\n\u30a6\u30a7\u30d6\u30b5\u30fc\u30d0\u3067\u306f\u3001SSLv3\u3092\u5229\u7528\u3057\u306a\u3044\u3088\u3046\u306b\u8a2d\u5b9a\u5909\u66f4\u304c\u5f37\u304f\u63a8\u5968\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>Apache\u306e\u8a2d\u5b9a\u3067\u306f\u3001mod_ssl\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3042\u308c\u3070<br \/>\n\/etc\/httpd\/conf.d\/ssl.conf\u306e\u5185\u5bb9\u3092\u4e0b\u8a18\u306e\u3088\u3046\u306b\u5909\u66f4\u3057\u3001\u518d\u8d77\u52d5\u3092\u5b9f\u65bd\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nSSLProtocol all -SSLv2 -SSLv3\r\n<\/pre>\n<p>\u5bfe\u7b56\u51fa\u6765\u305f\u304b\u7c21\u5358\u306b\u8abf\u3079\u308b\u65b9\u6cd5\u3068\u3057\u3066\u3001\u4e0b\u8a18\u30b5\u30a4\u30c8\u304b\u3089\u30c1\u30a7\u30c3\u30af\u3059\u308b\u4e8b\u304c\u3067\u304d\u307e\u3057\u305f\u3002<br \/>\n<a href=\"https:\/\/www.ssllabs.com\/ssltest\/analyze.html\">https:\/\/www.ssllabs.com\/ssltest\/analyze.html<\/a><\/p>\n<p>\u7d9a\u3005\u3068\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u3092\u542b\u3081\u305f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u7b49\u3067\u3082\u5bfe\u51e6\u6cd5\u60c5\u5831\u304c\u51fa\u3066\u304f\u308b\u3068\u8003\u3048\u307e\u3059\u3002<br \/>\n\u30b9\u30ab\u30a4\u30a2\u30fc\u30c1\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u3067\u306f\u5bfe\u8c61\u306e\u6d17\u3044\u51fa\u3057\u3092\u5b9f\u65bd\u3057\u3064\u3064\u5bfe\u5fdc\u65b9\u6cd5\u306b\u3064\u3044\u3066\u306e\u691c\u8a0e\u3092\u5b9f\u65bd\u3057\u3066\u304a\u308a\u307e\u3059\u305f\u3081<br \/>\n\u304a\u5ba2\u69d8\u30b5\u30fc\u30d0\u306b\u3064\u304d\u307e\u3057\u3066\u3001\u4eca\u3057\u3070\u3089\u304f\u304a\u5f85\u3061\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3>AWS\u30a2\u30ca\u30a6\u30f3\u30b9<\/h3>\n<p><a href=\"http:\/\/aws.amazon.com\/jp\/security\/security-bulletins\/CVE-2014-3566-advisory\/?nc2=h_ls\">http:\/\/aws.amazon.com\/jp\/security\/security-bulletins\/CVE-2014-3566-advisory\/?nc2=h_ls<\/a><\/p>\n<p>\u4e0b\u8a18\u30b5\u30fc\u30d3\u30b9\u306e\u5bfe\u51e6\u65b9\u6cd5\u304c\u8a18\u8f09\u3057\u3066\u3042\u308a\u307e\u3057\u305f\u3002<br \/>\n1. Amazon Linux AMI (EC2)<br \/>\n\u73fe\u5728\u3001\u6e96\u5099\u4e2d\u306e\u305f\u3081\u30d1\u30c3\u30c1\u7b49\u306e\u60c5\u5831\u306f\u307e\u305f\u9023\u7d61\u304c\u3042\u308b\u3068\u306e\u3053\u3068\u3067\u3059<br \/>\n2. Amazon Elastic Load Balancing<br \/>\nSSLv3\u306e\u7121\u52b9\u5316\u51e6\u7406\u3092\u4e0a\u8a18\u30ea\u30f3\u30af\u5148\u3092\u53c2\u8003\u306b\u5b9f\u65bd\u3057\u307e\u3059<br \/>\n3. Amazon CloudFront<br \/>\n\u72ec\u81ea\u306eSSL\u8a3c\u660e\u66f8\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306f\u3001\u4e0a\u8a18\u30ea\u30f3\u30af\u5148\u3092\u53c2\u8003\u306bSSLv3\u306e\u7121\u52b9\u5316\u51e6\u7406\u3092\u5b9f\u65bd\u3057\u307e\u3059\u3002<\/p>\n<p>10\/15 19:30\u3053\u3061\u3089\u306e\u30da\u30fc\u30b8\u3092\u898b\u3064\u3051\u307e\u3057\u305f<br \/>\n<a href=\"https:\/\/alas.aws.amazon.com\/ALAS-2014-426.html\">https:\/\/alas.aws.amazon.com\/ALAS-2014-426.html<\/a><br \/>\n\u65b0\u3057\u304f\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u7acb\u3066\u308b\u3068\u3001\u4e0a\u8a18\u30ea\u30f3\u30af\u5148\u8a18\u8f09\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3068\u306a\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002<br \/>\nchangelog \u3092\u898b\u308b\u3068\u5bfe\u5fdc\u51fa\u6765\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u306d\u3001AWS\u5bfe\u5fdc\u65e9\u3059\u304e\u3067\u3059\u3002<\/p>\n<p>2014\/10\/16 \u4e0b\u8a18\u3088\u308a\u3082\u65b0\u3057\u3044 openssl-1.0.1j-1.80.amzn1.x86_64 \u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# rpm -qa | grep openssl\r\nopenssl-1.0.1i-1.79.amzn1.x86_64\r\n\r\n# rpm -q --changelog openssl-1.0.1i-1.79.amzn1.x86_64\r\n* Wed Oct 15 2014 Cristian Gafton &lt;gafton@amazon.com&gt;\r\n- add patch for CVE-2014-3566 (Padding Oracle On Downgraded Legacy Encryption attack)\r\n...\r\n\r\n# rpm -qi openssl-1.0.1i-1.79.amzn1.x86_64\r\nName        : openssl\r\nEpoch       : 1\r\nVersion     : 1.0.1i\r\nRelease     : 1.79.amzn1\r\nArchitecture: x86_64\r\nInstall Date: Wed 15 Oct 2014 11:17:06 AM UTC\r\nGroup       : System Environment\/Libraries\r\nSize        : 3733137\r\nLicense     : OpenSSL\r\nSignature   : RSA\/SHA256, Wed 15 Oct 2014 05:29:44 AM UTC, Key ID bcb4a85b21c0f39f\r\nSource RPM  : openssl-1.0.1i-1.79.amzn1.src.rpm\r\nBuild Date  : Wed 15 Oct 2014 05:13:24 AM UTC\r\nBuild Host  : build-64002.build\r\nRelocations : (not relocatable)\r\nPackager    : Amazon.com, Inc. &lt;http:\/\/aws.amazon.com&gt;\r\nVendor      : Amazon.com\r\nURL         : http:\/\/www.openssl.org\/\r\nSummary     : Utilities from the general purpose cryptography library with TLS implementation\r\nDescription :\r\nThe OpenSSL toolkit provides support for secure communications between\r\nmachines. OpenSSL includes a certificate management tool and shared\r\nlibraries which provide various cryptographic algorithms and\r\nprotocols.\r\n<\/pre>\n<h3>\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u30a2\u30ca\u30a6\u30f3\u30b9<\/h3>\n<p><a href=\"https:\/\/technet.microsoft.com\/ja-jp\/library\/security\/3009008\">https:\/\/technet.microsoft.com\/ja-jp\/library\/security\/3009008<\/a><\/p>\n<h3>\u767a\u8868\u3068\u5bfe\u7b56<\/h3>\n<h4>Redhat<\/h4>\n<ol>\n<li>POODLE<br \/>\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2014-3566<\/li>\n<li>MemLeak<br \/>\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2014-3513<br \/>\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2014-3567<br \/>\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2014-3568<\/li>\n<\/ol>\n<h4>AWS<\/h4>\n<ol>\n<li>POODLE<br \/>\nhttps:\/\/alas.aws.amazon.com\/ALAS-2014-426.html<\/li>\n<li>MemLeak<br \/>\nhttps:\/\/alas.aws.amazon.com\/ALAS-2014-427.html<\/li>\n<\/ol>\n<h3>\u308f\u304b\u308a\u3084\u3059\u304f\u307e\u3068\u307e\u3063\u3066\u3044\u308b\u8a18\u4e8b<\/h3>\n<p>Classmethod\u69d8<br \/>\n<a href=\"http:\/\/dev.classmethod.jp\/cloud\/aws\/cve-2014-3566-poodle-issue\/\">http:\/\/dev.classmethod.jp\/cloud\/aws\/cve-2014-3566-poodle-issue\/<\/a><\/p>\n<p>askubuntu \u5404\u7a2e\u30df\u30c9\u30eb\u30a6\u30a7\u30a2\u306e\u30b3\u30f3\u30d5\u30a3\u30b0\u5909\u66f4\u65b9\u6cd5\u3082\u7d39\u4ecb\u3055\u308c\u3066\u3044\u307e\u3059<br \/>\n<a href=\"http:\/\/askubuntu.com\/questions\/537196\/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566\">http:\/\/askubuntu.com\/questions\/537196\/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>2014\/10\/16 15:30 \u8ffd\u8a18\/\u7de8\u96c6\u3057\u307e\u3057\u305f SSLv2\/3\u306b\u8106\u5f31\u6027\u304c\u898b\u3064\u304b\u308a\u307e\u3057\u305f\u3002POODLE\u3068\u547c\u3070\u308c\u3066\u5bfe\u7b56\u304c\u6025\u304c\u308c\u3066\u3044\u307e\u3059\u3002 (CVE-2014-3566) (CVE-2014-3513\/CVE-2014-&#8230;<\/p>\n","protected":false},"author":1,"featured_media":438,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_locale":"","_original_post":"","footnotes":""},"categories":[29,30,72],"tags":[],"class_list":{"0":"post-1504","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-linux","8":"category-windows","9":"category-vulnerable","10":"ja"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/1504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/comments?post=1504"}],"version-history":[{"count":10,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/1504\/revisions"}],"predecessor-version":[{"id":1521,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/1504\/revisions\/1521"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media\/438"}],"wp:attachment":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media?parent=1504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/categories?post=1504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/tags?post=1504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}