welcome to netwrkspider

Wednesday, April 9, 2014

How to: patch openssl Heartbleed vulnerablities & Compile latest openssl-1.0.1g on Ubuntu/ Centos / Redhat Server

# How to: compile openssl-1.0.1g on Ubuntu/ Centos / Redhat Server

Security issue : Heartbleed: Serious OpenSSL zero day vulnerability revealed.

A major new security vulnerability dubbed Heartbleed was disclosed Monday night with severe implications for the entire Web. The bug can scrape a server's memory, where sensitive user data is stored, including private data such as usernames, passwords, and credit card numbers.

#Exploit Code and Doc by R3d4l3rt Team.

http://training.nshc.net/KOR/Document/vuln/20140409_CVE-2014-0160_OpenSSL.pdf

#Download The Exploit code which is written in python : Heartbleed-exploit-code.py



# Check out your website Vulnerablities from below URL : 

http://filippo.io/Heartbleed/#

#Upgrade your OpenSSL 

Download the Latest Source from : http://www.openssl.org/source/

# Download the Latest tar ball of openssl from below cmd.

root@netwrkspider:~# wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz

#Configure Openssl with Compiler (Select your Compiler )

root@netwrkspider:/usr/local/src/openssl-1.0.1g# ./Configure
Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]

pick os/compiler from:
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-pre1.3 DJGPP MPE/iX-gcc OS2-EMX
OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32
VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android
android-armv7 android-x86 aux3-gcc beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc
cray-j90 cray-t3e darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc
darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-cc
hpux-gcc hpux-ia64-cc hpux-ia64-gcc hpux-parisc-cc hpux-parisc-cc-o4
hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc hpux-parisc2-cc
hpux-parisc2-gcc hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc
hpux64-parisc2-gcc hurd-x86 iphoneos-cross irix-cc irix-gcc irix-mips3-cc
irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-alpha+bwx-ccc
linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-armv4
linux-elf linux-generic32 linux-generic64 linux-ia32-icc linux-ia64
linux-ia64-ecc linux-ia64-icc linux-ppc linux-ppc64 linux-sparcv8
linux-sparcv9 linux-x86_64 linux32-s390x linux64-s390x linux64-sparcv9 mingw
mingw64 ncr-scde netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc
netware-clib-gcc netware-libc netware-libc-bsdsock netware-libc-bsdsock-gcc
netware-libc-gcc newsos4-gcc nextstep nextstep3.3 osf1-alpha-cc osf1-alpha-gcc
purify qnx4 rhapsody-ppc-cc sco5-cc sco5-gcc solaris-sparcv7-cc
solaris-sparcv7-gcc solaris-sparcv8-cc solaris-sparcv8-gcc solaris-sparcv9-cc
solaris-sparcv9-gcc solaris-x86-cc solaris-x86-gcc solaris64-sparcv9-cc
solaris64-sparcv9-gcc solaris64-x86_64-cc solaris64-x86_64-gcc sunos-gcc
tandem-c89 tru64-alpha-cc uClinux-dist uClinux-dist64 ultrix-cc ultrix-gcc
unixware-2.0 unixware-2.1 unixware-7 unixware-7-gcc vos-gcc vxworks-mips
vxworks-ppc405 vxworks-ppc60x vxworks-ppc750 vxworks-ppc750-debug
vxworks-ppc860 vxworks-ppcgen vxworks-simlinux debug debug-BSD-x86-elf
debug-Cygwin debug-VC-WIN32 debug-VC-WIN64A debug-VC-WIN64I debug-ben
debug-ben-darwin64 debug-ben-debug debug-ben-debug-64 debug-ben-macos
debug-ben-macos-gcc46 debug-ben-no-opt debug-ben-openbsd
debug-ben-openbsd-debug debug-ben-strict debug-bodo debug-darwin-i386-cc
debug-darwin-ppc-cc debug-geoff32 debug-geoff64 debug-levitte-linux-elf
debug-levitte-linux-elf-extreme debug-levitte-linux-noasm
debug-levitte-linux-noasm-extreme debug-linux-elf debug-linux-elf-noefence
debug-linux-generic32 debug-linux-generic64 debug-linux-ia32-aes
debug-linux-pentium debug-linux-ppro debug-linux-x86_64 debug-rse
debug-solaris-sparcv8-cc debug-solaris-sparcv8-gcc debug-solaris-sparcv9-cc
debug-solaris-sparcv9-gcc debug-steve-opt debug-steve32 debug-steve64
debug-ulf debug-vos-gcc

NOTE: If in doubt, on Unix-ish systems use './config'.

# On ubuntu : Execute the below command  to compile latest 


root@netwrkspider:~# ./config

root@netwrkspider:~# make depend



root@netwrkspider:~# make install

cp libcrypto.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc
cp libssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc







#Alternate Installation from repo : 

1 ) Update your System :

a ) Ubuntu  :  sudo apt-get update or or sudo apt-get dist-upgrade
b ) Centos :  yum update or yum update openssl
c ) Fedora : 

64 Bit 
yum -y install koji
koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm

32Bit
yum -y install koji
koji download-build --arch=i686 openssl-1.0.1e-37.fc19.1

yum localinstall openssl-1.0.1e-37.fc19.1.i686.rpm

Note : After you finished, just reboot your machine.














No comments: