SWAMP Security Notification: Two High Risk Vulnerabilities
Dear SWAMP Users,
As you may be aware, recently there have been two high risk vulnerabilities that have been revealed.
- POODLE: SSLv3 vulnerability (CVE-2014-3566)
- Shellshock (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187)
The SWAMP Infrastructure team has disabled SSLv3 from all external facing SSL serving servers and/or devices. As for Shellshock, our team worked hard and had all servers patched within 4 hours of both the first and second round of patches that came out to fix the bash shell from the Shellshock vulnerability.
If you have any questions or comments, please don’t hesitate to contact the security team directly at firstname.lastname@example.org.
What is the POODLE: SSLv3 Vulnerability?
POODLE (CVE-2014-3566) stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. More details are available in the upstream OpenSSL advisory. POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3. It does not affect the newer encryption mechansim known as Transport Layer Security (TLS).
What is the shellshock vulnerability?
Shellshock (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187) is a vulnerability in GNU’s bash shell that gives attackers access to run remote commands on a vulnerable system. If your system has not updated bash in since Tuesday, September 30, 2014: 1:32PM EST (See patch history), you’re most definitely vulnerable and have been since first boot. This security vulnerability affects versions 1.14 (released in 1994) to the most recent version 4.3 according to NVD.
Thank you for your time,
SWAMP Security Team