labunix's blog

labunixのラボUnix

wheezyのCVE-2014-0224について、「ssltest」「OSSL_CCS_InjectTest.py」で対策済み判定

■「CVE-2014-0224」のテスト
 昨日の続き。

 Wheezyの「CVE-2014-0224」は修正出来ていない?
 http://labunix.hateblo.jp/entry/20140609/1402321124

 Detection Script for CVE-2014-0224 (OpenSSL CCS Injection)
 http://www.tripwire.com/state-of-security/incident-detection/detection-script-for-cve-2014-0224-openssl-cipher-change-spec-injection/

■pythonのテストツール「OSSL_CCS_InjectTest.py」を使ってみる。

$ URL="http://www.tripwire.com/state-of-security/wp-content/uploads/2014/06/"; \
  TARGET="OSSL_CCS_InjectTest1.zip"; \
  wget ${URL}${TARGET}; \
  test -f ${TARGET} && ${TARGET}

$ python OSSL_CCS_InjectTest.py localhost
***CVE-2014-0224 Detection Tool v0.2***
Brought to you by Tripwire VERT (@TripwireVERT)
[TLSv1.2] localhost:443 Invalid handhsake.
[TLSv1.1] localhost:443 Invalid handhsake.
[TLSv1] localhost:443 Invalid handhsake.
[SSLv3] localhost:443 Invalid handhsake.
No need to patch.

■今度は「ssltest」。

$ wget https://gist.githubusercontent.com/sh1n0b1/10100394/raw/4f24ff250124a03ad2d3d6010b6402c3a483d2f3/ssltest.py
$ python ssltest.py -p 443 127.0.0.1
Connecting...
Sending Client Hello...
Waiting for Server Hello...
Unexpected EOF receiving record payload - server closed connection
Server closed connection without sending Server Hello.

■「ccsinjection.c」をベースにしたnmapスクリプトを使ってみるが、これは失敗

$ NMAPDIR=/usr/share/nmap; \
  UNIQ=`date '+%s'`
  cd $NMAPDIR; \
  if [ "$?" -eq "0" ];then \
    test -f scripts/tls-nextprotoneg.nse && sudo mv scripts/tls-nextprotoneg.nse tls-nextprotoneg.nse.back_$UNIQ; \
    sudo wget -O scripts/tls-nextprotoneg.nse "https://svn.nmap.org/nmap/scripts/tls-nextprotoneg.nse"; \
    test -f scripts/ssl-ccs-injection.nse && sudo mv scripts/ssl-ccs-injection.nse ssl-ccs-injection.nse.back_$UNIQ; \
    sudo wget -O scripts/ssl-ccs-injection.nse "http://seclists.org/nmap-dev/2014/q2/att-438/ssl-ccs-injection.nse"; \
    test -f nselib/tls.lua && sudo mv nselib/tls.lua tls.lua.back_$UNIQ; \
    sudo wget -O nselib/tls.lua "https://svn.nmap.org/nmap/nselib/tls.lua"; \
    test -f nselib/nse_main.lua && sudo mv nselib/nse_main.lua nse_main.lua.back_$UNIQ; \
    sudo wget -O nselib/nse_main.lua "https://svn.nmap.org/nmap/nse_main.lua"; \
    sudo nmap --script-updatedb; \
  fi
...
Starting Nmap 6.00 ( http://nmap.org ) at 2014-06-10 23:26 JST
NSE: Updating rule database.
NSE: Failed to load /usr/bin/../share/nmap/scripts//ssl-ccs-injection.nse:
...usr/bin/../share/nmap/scripts//ssl-ccs-injection.nse:12: This script requires tls.lua from http://nmap.org/nsedoc/lib/tls.html
stack traceback:
	[C]: in function 'assert'
	...usr/bin/../share/nmap/scripts//ssl-ccs-injection.nse:12: in main chunk
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:442: could not load script
stack traceback:
	[C]: in function 'error'
	/usr/bin/../share/nmap/nse_main.lua:442: in function 'new'
	/usr/bin/../share/nmap/nse_main.lua:1089: in main chunk
	[C]: ?

QUITTING!

■今日はここまで。