■「CVE-2014-0224」のテスト 昨日の続き。 Wheezyの「CVE-2014-0224」は修正出来ていない? http://labunix.hateblo.jp/entry/20140609/1402321124 Detection Script for CVE-2014-0224 (OpenSSL CCS Injection) http://www.tripwire.com/state-of-security/incident-detection/detection-script-for-cve-2014-0224-openssl-cipher-change-spec-injection/ ■pythonのテストツール「OSSL_CCS_InjectTest.py」を使ってみる。 $ URL="http://www.tripwire.com/state-of-security/wp-content/uploads/2014/06/"; \ TARGET="OSSL_CCS_InjectTest1.zip"; \ wget ${URL}${TARGET}; \ test -f ${TARGET} && ${TARGET} $ python OSSL_CCS_InjectTest.py localhost ***CVE-2014-0224 Detection Tool v0.2*** Brought to you by Tripwire VERT (@TripwireVERT) [TLSv1.2] localhost:443 Invalid handhsake. [TLSv1.1] localhost:443 Invalid handhsake. [TLSv1] localhost:443 Invalid handhsake. [SSLv3] localhost:443 Invalid handhsake. No need to patch. ■今度は「ssltest」。 $ wget https://gist.githubusercontent.com/sh1n0b1/10100394/raw/4f24ff250124a03ad2d3d6010b6402c3a483d2f3/ssltest.py $ python ssltest.py -p 443 127.0.0.1 Connecting... Sending Client Hello... Waiting for Server Hello... Unexpected EOF receiving record payload - server closed connection Server closed connection without sending Server Hello. ■「ccsinjection.c」をベースにしたnmapスクリプトを使ってみるが、これは失敗 $ NMAPDIR=/usr/share/nmap; \ UNIQ=`date '+%s'` cd $NMAPDIR; \ if [ "$?" -eq "0" ];then \ test -f scripts/tls-nextprotoneg.nse && sudo mv scripts/tls-nextprotoneg.nse tls-nextprotoneg.nse.back_$UNIQ; \ sudo wget -O scripts/tls-nextprotoneg.nse "https://svn.nmap.org/nmap/scripts/tls-nextprotoneg.nse"; \ test -f scripts/ssl-ccs-injection.nse && sudo mv scripts/ssl-ccs-injection.nse ssl-ccs-injection.nse.back_$UNIQ; \ sudo wget -O scripts/ssl-ccs-injection.nse "http://seclists.org/nmap-dev/2014/q2/att-438/ssl-ccs-injection.nse"; \ test -f nselib/tls.lua && sudo mv nselib/tls.lua tls.lua.back_$UNIQ; \ sudo wget -O nselib/tls.lua "https://svn.nmap.org/nmap/nselib/tls.lua"; \ test -f nselib/nse_main.lua && sudo mv nselib/nse_main.lua nse_main.lua.back_$UNIQ; \ sudo wget -O nselib/nse_main.lua "https://svn.nmap.org/nmap/nse_main.lua"; \ sudo nmap --script-updatedb; \ fi ... Starting Nmap 6.00 ( http://nmap.org ) at 2014-06-10 23:26 JST NSE: Updating rule database. NSE: Failed to load /usr/bin/../share/nmap/scripts//ssl-ccs-injection.nse: ...usr/bin/../share/nmap/scripts//ssl-ccs-injection.nse:12: This script requires tls.lua from http://nmap.org/nsedoc/lib/tls.html stack traceback: [C]: in function 'assert' ...usr/bin/../share/nmap/scripts//ssl-ccs-injection.nse:12: in main chunk NSE: failed to initialize the script engine: /usr/bin/../share/nmap/nse_main.lua:442: could not load script stack traceback: [C]: in function 'error' /usr/bin/../share/nmap/nse_main.lua:442: in function 'new' /usr/bin/../share/nmap/nse_main.lua:1089: in main chunk [C]: ? QUITTING! ■今日はここまで。