OpenSSL Vulnerability

A new security issue in OpenSSL should be on the radar of your security team. While Stunnel and Apache are NOT affected, many many other packages appear to be. The issue allows denial of service and possibly remote code execution.

Patches for OpenSSL and many packages that use it are starting to roll in. Check with your favorite vendor on the issue for more information. The CVE is: CVE-2010-3864

HoneyPoint users who leverage black hole defenses should ensure that they have exposed port 443/tcp honeypoints and have dilated other common ports for their applications that might be vulnerable. Internal HoneyPoint users should already have these ports deployed, but if not, now is a good time to ensure that you have HoneyPoint coverage for any internal applications that might be using OpenSSL. Detecting scans and probes across the environment for this issue is highly suggested given the high number of impacted applications and platforms.

If you have any questions about this issue or the proper HoneyPoint deployment to detect probes and scans for it, please give us a call or drop us a line. We will be happy to discuss it and assist you.

Leave a Reply