欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

OpenSSL DROWN溺亡漏洞的检测及修复方法分析

程序员文章站 2022-07-04 11:47:00
 一、漏洞描述: 现在流行的服务器和客户端使用TLS加密,SSL和TLS协议保证用户上网冲浪,购物,即时通信而不被第三方读取到。DROWN(溺亡)漏洞允许攻击者破坏这个加...

 一、漏洞描述: 现在流行的服务器和客户端使用TLS加密,SSL和TLS协议保证用户上网冲浪,购物,即时通信而不被第三方读取到。DROWN(溺亡)漏洞允许攻击者破坏这个加密体系,通过“中间人劫持攻击”读取或偷取敏感通信,包括密码,信用卡帐号,商业机密,金融数据等。

二、漏洞影响: 
大部分支持SSLv2的服务器均会受到该漏洞影响,比如启用了ssl、tls加密的web服务器、邮件服务器。

三、检测方法: 
你也可使用检测工具检查,下载地址: 
https://github.com/nimia/public_drown_scanner

四、修复方法: 
确保你的私钥不适用于其他的支持sslv2服务,包括web,smtp,imap,pop服务等。禁止服务器端的sslv2支持。如果是Openssl,请查看OpenSSL官方给出的修复指南。 
https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

如果是nginx服务器直接在nginx.conf配置文件中去掉ssl_protocols SSLv2的支持。

示例: 
[root@yn_vm_dev46 public_drown_scanner]# yum install python-virtualenv

[root@yn_vm_dev46 public_drown_scanner]# virtualenv drown 
New python executable in drown/bin/python 
Installing Setuptools………………………………………………………………………………………done. 
Installing Pip……………………………………………………………………………………………………….done.
[root@yn_vm_dev46 public_drown_scanner]# 
[root@yn_vm_dev46 public_drown_scanner]# 
[root@yn_vm_dev46 public_drown_scanner]# cd drown/ 
[root@yn_vm_dev46 drown]# ls 
bin include lib lib64 
[root@yn_vm_dev46 drown]# ./bin/activate 
-bash: ./bin/activate: Permission denied 
[root@yn_vm_dev46 drown]# . ./bin/activate 
(drown)[root@yn_vm_dev46 drown]# 
(drown)[root@yn_vm_dev46 drown]# 
(drown)[root@yn_vm_dev46 drown]# pip install enum pycrypto scapy pyasn1 scapy-ssl_tls

(drown)[root@yn_vm_dev46 drown]# python /root/public_drown_scanner/scanner.py www.com 443 
Testing www.com on port 443 
www.com: Server is vulnerable, with cipher RC2_128_CBC_EXPORT40_WITH_MD5

www.com: Server is vulnerable, with cipher RC4_128_EXPORT40_WITH_MD5

www.com: Case 7; Symmetric key did not successfully verify on server finished message 
www.com: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 7: no tls

www.com: Server is vulnerable, with cipher DES_64_CBC_WITH_MD5

(drown)[root@yn_vm_dev46 drown]# python /root/public_drown_scanner/scanner.py www.com 443 
Testing www.com on port 443 
www.com: Case 3b; Connection reset by peer when waiting for server hello 
www.com: Server is NOT vulnerable with cipher RC2_128_CBC_EXPORT40_WITH_MD5, Message: 3b: no tls

www.com: Case 3b; Connection reset by peer when waiting for server hello 
www.com: Server is NOT vulnerable with cipher RC4_128_EXPORT40_WITH_MD5, Message: 3b: no tls

www.com: Case 3b; Connection reset by peer when waiting for server hello 
www.com: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 3b: no tls

www.com: Case 3b; Connection reset by peer when waiting for server hello 
www.com: Server is NOT vulnerable with cipher DES_64_CBC_WITH_MD5, Message: 3b: no tls