STRONG Drown vulnerability

You are here: Index > Webuzo > General Support > Topic : STRONG Drown vulnerability

Threaded Mode | Print

STRONG Drown vulnerability (3 Replies, Read 3931 times)

peopleinside	# March 6, 2016, 3:41 pm
Group: Member Post Group: Super Member Posts: 1394 Status: Open source, web and security passionate	In those day a very strong vulnerability was discover. https://access.redhat.com/security/vulnerabilities/drown Just let Webuzo Team aware of this. For the moment I have no more info. I AM investigating how to remove this vulnerability. ----------------------- PeopleInside Web, security, open source passionate.
IP: --

STRONG Drown vulnerability

peopleinside	# March 6, 2016, 4:32 pm \| Post: 1
Group: Member Post Group: Super Member Posts: 1394 Status: Open source, web and security passionate	Are you infected? TEST IT: Test 1: https://www.ssllabs.com/ssltest/ Test 2: https://test.drownattack.com/ Now we have to understand if Webuzo Team MUST release immediately an update. This is flagged as very Hight security issue... or if is misconfiguration of user but I think is not this. ----------------------- PeopleInside Web, security, open source passionate.
IP: --

STRONG Drown vulnerability

nikhil89	# March 8, 2016, 1:08 pm \| Post: 2
Group: Softaculous Team Post Group: Elite Member Posts: 467 Status:	Hi, We have added the latest exim rpm into our repository. To resolve this issue you will now have to re-install exim on your server. Please let us know if you need any further information. We will be happy to help you.
IP: --

STRONG Drown vulnerability

peopleinside	# March 8, 2016, 1:11 pm \| Post: 3
Group: Member Post Group: Super Member Posts: 1394 Status: Open source, web and security passionate	This is now solved. For fix this issue you should backup your Exim configuration. You can do this by using FTPS and download Exim folder in etc or you can just backup the file exim.conf After that you need go on Webuzo, Apps and search Exim than remove exim. If you have customized Exim you will loose customized settings, this is why backup is important. After removing, please reinstall it. Now in exim.conf under tls_certificate = /etc/pki/tls/certs/exim.pem tls_privatekey = /etc/pki/tls/private/exim.pem you can add this row: openssl_options = +no_sslv2 +no_sslv3 than exit and restart exim You are safe now Many thanks to CentOs support, RedHat support and Webuzo Team... and also to me who discovered this and also new vulnerability in this week end. ----------------------- PeopleInside Web, security, open source passionate.
IP: --

« Previous Next »

Threaded Mode | Print

Jump To :

Users viewing this topic
	1 guests, 0 users.

All times are GMT. The time now is April 29, 2024, 9:54 pm.

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.

Queries: 10 | Page Created In:0.025