ã¡ãã£ã¢èšäº
OpenSSLã§å²äž2床ç®ã®ãèŽåœçãã¬ãã«ã®è匱æ§ãçºèŠãããã2022幎11æ1æ¥å€éã«ä¿®æ£çããªãªãŒã¹ãããããå³æŽæ°ã
ããºãææ°ããŒã¯ 443
twitterã³ã¡ã³ã 179ä»¶äž 1ïœ100件
ãã¡ã®ç°å¢ã¯å
šéš1ç³»ã£ãœããã倧äžå€«ããª
å¯ãããšæã£ãããŸãã£ãŠããã
ããã¯éææ¥å¿ãããªãããããããªâŠ
ããŒ
ããã¯éææ¥å¿ãããªãããããããªâŠ
ããŒ
ãªããorensslã£ãŠããŒã¯ãŒããæµããŠããããäºæ³ã¯ããŠããã©ããã£ã±ããããã
CriticalãšèŠãŠãäžç¬é ããããããŸããã
3ç³»ã®ã¿ãHighã«ä¿®æ£ããããšã®ããšã§ã»ã£ãšäžæ¯ãªæ¹ã¯å€ãã®ã§ã¯ãªãã§ããããã
ä»ããã©ããŠã§ã§ã䜿ãããŠãŸãããããçŽæ¥çã§ãªããŠãã
3ç³»ã®ã¿ãHighã«ä¿®æ£ããããšã®ããšã§ã»ã£ãšäžæ¯ãªæ¹ã¯å€ãã®ã§ã¯ãªãã§ããããã
ä»ããã©ããŠã§ã§ã䜿ãããŠãŸãããããçŽæ¥çã§ãªããŠãã
ãŸãããŒ
VMã€ã³ã¹ã¿ã³ã¹æŽæ°ããªããš
VMã€ã³ã¹ã¿ã³ã¹æŽæ°ããªããš
倧äºã«ãªããããª
ãªã€ã£ãŠãããã
å²äžïŒåºŠç®ã®èŽåœçè匱æ§ã ãããªãã§ã»ã»
VPSãšãã¯ã©ãŠããµãŒããŒã®ã䜿ãã®æ¹ã¢ããããŒãå¿ é ã§ãã
VPSãšãã¯ã©ãŠããµãŒããŒã®ã䜿ãã®æ¹ã¢ããããŒãå¿ é ã§ãã
ã詳现ãªåæã®çµæãé倧床ãHIGH(CRITICALã®1段éäž)ã«åŒãäžãããã«ããããããã»ã³ã»ãŒã·ã§ãã«ãªèŠåºãã¯ãã®ãŸãŸã§ãã¹ãªãŒããç
œãç¶ããGIGAZINE
åããã±ãŒãžãã§å§ããã¿ããã§ããã
å€ããµãŒããŒã ãšããªãã€ããã£ãœãé°å²æ°
ð»IDEMAãHPãã
åé¡ïŒ çºèŠãããã
2022幎11æ1æ¥å€éã«ä¿®æ£çããªãªãŒã¹ãããããå³æŽæ°ã
åé¡ïŒ çºèŠãããã
2022幎11æ1æ¥å€éã«ä¿®æ£çããªãªãŒã¹ãããããå³æŽæ°ã
ãã®Heartbleedã«ç¶ããŠå²äž2çªç®ãã ããã
å€åããªãã®å²åã§ç
é¢ã®ITæ©åšé¡ã®ãªã¢ãŒãæäœã«äœ¿ãããŠããœãããªã®ã§ãä»ä¿å®ã«å
¥ã£ãŠãæ¥è
ã«ç¢ºèªããæ¹ãããã¬ãã«ã ãšæããŸã
管çè
ã®çãããã¡ã€ãïœ(^_^;
11/1 ã«çºè¡šããã ã® High ãªè匱æ§ã¯ v3 ç³»ã®åé¡ã
㪠ãšãã§ã€ã³ã¹ããŒã«ãããã®ã¯ 1.0.2k ãªã®ã§é¢ä¿ãªãã
sudo yum list installed
ã§ç¢ºèªããã
㪠ãšãã§ã€ã³ã¹ããŒã«ãããã®ã¯ 1.0.2k ãªã®ã§é¢ä¿ãªãã
sudo yum list installed
ã§ç¢ºèªããã
ããã
çµæ§éããªè匱æ§ã®ããŒã€
ãŸããããããã
ãšã³ãžãã¢ã ããã®ç€Ÿå ã§ã泚æåèµ·ããã
ãšã³ãžãã¢ã ããã®ç€Ÿå ã§ã泚æåèµ·ããã
ãããã°ããªã
ãã¹ãwww
OpenSSLã¯æ§ã
ãªæå·ã«é¢ããã©ã€ãã©ãªæ©èœãæã¡ãäžçäžã®ãµãŒãã§å©çšãããŠããŸããç°¡åã«æªçšã§ããè匱æ§ãšãªããšå±éºåºŠã¯é«ãã§ãã
(ïŒã»âã»)
OpenSSLã§çµæ§ãã°ãã®è匱æ§ãèŠã€ãã£ãã¿ããã§ããã該åœããŒãžã§ã³äœ¿ã£ãŠãå Žåã¯å¯Ÿå¿ããªããšã§ããã
OpenSSL1ç³»ã ã£ãã倧éšãã ã£ãã
ãããâŒ
ã¯ããŒãHeartbleed以æ¥ã®ãããªèŽåœçãªè匱æ§ãåºããã ã
æ ã·ã¹ã®äººã倧å€ãã(;ÂŽÐïœ)
æ ã·ã¹ã®äººã倧å€ãã(;ÂŽÐïœ)
ããã£ð€
Ver3ç³»ãã¢ãŠããã
ããã¯çµå± HIGH ã«äžæ¹ä¿®æ£ãããããã
OpenSSLã«äŸåããããã±ãŒãžå²ãšããã®ã§ãåçŽã«ã³ãã³ãã§ã¢ããããŒããããšä»ã®ããã±ãŒãžã®äžå
·åãããå²ãšããããã ãèŸããã€ãããïŒ
ããã倧å€ã ãšæã£ãŠæå
ã®ç°å¢ãèŠããå
šéš1ç³»ã ã£ã
解æ£
解æ£
ä»æ¥ãäŒã¿ããŠããã§ããïŒïŒç¢ºå®ã«ä¿®çŸ
å ŽãèŠãã
ããããã¯ããã®è匱æ§ã¯Heartbleed以æ¥ä¹
ãã¶ãã ãªã
ã»ãããããã
ãã家ã®opensslã¯1.xç³»ã ã£ããããã£ã...
ãã家ã®opensslã¯1.xç³»ã ã£ããããã£ã...
ãããã°ãªãïŒ
çµæ§å€§å€ãªãã ããªâŠ
OpenSSLã®updateã
OpenSSLã®updateã
* OpenSSL-2022/software at main · NCSC-NL/OpenSSL-2022
*
*
âOpenSSLã¯ããŒãžã§ã³3ç³»ãšäžŠè¡ããŠããŒãžã§ã³1ç³»ãã¡ã³ããã³ã¹ãããŠããŸãããããŒãžã§ã³1ç³»ã¯ä»åçºèŠãããè匱æ§ã®åœ±é¿ãåããªããšã®ããšã§ãâ
OpenSSLã®è匱æ§ã«ã€ããŠç¢ºèªããŠãã
ãOpenSSLã¯ããŒãžã§ã³3ç³»ãšäžŠè¡ããŠããŒãžã§ã³1ç³»ãã¡ã³ããã³ã¹ãããŠããŸãããããŒãžã§ã³1ç³»ã¯ä»åçºèŠãããè匱æ§ã®åœ±é¿ãåããªãããšã®ããšã
RHEL 7ãš8ã¯1.xç³»ãªã®ã§å€§äžå€«ããã§ãRHEL 9ã¯3.xç³»ãªã®ã§åœ±é¿åãããã
ãOpenSSLã¯ããŒãžã§ã³3ç³»ãšäžŠè¡ããŠããŒãžã§ã³1ç³»ãã¡ã³ããã³ã¹ãããŠããŸãããããŒãžã§ã³1ç³»ã¯ä»åçºèŠãããè匱æ§ã®åœ±é¿ãåããªãããšã®ããšã
RHEL 7ãš8ã¯1.xç³»ãªã®ã§å€§äžå€«ããã§ãRHEL 9ã¯3.xç³»ãªã®ã§åœ±é¿åãããã
ããã¯åœ±é¿ã倧ãã(â-â; )
Amazon linux ãããªãã§ããðŠ
Name : openssl
Epoch : 1
Version : 1.0.2k
Name : openssl
Epoch : 1
Version : 1.0.2k
ã©ã®ããããã°ãã®ãæ
å ±ãã
ã²ãšãŸãããŒãžã§ã³ç¢ºèªããããªããšãª
圱é¿ãããã®ã¯ããŒãžã§ã³3以äž
openssl versionã§ç¢ºèªã§ããŸã
圱é¿ãããã®ã¯ããŒãžã§ã³3以äž
openssl versionã§ç¢ºèªã§ããŸã
OpenSSLããæŽæ°ãã£ãŠãããã©å
·äœçã«äžè¬ããŒãã«ã¯äœããããããã®ãã
Heartbleed 以æ¥ãâŠð°
ãç²ãæ§ã§ãã
ããããææ¥ã®ä»äºã¡ãã£ãšå¿ãããªãããâŠ
äŒçµ±çSIerã®åœç€Ÿã«ãšã£ãŠãOSãããé©çšã¯äžå€§ã€ãã³ãã§ããæã ãããã£ãŠãªãã®ã ã
OpenSSLã£ãŠãèªåã§make/installããªããšãããªãã¯ãœé¢åãããç³»ã ã£ãïŒå¿ãããå¯ãã
äŒçµ±çSIerã®åœç€Ÿã«ãšã£ãŠãOSãããé©çšã¯äžå€§ã€ãã³ãã§ããæã ãããã£ãŠãªãã®ã ã
OpenSSLã£ãŠãèªåã§make/installããªããšãããªãã¯ãœé¢åãããç³»ã ã£ãïŒå¿ãããå¯ãã
OpenSSL3系㧠ã«å¹æµããè匱æ§ãçºèŠã
ç¥æ¥ã®åæ¥ã«ä¿®æ£çãªãªãŒã¹ãã鬌çã¹ã±ãžã¥ãŒã«ã
ä»ã®ãšããOpenSSL1ç³»ã«ã¯åœ±é¿ãªã
ç¥æ¥ã®åæ¥ã«ä¿®æ£çãªãªãŒã¹ãã鬌çã¹ã±ãžã¥ãŒã«ã
ä»ã®ãšããOpenSSL1ç³»ã«ã¯åœ±é¿ãªã
ãã§ããææ¥ã¯æããç¥ãããã
ããŒãããã¯æãã§ããð
$ apt-cache policy openssl
openssl:
Installed: 3.0.2-0ubuntu1.7
Candidate: 3.0.2-0ubuntu1.7
察å¿ãã :-)
openssl:
Installed: 3.0.2-0ubuntu1.7
Candidate: 3.0.2-0ubuntu1.7
察å¿ãã :-)
OpenSSL 1ã2ãªãæ³£ããã©3ã§ããããã
ããGIGAZINEã®èšäºã¯livedoorãã¥ãŒã¹ã«ã®ããlivedoorãã¥ãŒã¹ã¯ä»ã®ã¡ãã£ã¢ã«æ¡æ£ãããã®ã§ãã©ã¡ãããšèšããšå€ã«ç œãããªãããå¿é ããŠãŸã
éãªèšäºããã®ã
æžããæ¬äººãæå³ããã£ãŠãã®ã ããã
ããGIGAZINEã®èšäºã¯livedoorãã¥ãŒã¹ã«ã®ããlivedoorãã¥ãŒã¹ã¯ä»ã®ã¡ãã£ã¢ã«æ¡æ£ãããã®ã§ãã©ã¡ãããšèšããšå€ã«ç œãããªãããå¿é ããŠãŸã
éãªèšäºããã®ã
æžããæ¬äººãæå³ããã£ãŠãã®ã ããã
ã¯ãïŒ
ä»ã¯LibreSSLãæšæºã ãïŒ
ããŸã ã«OpenSSL䜿ã£ãŠããã€ã¯éŠ¬é¹¿ã ãïŒ
æãããœãŒã¹ã³ãŒããæ±ãããããã°ãã§ãããããã ãïŒ
ãŸããããç°¡åã«ãªãã¬ã€ã¹ã§ããªãç°å¢ãããã ãããã©ã
ä»ã¯LibreSSLãæšæºã ãïŒ
ããŸã ã«OpenSSL䜿ã£ãŠããã€ã¯éŠ¬é¹¿ã ãïŒ
æãããœãŒã¹ã³ãŒããæ±ãããããã°ãã§ãããããã ãïŒ
ãŸããããç°¡åã«ãªãã¬ã€ã¹ã§ããªãç°å¢ãããã ãããã©ã
livedoorãã¥ãŒã¹ãGoogleã«ä¹ã£ãã...ããã§ãããããªã£ããã ãª
ãå²äž2床ç®ã®èŽåœçã¬ãã«ã®è匱æ§ãã£ãŠåé¢ã ãèŠããšããã1床ç®ã§æ»ãã§ãªããããïŒãã£ãŠæãã«ãªã㪠|
䜿ã£ãŠãªããµã€ããªããŠä»ã»ãŒãªãã ãããã圱é¿ãã«ããã ãª>>
1ç³»ã®ã»ãã䜿ã£ãŠã人å€ããã ããåã¿ãããªãç¥ãã¯ããŸãçºçããªããã
ãã£ãšã£ãšãïŒïŒïŒïŒïŒ
䜿ã£ãŠãæ¹ã¯ã泚æãã ãããª
䜿ã£ãŠãæ¹ã¯ã泚æãã ãããª
ãœãããŠã§ã¢ãšã³ãžãã¢ã®ã¿ãªããç¥ããæ¥ããïŒ
ããããèªãã
ãŸãããã»ã»ã»
ææ¥ããUTMã®OSæŽæ°ç¥ãã ãªâŠ
ããã¯âŠå¯ããªãâŠ
ãããŒãŸãããâŠ
ããŒãžã§ã³1ç³»ã¯åœ±é¿ç¡ã
1.xç³»ã¯åœ±é¿ãåããã2021幎12æ以éãªãªãŒã¹ã®3.xç³»ã§åœ±é¿ãããè匱æ§ãšã®ããšã
以äžã圱é¿æç¡ã®ãªã¹ãã
以äžã圱é¿æç¡ã®ãªã¹ãã
ãããµãïŒ
âðŒð.oO( ããšã§èŠã )
â¶ïž
â¶ïž
ã€ããã®æ¥ããïŒ
ããŒãããã¯ã€ããã€ã...
å«ãªäºæããããªãã»ã»ã»
é¢åããªâŠ
ãããŒããææ¥ã¯ãç¥ãã ãã
ãããã
openssl version
ã£ãŠæã£ãŠã¿ããã倧æµããŒãžã§ã³1ãªã®ã§å¯Ÿè±¡å€ã
Ubuntu 22.04ã ãšããŒãžã§ã³3ãªã®ã§ä¿®æ£çãåºããããã«æŽæ°å¿ èŠã
ã£ãŠæã£ãŠã¿ããã倧æµããŒãžã§ã³1ãªã®ã§å¯Ÿè±¡å€ã
Ubuntu 22.04ã ãšããŒãžã§ã³3ãªã®ã§ä¿®æ£çãåºããããã«æŽæ°å¿ èŠã
NowBrowsing:
ã¿ãŠã:
ææ¥ãåŒããŒã ã«åœ±é¿ãããã確èªããªããš
ããã©ã«ãã§å
¥ã£ãŠããOpenSSLã¯ãããªæãã
ãµãŒã¯ã«ãå人ã®éçºãµãŒããŒã¯Ubuntu 20.04ãªã®ã§å€§äžå€«ãããªã
CentOS7: 1ç³»
Ubuntu 20.04 LTS: 1ç³»
Amazon Linux2: 1ç³»
CentOS Stream9: 3ç³»
Ubuntu 22.04 LTS: 3ç³»
ãµãŒã¯ã«ãå人ã®éçºãµãŒããŒã¯Ubuntu 20.04ãªã®ã§å€§äžå€«ãããªã
CentOS7: 1ç³»
Ubuntu 20.04 LTS: 1ç³»
Amazon Linux2: 1ç³»
CentOS Stream9: 3ç³»
Ubuntu 22.04 LTS: 3ç³»
ãŸããâŠ
ããèŽåœçããšããã©ãã«ã¯ããªã¢ãŒãã§ç°¡åã«æªçšã§ãããµãŒããŒã®ç§å¯éµã䟵害ã§ããããäžè¬çãªç¶æ³ã§ã³ãŒãããªã¢ãŒãã§å®è¡å¯èœã«ãªãããšãã£ããäžè¬çãªã·ã¹ãã æ§æã«åœ±é¿ãäžããæªçšãããå¯èœæ§ã®ããè匱æ§ãã«ä»ããããã
ãã®ãã€
openssl 3.0ãšã誰ã䜿ã£ãŠããã ãwã£ãŠæã£ãŠããã ãã©Ubuntu 22.04 LTSã¯openssl 3.0.2ã§ããã
ãã£ãšãã
OpenSSLã®ãã°ãã£ãã¯ã¹çãåºããšããŠãåLinuxãã£ã¹ããªãã¥ãŒã·ã§ã³ã®å¯Ÿå¿ããã±ãŒãžã£ãŠããåºãã®ããã
ææ¥ããããšã«ãªãäœæ¥ãç¥ãã
ææ¥å€§éšããããŒ
ç¥ããå§ãŸãã®ãïŒ
圱é¿å€§ãããã§å¯Ÿå¿ãã人倧å€ã
ãŸãä»æ¹ãªããã©
ãŸãä»æ¹ãªããã©
ææ¥ã®æäŒã®å
±æäºé
ã«ãªãããð¥
ãããŸ
æããã®Heartbleedã
ããã¯æ©æ¥ã«å¯Ÿå¿ãå¿
èŠã§ãïŒ
ããâŠâŠããããâŠâŠ
OpenSSLãŸãã§ããè匱æ§æ¥ãŠãã®ã
ãµãŒããŒç®¡çè
ã®ã¿ãªããæ°ãã€ããŠïŒ
ææ¥ãªãããããª
3ç³»ã ããªãããã
â
â
ããã¯ãŸããã«ç解ãããšããããã€ããªã
ç°¡åã«ã¯ã¢ããããŒãã§ããªããã®ãå€ããã
ç°¡åã«ã¯ã¢ããããŒãã§ããªããã®ãå€ããã
å㞠次ãž