CVE-2014-0160 (Heartbleed bug) Advisory for OSSEC

CVE-2014-0160 (Heartbleed bug) Advisory for OSSEC

March 9, 2014     Scott R. Shinn

The recently disclosed CVE-2014-0160 vulnerability – heartbleed read overrun – in OpenSSL may impact OSSEC installations where OSSEC was deployed with OpenSSL support, either when built from source or installed from RPMs. In particular this issue leaves ossec-authd open to attack.

The CVE-2014-0160 vulnerability has been fixed in OpenSSL 1.0.1g. OSSEC users are advised to replace their existing OpenSSL shared libraries with version 1.0.1.g which you can obtain as a source tarball on the OpenSSL website here http://www.openssl.org/source/. As of this writing it does not appear that yum repositories for CentOS 6.x have pushed this version of OpenSSL to the repository servers.

It is further advised that, until you patch your OpenSSL components, you do not leave ossec-authd running when it is not receiving requests from your OSSEC agents.