Preventing your Ubuntu servers from CVE-2016-2107

site-admin DevOps, Uncategorized Tagged Tags: , , , ,
1

I just discovered that this site is still vulnerable from CVE-2016-2107. According to CVE(Common Vulnerabilities and Exposers), this vulnerability allows remote attackers to obtain sensitive clear text information via a padding-oracle attack against an AES CBC session. This vulnerability exists because of an incorrect fix for CVE-2013-0169.

rommellaranjo.com | F rating from SSL Labs
I’ve got an F rating from Qualys SSL Labs because of this vulnerability.

To fix this problem, I performed the following in order to upgrade the installed packages (most specially the OpenSSL packages) in my Ubuntu server:
$ sudo apt-get update
$ sudo apt-get dist-upgrade
$ sudo reboot

Unfortunately, this involves downtime because I need do a reboot in order to apply the necessary changes.

rommellaranjo.com | A+ rating at SSL Labs
I’ve got A+ rating at Qualys SSL Labs after upgrading my server.

I discovered this vulnerability by using the Qualys SSL Labs to evaluate my site’s certificate and configuration. If you want a handy tool designed specifically to check CVE-2016-2107 vulnerability, you can check this one by Filippo Valsorda.

One comment on “Preventing your Ubuntu servers from CVE-2016-2107

Leave a Reply

Your email address will not be published. Required fields are marked *