Version:

This solution applies to Carbon Black versions earlier than 4.2.

Issue:

MITM OpenSSL vulnerability CVE-2014-0221 was made public June 5th 2014. The Carbon Black Enterprise Server utilizes OpenSSL for secure communication with the installed Sensors.

Solution:

An updated OpenSSL version was created and published by the OpenSSL core team: 1.0.1.h.  The download location (mirrors) that CentOS uses was then updated by the CentOS team, and the fixed OpenSSL version became available to install using the yum utility seamlessly.

To confirm if the installed OpenSSL version is vulnerable, run rpm -q openssl on the Master Enterprise server:

          [root@CentOS65 ~]# rpm -q openssl

          openssl-1.0.1e-16.el6_5.7.x86_64

Note: The '1.0.1e' version shown above is not the indication of a vulnerable OpenSSL version, but rather the EL version of 5.7.  After following the below steps, this version will change to be at least 5.14.

To update the OpenSSL package:

Login to the Carbon Black Master Enterprise server

Use the YUM utility to update the OpenSSL library:

          yum clean allyum check updateyum update openssl

Restart the Carbon Black services: If Carbon Black is a standalone installation: service cb-enterprise restart If Carbon Black is a clustered installation:

          /usr/share/cb/cbcluster stop

          /usr/share/cb/cbcluster start

To confirm the new version is installed, run rpm -q openssl to show the updated version:

          [root@CentOS65 ~]# rpm -q openssl

          openssl-1.0.1e-16.el6_5.14.x86_64

Important Note(s):

Relevant links to the vulnerability are here:

https://www.openssl.org/news/secadv_20140605.txt

https://www.openssl.org/news/openssl-1.0.1-notes.html

https://access.redhat.com/security/cve/CVE-2014-0221