Addressing OpenSSL vulnerability CVE-2014-0221 for the Carbon Black Enterprise Server
This solution applies to Carbon Black versions earlier than 4.2.
MITM OpenSSL vulnerability CVE-2014-0221 was made public June 5th 2014. The Carbon Black Enterprise Server utilizes OpenSSL for secure communication with the installed Sensors.
An updated OpenSSL version was created and published by the OpenSSL core team: 1.0.1.h. The download location (mirrors) that CentOS uses was then updated by the CentOS team, and the fixed OpenSSL version became available to install using the yum utility seamlessly.
To confirm if the installed OpenSSL version is vulnerable, run rpm -q openssl on the Master Enterprise server:
[root@CentOS65 ~]# rpm -q openssl
Note: The '1.0.1e' version shown above is not the indication of a vulnerable OpenSSL version, but rather the EL version of 5.7. After following the below steps, this version will change to be at least 5.14.
To update the OpenSSL package:
Login to the Carbon Black Master Enterprise server
Use the YUM utility to update the OpenSSL library:
yum clean allyum check updateyum update openssl
Restart the Carbon Black services: If Carbon Black is a standalone installation: service cb-enterprise restart If Carbon Black is a clustered installation:
To confirm the new version is installed, run rpm -q openssl to show the updated version: