Last modified: 2014-07-08 19:55:17 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T69564, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 67564 - Lots of servers are vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224)
Lots of servers are vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224)
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
SSL related (Other open bugs)
unspecified
All All
: High normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-06 11:57 UTC by chmarkine
Modified: 2014-07-08 19:55 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description chmarkine 2014-07-06 11:57:57 UTC 
Originally I posted this issue under Bug 53259, but I find more and more vulnerable sites, so I think it is more appropriate to move to a new bug report.

According to SSL Labs these servers are "vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable":

* graphite.wikimedia.org
* gdash.wikimedia.org
* dumps.wikimedia.org
* noc.wikimedia.org

These are vulnerable but probably not exploitable:

* ganglia.wikimedia.org
* lists.wikimedia.org

[1] https://www.ssllabs.com/ssltest/analyze.html?d=noc.wikimedia.org
Comment 1 Jan Zerebecki 2014-07-06 12:11:37 UTC 
I reported your findings yesterday as RT #7806 and suggested that all hosts should be checked for missed libssl updates.
Comment 2 Jan Zerebecki 2014-07-08 19:55:17 UTC 
All of those and some more are fixed now. See also https://bugzilla.wikimedia.org/show_bug.cgi?id=53259#c26 .
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links