Knowledgebase

Tag Cloud

cloudtalk setup long fast VoIP SIP cost receiving calls sync contacts contract unlimited international calls calls outside of my plan data usage number port abroad Affiliate update upgrade linux command line top server load password change password rsync transfer file transfer Fail2ban security harden webserver install Nginx Apache phpmyadmin php databases manage

Support

Heartbleed vulnerability in OpenSSL

This Heartbleed vulnerability allows an attacker to read 64 kilobyte chunks of memory from the servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension.

cPanel & WHM does not provide any copies of the OpenSSL library. The daemons and applications shipped with cPanel & WHM link to the version of OpenSSL provided by the core operating system.

RedHat 6, CentOS 6, and CloudLinux 6 provided vulnerable versions of OpenSSL 1.0.1. All three distros have published patched versions of their OpenSSL 1.0.1 RPMs to their mirrors.

How to fix this Heartbleed vulnerability?

 

To update any affected servers, use the following commands.

1. SSH to your server

2. yum update openssl

3. /scripts/upcp —force

4. /etc/init.d/cpanel restart

5.  stop apache with the command:

service httpd stop

6.  kill any remaining apache processes

7.  start apache with command:

service httpd start

8.  Please test your server at http://filippo.io/Heartbleed/ to confirm the server is patched.

9.  If your server still shows vulnerable still after step #8 we have found it is necessary to recompile apache.  Recompile apache and run step #8 again.

Also you can ensure you are updated by running the following command:

rpm -q –changelog openssl | grep -B 1 CVE-2014-0160
* Mon Apr 07 2014 Tomáš Mráz 1.0.1e-16.7
- fix CVE-2014-0160 – information disclosure in TLS heartbeat extension

 

Once the RPM of OpenSSL has been updated you should reset all certificates via the Manage Service SSL Certificates interface in WHM.

Home » Service Configuration » Manage Service SSL Certificates

You will need to click the ‘Reset Certificate’ link for each service: FTP, Exim, cPanel/WHM/Webmail Service, and Dovecot or Courier Mail Server.

You should also check the SSL certificates in the Manage SSL Hosts interface of WHM.

Home » SSL/TLS » Manage SSL Hosts

Many Certificate Authorities are helping their customers regenerate SSL certificates at no cost to fix Heartbleed vulnerability in OpenSSL.

This may vary and your Certificate Authority should be contacted prior to any actions to ensure the proper procedures are followed.
It is recommended that you regenerate all SSH keys and reset all passwords across the server.

Was this answer helpful?

0 Users Found This Useful

Related Articles

Enable NAT behind the cpanel

How to enable NAT behind the cpanel ? Most of webhosting providers currently used NAT service...

How to prevent user creating certain domains

How to prevent user creating certain domains You can use cPanel & WHM to prevent users...

Enable SSH and WHM login Alert emails

We can enable SSH and WHM login alerts to your email accounts. For security reason, it is...

Email server troubleshooting

Email / Exim server troubleshooting techniques. You can use the following email server...

cPanel Security Advisor Addon

This security advisor addon has only been tested on 11.38. Installing this addon...