- Red Hat Enterprise Linux 5, 6, 7
- How do I avoid impact to vsftpd from CVE-2014-3566?
By default, SSL/TLS is not enabled for vsftpd. You may have configured vsftpd to enable SSL/TLS by adding the following line to /etc/vsftpd/vsftpd.conf
If SSL/TLS is enabled, add the following lines to /etc/vsftpd/vsftpd.conf in order to only allow usage of TLSv1, not SSLv2 or SSLv3:
ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
Once complete, restart vsftpd:
# service vsftpd restart
A vulnerability was found in the SSLv3.0 protocol. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. For more information about this vulnerability, refer to the following article: POODLE: SSLv3.0 vulnerability (CVE-2014-3566)
For diagnostic steps, refer to the following article: POODLE: SSLv3.0 vulnerability (CVE-2014-3566)
- Red Hat Enterprise Linux
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.