CrowdStrike Heartbleed Scanner finds my vulnerable VMware ESXi 5.5 U1 host, I patch, then rescan
Yes, Heartbleed is still hanging in there for the IT pro, continuing to demand our attention. Earlier today, during a long drive to a virtualization user group meeting here in New Hampshire, I had the opportunity to catch up on some podcasts, including yesterday's Security Now Podcast 452. Steve Gibson excitedly shares a nice gem he's found to scan your network for vulnerable hosts, discussed at this spot in the podcast. In a video produced right from my hotel room tonight, I demonstrate the use of this simple "no install required" Windows executable, created by Robin Keier, announced last week here.
Download CrowdStrike Heartbleed Scanner:
Yeah, I just couldn't wait til I'm home tomorrow to try this, so I simply and securely VPN'd to my home network, and tada, I was able to run the scan just fine, just as if I was actually on my home network, even though it's 160 miles away, since I set my VPN to have no port blocking active for private network traffic.
In the video walk-through below, you'll actually see that scan of my entire home network, successfully identifying my unpatched ESXi 5.5 U1 host as "vulnerable." I then patch that host, reboot it, and wrap up with a clean re-run of the Heartbleed Scanner. Nice! A nice new tool to keep, in my virtual tool bag.
More details at:
CrowdStrike offers new free Heartbleed Scanner tool by Tony Bradley Apr 23 2014, and
OpenSSL Heartbleed patches for ESXi 5.5 are available now! by Andreas Peetz on Apr 19 2014,
where Andreas kindly documents the first step to remediate the host (downloads all the latest VIBs):
Enable SSH access on your host, log in to it (e.g. using putty) and run the following commands:
# open firewall for outgoing http requests: esxcli network firewall ruleset set -e true -r httpClient # Install the ESXi 5.5 U1 Heartbleed Imageprofile from the VMware Online depot esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140404001-standard # Reboot your host reboot
followed by the revoke/reissue of the certificate, topped off with a change of the root password. It's all explained in detail by VMware in KB2076665:
Resolving OpenSSL Heartbleed for ESXi 5.5 - CVE-2014-0160 (2076665)
Hope you enjoy the video, and please drop a comment below, no login required, and let us all know your experience with CrowdStrike Heartbleed Scanner.