{"id":6962,"date":"2016-03-03T15:18:38","date_gmt":"2016-03-03T14:18:38","guid":{"rendered":"https:\/\/anexia.com\/stagingblog\/?p=6962"},"modified":"2022-04-22T09:14:51","modified_gmt":"2022-04-22T07:14:51","slug":"drown-debian-packages-for-squeeze-lenny-and-check-script","status":"publish","type":"post","link":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/","title":{"rendered":"DROWN: Debian packages for squeeze, lenny and check script"},"content":{"rendered":"

The latest OpenSSL update, which was released on March 1st, fixed, among other bugs, a vulnerability named DROWN<\/strong>.<\/p>\n

Putting it short, the attack allows obtaining the private key from a remote server if SSLv2 is enabled.<\/p>\n

A more detailed description of the attack is out of the scope of this blog article can be found on the „official“ website, https:\/\/drownattack.com\/<\/a>.<\/p>\n

Recent operating systems have had SSLv2 disabled for quite some time now, like Debian did in 2010: https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=589706<\/a><\/p>\n

However, a lot of organizations are still running legacy versions of operating systems for various reasons, being left in the cold with no security updates available.<\/p>\n

This was also the case for us, as we are still managing some Debian squeeze and Debian lenny systems.<\/p>\n

Debian packages for squeeze and lenny<\/strong><\/p>\n

As soon as patches became available our team started building updated OpenSSL packages for both Debian squeeze and Debian lenny, which disable SSLv2 entirely. These updated packages contain the same patches as applied in CentOS.<\/p>\n

As a service to the Internet community, we have made available both source and binary packages for these Debian versions at https:\/\/github.com\/anexia-it\/debian-packages<\/a>.<\/p>\n

DROWN check script<\/strong><\/p>\n

We needed a way to remotely check if services were vulnerable. As the lookup tool on the DROWN attack website only uses old data at the point of this writing, we created a shell script which implements DROWN vulnerability checks.<\/p>\n

 <\/p>\n

The script very much resembles our winshock test script<\/a>, but requires an old version of OpenSSL with SSLv2 enabled to operate.<\/p>\n

In order to simplify use of the script, we are providing a docker image<\/a>, based on Debian squeeze.<\/p>\n

The script itself and the Dockerfile used to build the image are both available from GitHub<\/a>.<\/p>\n

If you want to give the script a try, using it is as simple as running:<\/p>\n

docker pull anexia\/drowncheck:latest<\/p>\n

docker run –rm=true -t -i anexia\/drowncheck:latest 10.0.0.2 443<\/p><\/blockquote>\n

Simply replace 10.0.0.2<\/em> with the IP address of the server you want to check and 443<\/em> with the services‘ port.<\/p>\n","protected":false},"excerpt":{"rendered":"

The latest OpenSSL update, which was released on March 1st, fixed, among other bugs, a vulnerability named DROWN.<\/p>\n","protected":false},"author":5,"featured_media":1136,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1129],"tags":[1957,1959,1622,1329,1961,1963,1379],"yoast_head":"\nDROWN: Debian packages for squeeze, lenny and check script - ANEXIA Blog<\/title>\n<meta name=\"description\" content=\"The latest OpenSSL update, which was released on March 1st, fixed, among other bugs, a vulnerability named DROWN.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DROWN: Debian packages for squeeze, lenny and check script - ANEXIA Blog\" \/>\n<meta property=\"og:description\" content=\"The latest OpenSSL update, which was released on March 1st, fixed, among other bugs, a vulnerability named DROWN.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/\" \/>\n<meta property=\"og:site_name\" content=\"ANEXIA Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/anexiagmbh\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-03T14:18:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-22T07:14:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/anexia.com\/blog\/wp-content\/uploads\/2016\/01\/Stephan-Peijnik_anexia-blau_web.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1066\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Stephan Peijnik\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@_ANEXIA\" \/>\n<meta name=\"twitter:site\" content=\"@_ANEXIA\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stephan Peijnik\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"2\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/\",\"url\":\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/\",\"name\":\"DROWN: Debian packages for squeeze, lenny and check script - ANEXIA Blog\",\"isPartOf\":{\"@id\":\"https:\/\/anexia.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/anexia.com\/blog\/wp-content\/uploads\/2016\/01\/Stephan-Peijnik_anexia-blau_web.jpg\",\"datePublished\":\"2016-03-03T14:18:38+00:00\",\"dateModified\":\"2022-04-22T07:14:51+00:00\",\"author\":{\"@id\":\"https:\/\/anexia.com\/blog\/#\/schema\/person\/8f95147348ae0ed7e4c25999bebf0f1d\"},\"description\":\"The latest OpenSSL update, which was released on March 1st, fixed, among other bugs, a vulnerability named DROWN.\",\"breadcrumb\":{\"@id\":\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#primaryimage\",\"url\":\"https:\/\/anexia.com\/blog\/wp-content\/uploads\/2016\/01\/Stephan-Peijnik_anexia-blau_web.jpg\",\"contentUrl\":\"https:\/\/anexia.com\/blog\/wp-content\/uploads\/2016\/01\/Stephan-Peijnik_anexia-blau_web.jpg\",\"width\":1600,\"height\":1066},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/anexia.com\/blog\/de\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DROWN: Debian packages for squeeze, lenny and check script\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/anexia.com\/blog\/#website\",\"url\":\"https:\/\/anexia.com\/blog\/\",\"name\":\"ANEXIA Blog\",\"description\":\"[:de] ANEXIA Blog - Technischen Themen, Anexia News und Insights [:]\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/anexia.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"de\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/anexia.com\/blog\/#\/schema\/person\/8f95147348ae0ed7e4c25999bebf0f1d\",\"name\":\"Stephan Peijnik\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/anexia.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0bfcb213a87f6c6c67ec494bc0ae5585?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0bfcb213a87f6c6c67ec494bc0ae5585?s=96&d=mm&r=g\",\"caption\":\"Stephan Peijnik\"},\"url\":\"https:\/\/anexia.com\/blog\/author\/spe\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DROWN: Debian packages for squeeze, lenny and check script - ANEXIA Blog","description":"The latest OpenSSL update, which was released on March 1st, fixed, among other bugs, a vulnerability named DROWN.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/","og_locale":"de_DE","og_type":"article","og_title":"DROWN: Debian packages for squeeze, lenny and check script - ANEXIA Blog","og_description":"The latest OpenSSL update, which was released on March 1st, fixed, among other bugs, a vulnerability named DROWN.","og_url":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/","og_site_name":"ANEXIA Blog","article_publisher":"https:\/\/www.facebook.com\/anexiagmbh\/","article_published_time":"2016-03-03T14:18:38+00:00","article_modified_time":"2022-04-22T07:14:51+00:00","og_image":[{"width":1600,"height":1066,"url":"https:\/\/anexia.com\/blog\/wp-content\/uploads\/2016\/01\/Stephan-Peijnik_anexia-blau_web.jpg","type":"image\/jpeg"}],"author":"Stephan Peijnik","twitter_card":"summary_large_image","twitter_creator":"@_ANEXIA","twitter_site":"@_ANEXIA","twitter_misc":{"Verfasst von":"Stephan Peijnik","Gesch\u00e4tzte Lesezeit":"2\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/","url":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/","name":"DROWN: Debian packages for squeeze, lenny and check script - ANEXIA Blog","isPartOf":{"@id":"https:\/\/anexia.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#primaryimage"},"image":{"@id":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#primaryimage"},"thumbnailUrl":"https:\/\/anexia.com\/blog\/wp-content\/uploads\/2016\/01\/Stephan-Peijnik_anexia-blau_web.jpg","datePublished":"2016-03-03T14:18:38+00:00","dateModified":"2022-04-22T07:14:51+00:00","author":{"@id":"https:\/\/anexia.com\/blog\/#\/schema\/person\/8f95147348ae0ed7e4c25999bebf0f1d"},"description":"The latest OpenSSL update, which was released on March 1st, fixed, among other bugs, a vulnerability named DROWN.","breadcrumb":{"@id":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#primaryimage","url":"https:\/\/anexia.com\/blog\/wp-content\/uploads\/2016\/01\/Stephan-Peijnik_anexia-blau_web.jpg","contentUrl":"https:\/\/anexia.com\/blog\/wp-content\/uploads\/2016\/01\/Stephan-Peijnik_anexia-blau_web.jpg","width":1600,"height":1066},{"@type":"BreadcrumbList","@id":"https:\/\/anexia.com\/blog\/en\/drown-debian-packages-for-squeeze-lenny-and-check-script\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/anexia.com\/blog\/de\/"},{"@type":"ListItem","position":2,"name":"DROWN: Debian packages for squeeze, lenny and check script"}]},{"@type":"WebSite","@id":"https:\/\/anexia.com\/blog\/#website","url":"https:\/\/anexia.com\/blog\/","name":"ANEXIA Blog","description":"[:de] ANEXIA Blog - Technischen Themen, Anexia News und Insights [:]","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/anexia.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de"},{"@type":"Person","@id":"https:\/\/anexia.com\/blog\/#\/schema\/person\/8f95147348ae0ed7e4c25999bebf0f1d","name":"Stephan Peijnik","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/anexia.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0bfcb213a87f6c6c67ec494bc0ae5585?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0bfcb213a87f6c6c67ec494bc0ae5585?s=96&d=mm&r=g","caption":"Stephan Peijnik"},"url":"https:\/\/anexia.com\/blog\/author\/spe\/"}]}},"lang":"en","translations":{"en":6962,"de":1196},"amp_enabled":true,"pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/posts\/6962"}],"collection":[{"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/comments?post=6962"}],"version-history":[{"count":1,"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/posts\/6962\/revisions"}],"predecessor-version":[{"id":6965,"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/posts\/6962\/revisions\/6965"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/media\/1136"}],"wp:attachment":[{"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/media?parent=6962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/categories?post=6962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/anexia.com\/blog\/wp-json\/wp\/v2\/tags?post=6962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}