Security

How to remediate CVE-2013-2566 related to "SSH RC4 Cipher" ?

hemendralodhi
Contributor

Hello there,

Our security team did vulnerability scan on server running Splunk v6.1.3 and asked us to remediate CVE-2013-2566 vulnerability. The description they gave us is below:

SSH RC4 Cipher Enabled
DESCRIPTION
The arcfour cipher is considered to be flawed.
SOLUTION
Disable the arcfour cipher.

We checked with OS Vendor and they have given below solution. The issue is I am not sure where to apply the changes. I have checked files having RC4 but there are many..

-Find the applications which has been configured to use TLS/SSL on server, make the suggested changes in application configuration file as suggested in Workaround 1 or Workaround 2.
o For example, if httpd is running with SSL, then make the suggested changes in /etc/httpd/conf.d/ssl.conf

*Workaround 1: Use Stronger ciphers
SSLCipherSuite HIGH:!aNULL:!MD5

*Workaround 2: Change the CipherOrder so that RC4 will be the least preferred
SSLHonorCipherOrder On
SSLCipherSuite DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:HIGH:!MD5:!aNULL:!ADH:!LOW:RC4

Can someone please advise on the same?

Thanks
Hemendra

0 Karma

risgupta_splunk
Splunk Employee
Splunk Employee

This is already resolved in latest version of splunk 6.5.3

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...