Security

How to remediate CVE-2013-2566 related to "SSH RC4 Cipher" ?

Contributor

Hello there,

Our security team did vulnerability scan on server running Splunk v6.1.3 and asked us to remediate CVE-2013-2566 vulnerability. The description they gave us is below:

SSH RC4 Cipher Enabled
DESCRIPTION
The arcfour cipher is considered to be flawed.
SOLUTION
Disable the arcfour cipher.

We checked with OS Vendor and they have given below solution. The issue is I am not sure where to apply the changes. I have checked files having RC4 but there are many..

-Find the applications which has been configured to use TLS/SSL on server, make the suggested changes in application configuration file as suggested in Workaround 1 or Workaround 2.
o For example, if httpd is running with SSL, then make the suggested changes in /etc/httpd/conf.d/ssl.conf

*Workaround 1: Use Stronger ciphers
SSLCipherSuite HIGH:!aNULL:!MD5

*Workaround 2: Change the CipherOrder so that RC4 will be the least preferred
SSLHonorCipherOrder On
SSLCipherSuite DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:HIGH:!MD5:!aNULL:!ADH:!LOW:RC4

Can someone please advise on the same?

Thanks
Hemendra

0 Karma

Splunk Employee
Splunk Employee

This is already resolved in latest version of splunk 6.5.3

0 Karma