Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Heartbleed vendor notifications - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Heartbleed vendor notifications
Barracuda - https://www.barracuda.com/blogs/pmblog?bid=2275#.U0WSRPldVb5

I'm told that their Spam & Virus Firewall (mail filter) line is not vulnerable, but others potentially are.
Anonymous
Riverbed - https://supportkb.riverbed.com/support/index?page=content&id=S23635&actp=LIST_RECENT
https://supportkb.riverbed.com/support/index?page=content&id=S23653&actp=LIST_RECENT
dark15

1 Posts
CIPAFilter

https://support.cipafilter.com/index.php?/News/NewsItem/View/6/heartbleed-ssl-vulnerability-cve-2014-0160
dark15
2 Posts
Has anyone located an executable, particularly a freebie, that'll allow you to scan your internal network? Filippo has posted out the GO based pieces, but I'm not at all familiar with GO, and it looks very Linuxy. While my shop is pretty much mostly Windows, I know some Win servers have Jakarta/Apache on them, plus a dozen or so 'Appliances' that I know have at least some flavor of Linux, with decent chance that they used OpenSSL.

One more question--- SSH encrypted SFTP sites--with a vulnerable Certificate, am I right in thinking that it's liability is that if someone had packet caps of traffic while the bad cert was used could be decrypted, offline, after the fact?
spooledone

7 Posts
you can use nessus, they have a plug-in that detects the vulnerability. Which we are using at a client now. I also like this tool from Qualys, https://www.ssllabs.com/ssltest/
spooledone
1 Posts
McAfee is identifying those products impacted by the vulnerable OpenSSL versions and updating them to a remediated OpenSSL version. A consolidated Security Bulletin will be published on the McAfee Knowledge Center (support.mcafee.com) and list all affected products. This document will be updated daily as new hotfixes and patches are posted for customer download.

An SNS Notice will be sent advising when the Security Bulletin is available, and additional SNS messages will be sent as updates occur.


Update to original notification send Wed Apr 9 at approx. 10:15 am CDT
Labnuke

1 Posts
Whilst Ivan Ristic's tool over at SSL Labs is great for testing web server susceptibility to heartbleed, it doesn't seem to be able to test mail servers.
Does anyone know of a tool to test the SSL implementations on mail servers, such as at smtp.gmail.com?

Thanks,
Alex
Alex

2 Posts
The irony of this is quite amusing to me.

Essentially if you can't upgrade to 1.0.1g and are on 1.0.0 or earlier version of OpenSSL (which is insecure in itself), you're ok from the Heartbleed vuln.

Quite interesting really.
amilroy

9 Posts
Sonicwall update
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=11180
amilroy
3 Posts
Sonicwall update
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=11180
amilroy
3 Posts
As of 13:00 GMT 4/9/2014

All SRA/Aventail SSL-VPN devices are affected. Both the SRA and Aventail engineering teams are working on fixing this in the next version of firmware. No ETA has been announced.

Firewalls
Generation 6 – Firmware versions prior to 6.1.2 are affected.

Generation 5 – Firmware versions prior to 5.8 are affected.

Analyzer
Version 7.2 is affected.
amilroy
1 Posts
Citrix http://support.citrix.com/article/CTX140605
amilroy
1 Posts
Sophos - Knowledge Base Article - http://www.sophos.com/en-us/support/knowledgebase/120854.aspx

Sophos - Patching Information - http://www.sophos.com/en-us/support/knowledgebase/120851.aspx
Anonymous
box.com - https://support.box.com/hc/en-us/articles/202356058

"""
Within hours of notification about this vulnerability, Box released a patch to protect all logins and content and is in the process of reissuing our SSL certificates for the product to be extra cautious. To date, we have no indication that Box has been targeted or attacked in relation to this bug.

We will update this page after the new SSL certificates are live, and at that point we will proactively alert potentially impacted users that they should reset their Box passwords. Again, this is just an added precautionary measure.
"""
Anonymous
Dell/SonicWALL - http://app.messages.sonicwall.com/e/es?s=373&e=407115
Chiesennegs

2 Posts
Anything from Websense on this? All I can see is this -

http://community.websense.com/blogs/securitylabs/archive/2014/04/09/vulnerability-in-openssl-cve-2014-0160-could-lead-to-data-theft.aspx
Chiesennegs
2 Posts
It looks like Citrix is covered: http://support.citrix.com/article/CTX140605
dotBATman

66 Posts
Dell / Sonicwall not vulnerable
http://www.brandontek.com/sonicwall/dell-sonicwalls-response-to-heart-bleed-bug/
carol

10 Posts
Citrix reaction is here:
http://support.citrix.com/article/CTX140605
carol
1 Posts
SolarWinds:

LEM - http://thwack.solarwinds.com/thread/64270
Serv-U - http://thwack.solarwinds.com/docs/DOC-174543
carol
1 Posts

Sign Up for Free or Log In to start participating in the conversation!