Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Heartbleed vendor notifications - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Heartbleed vendor notifications
QNAP NAS (VULNERABLE). Cannot find official notice yet.

http://forum.qnap.com/viewtopic.php?f=50&t=92078
Anon

1 Posts
Riverbed - http://supportkb.riverbed.com/support/index?page=content&id=S23635
Anonymous
Websense - http://www.websense.com/content/support/library/ni/shared/security-alerts/openssl-vul-2014.pdf
Anonymous
VMware:
kb.vmware.com/selfservice/microsites/…

For most folks this means 5.1 is OK, 5.5 is waiting on a patch
And if they had read the vSphere Hardening Guide, their exposure would be much lower.
Rob VandenBrink

489 Posts
ISC Handler
Barracuda Networks loadbalancer 340.

http://updates.cudasvc.com/cgi-bin/view_release_notes.cgi?type=lbware&version=4.2.2.009&platform=2

Paul
PW

63 Posts
Received this from Dell this morning:


Dell SonicWALL Notice Concerning CVE-2014-0160 OpenSSL Large Heartbeat Response Vulnerability

Researchers have found a critical defect in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software library. For information on the vulnerability known as the “Heartbleed bug,” see CVE-2014-0160 on the NIST website and heartbleed.com.

Dell SonicWALL Firewalls and Email Security Are NOT Affected

Dell SonicWALL firewalls (TZ, NSA, E-Class NSA, SuperMassive) and Email Security are NOT affected by the vulnerability. Additionally, firewalls with an active Intrusion Prevention Service have, as of April 8th, 2014, signatures to protect vulnerable servers against the vulnerability including Secure Remote Access (SRA) products sitting behind the firewalls.

Dell SonicWALL SRA Specific Firmware Versions Affected
SMB Secure Remote Access
SMB SRA Server Side Firmware 7.0.0.10-26sv and all previous 7.0 versions
7.5.0.3-19sv and all previous 7.5 versions
Impact Versions above are affected and should be patched immediately.

Recommended Action Upgrade 7.5 to 7.5.0.4-21sv
Upgrade 7.0 to 7.0.0.11-27sv
E-Class Secure Remote Access (Aventail)
E-Class SRA Server Software Software version 10.6.4
Software versions 10.7.0 and 10.7.1
Impact Versions above are affected and should be patched immediately.
Recommended Action Apply Hotfix 10.6.4-345
Apply Hotfix 10.7.0-582
Apply Hotfix 10.7.1-271

Management and Reporting
Global Management System
(GMS) and Analyzer GMS and Analyzer 7.2 on a Windows platform only
Impact Version above is affected and should be patched immediately.
Recommended Action Apply Hotfix 144490 to GMS 7.2 Windows and Analyzer 7.2 Windows systems using the procedure in the hotfix Release Note posted on MySonicWALL.com.
Additional Information
Due to the impact of the OpenSSL vulnerability, products with affected versions can expose user passwords and private keys. Customers may consider resetting passwords and changing keys after patching.

Regards,
Dell SonicWALL's Customer Service Team
PW
1 Posts
Barracuda Networks appears to have already fixed their cloud services. Reviewing and pushing patches as corrected.
LinkBalancer and backup appliances are affected. https://www.barracuda.com/blogs/pmblog?bid=2275#.U0WG6_ldW4I

Radware http://kb.radware.com/questions/3450/Security+Advisory%3A+Vulnerability+OpenSSL+CVE-2014-0160

Dell/SonicWall/AppAssure - no response

SecurityMetrics – no response

EdgeWave – Not vulnerable

VMware – Several products vulnerable http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225
PW
1 Posts
http://www.websense.com/content/support/library/ni/shared/security-alerts/openssl-vul-2014.pdf

*** WARNING ***

I am running a version that they say can be fixed by switching to FIPS mode.

Per the document I enabled FIPS (Note: This is a one way trip. To disable you have to re-image the box). As soon as I did all HTTPS traffic started throwing certificate errors (I am doing DLP) and I have no way to troubleshoot because all SSL related tabs in Content Gateway show `cannot display the webpage`.

Even worst, NMap and Nessus both show the box as still being vulnerable.

Good luck.

-eddy
Anonymous
A consolidated list of managed file transfer, secure file transfer, FTP server and FTP client technologies is being maintained here:

http://www.filetransferconsulting.com/managed-file-transfer-heartbleed-ftp-server/
Anonymous
hMailServer, an open source SMTP/POP3/IMAP server for Windows, has a new version which fixes a Heartbleed vulnerability in the product.

Download hMailServer 5.4.1 (or newer) from: http://www.hmailserver.com/index.php?page=download

See this forum thread for details: http://www.hmailserver.com/forum/viewtopic.php?f=7&t=26276

- Michael
MikeOnline

2 Posts
Tripwire [requires support login]: http://my.tripwire.com/314IAH7850000kJ004yJr00

In email: "Our research team has been proactively investigating the bug and has determined that the bug affects only certain versions of Tripwire CCM and certain DP appliances connected to Tripwire IP360. It does not affect Tripwire Enterprise or Tripwire Log Center products."
MikeOnline
1 Posts
http://www.sonicwall.com/us/shared/download/ell_SonicWALL_-_Support_Bulletin_-_CVE-20140-1016_OpenSSL_Large_Heartbeat_Response_Vulnerability.pdf
MikeOnline
2 Posts
Carol, Dell - SonicWALL firewalls are not vulnerable, but some of the other products are:

https://www.sonicwall.com/us/en/support/2213.html?fuzeurl=https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=11180
MikeOnline
2 Posts
http://www.sonicwall.com/us/shared/download/ell_SonicWALL_-_Support_Bulletin_-_CVE-20140-1016_OpenSSL_Large_Heartbeat_Response_Vulnerability.pdf

Not sure if it went through the first time.
MikeOnline
2 Posts
Cloud Servers need to be checked also:

https://wiki.bitnami.com/security/2014-04_Heartbleed_Bug

Update Bitnami Cloud Hosting machine, Bitnami VMs, AWS AMI, Azure servers

In case of Bitnami Cloud Hosting machines, Bitnami AMI-backed Amazon servers, Bitnami Azure image backed server, Bitnami Virtual Machines, you will need to update both the Bitnami base stack and the system OpenSSL.
MikeOnline
1 Posts
Turnkey Linux v13.0 (Debian 7/Wheezy based): http://www.turnkeylinux.org/blog/heartbleed

Amazon Linux AMI: https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/
JeremyDavis

1 Posts
http://www.symantec.com/outbreak/?id=heartbleed

Some version of symantec endpoint are vulnerable. To witch extent is not know or not revealed. Meaning it may be possible to shutdown all of the AV software on the network.
GuardMoony

3 Posts
VMWare

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225

So far:

These VMware products that ship with OpenSSL 1.0.1 have been confirmed to be affected:

ESXi 5.5
vCenter Server 5.5
VMware Fusion 6.0.x
VMware vCloud Automation Center (vCAC) 5.1.x
VMware vCloud Automation Center (vCAC) 5.2.x
VMware Horizon Mirage 4.4.0
vFabric Web Server 5.0.x – 5.3.x (For remediation details, see the Security Advisory on Critical Updates to vFabric Web Server document.)
VMware vCloud Networking and Security (vCNS) 5.1.3
VMware vCloud Networking and Security (vCNS) 5.5.1
NSX-V 6.0.x
NVP 3.x
NSX-MH 4.x
VMware Horizon View 5.2 Feature Pack 2
VMware Horizon View 5.3 Feature Pack 1
VMware Horizon View Client for Windows 2.3.x
VMware Horizon View Client for iOS 2.1.x, 2.2.x, 2.3.x
VMware Horizon View Client for Android 2.1.x, 2.2.x, 2.3.x
VMware Horizon Workspace 1.0
VMware Horizon Workspace 1.5
VMware Horizon Workspace 1.8
VMware Horizon Workspace Client for Macintosh 1.5.1
VMware Horizon Workspace Client for Macintosh 1.5.2
VMware Horizon Workspace for Macintosh 1.8
VMware Horizon Workspace Client for Windows 1.5.1
VMware Horizon Workspace Client for Windows 1.5.2
VMware Horizon Workspace for Windows 1.8
VMware OVF Tool 3.5.0
VMware vCenter Converter (P2V) 5.5.x


Unaffected VMware products
These VMware products that ship with OpenSSL 0.9.8 have been confirmed to be unaffected:

ESXi/ESX 4.x
ESXi 5.0
ESXi 5.1
VMware Fusion 5.x
VMware vCenter Server 4.x
VMware vCenter Server 5.0
VMware vCenter Server 5.1
VMware vCenter Server Appliance (vCSA) 5.x
VMware vCloud Automation Center (vCAC) 6.x
VMware Horizon Mirage 4.3.x and earlier
VMware Update Manager (VUM)
VMware vCenter Orchestrator (vCO)
VMware vCloud Director (vCD)
VMware vCenter Operations Manager (vCOps)
VMware vCenter Site Recovery Manager (SRM)
VMware vCenter Configuration Manager (vCM)
VMware vSphere Data Protection (vDP)
VMware vSphere Storage Appliance (VSA)
VMware Workstation
VMware Player
VMware ThinApp
VMware vFabric Postgres
VMware vCloud Networking and Security (vCNS) 5.1.2 and below
VMware vCloud Networking and Security (vCNS) 5.5.0
VMware View 4.x
VMware Horizon View 5.x
VMware Horizon View Client for Windows 2.1.x, 2.2.x, 5.x
VMware Horizon View Client for Windows with Local Mode Option 5.x
VMware Horizon View Client for iOS 1.x, 2.0.x
VMware Horizon View Client for Android 1.x, 2.0.x
VMware Horizon View Client for Linux (all versions)
VMware Horizon View Client for Mac (all versions)
VMware Horizon View Client for Windows Store (all versions)
VMware Horizon Workspace Client for Macintosh 1.0.0
VMware Horizon Workspace Client for Macintosh 1.5.0
VMware Horizon Workspace Client for Windows 1.0.0
VMware Horizon Workspace Client for Windows 1.5.0
VMware vCenter Support Assistant
VMware vCenter Server Heartbeat
VMware OVF tool 3.1.0 and below
VIX API
Virtual Disk Development Kit (VDDK)
VMware vSphere Management Assistant (vMA)
GuardMoony
2 Posts
ManageEngine Service Desk Plus

https://forums.manageengine.com/topic/sdp-not-affected-by-heartbleed#49000006963113
GuardMoony
2 Posts
SSH Communications Security - Tectia SSH -http://answers.ssh.com/questions/2458/does-the-openssl-heartbleed-vulnerability-affect-ssh-communications-security-products
Anonymous

Sign Up for Free or Log In to start participating in the conversation!