What's New

OpenSSL HeartBeat Vulnerability on the UCx (CVE-2014-0160)

Overview

OpenSSL is a software package used on the UCX appliance to provide secure access to the Linux OS and the services running on it.  The package is used to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as providing a full-strength, general purpose cryptography library for use.

 
Recent news reports have identified a vulnerability in the Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) heartbeat functionality in OpenSSL which could allow an unauthenticated, remote attacker to access sensitive information.  https://www.redhat.com/security/data/cve/CVE-2014-0160.html
 
OpenSSL versions 1.0.1 through 1.0.1f are vulnerable!

UCX Exposure

The version of OpenSSL that is currently installed and used on the UCx platform is version 0.98e-27.  Due to that, this vulnerability DOES NOT impact UCX systems!

To check the version of OpenSSL on the UCX platform, you can perform the following steps:

  1. Login to the Web-based Configuration Utility
  2. Navigate to the System – Updates – Packages page
  3. Click the “Show Filter” button and enter the word “openssl” in the Name field
  4. Ensure that the option “Installed” is selected in the Status Drop down box and press the Search button

Contents