Question

heartbleed OpenSSL vulnerability

  • 9 April 2014
  • 9 replies
  • 190 views

Does anyone have any information on whether or not and which Enterasys or Extreme products are affected by this vulnerability?

9 replies

Userlevel 4
Only above EXOS 15.4 software are affected.
Is this the official response? No other products are affected.
I'd be interested to see if any of the Linux based Enterasys products such as NAC or wireless controllers are affected.
Userlevel 4
Yes, My answer is for Extreme Networks products who use EXOS software.
Sumit,
Thank you for clarifying.
Userlevel 6
I ran
code:
apt-get update
,
code:
apt-get install libssl1.0.0
on my 64-bit NAC appliances, and
code:
lsof -nnP|grep libssl
shows the following processes that need to be restarted:
whoopsie 1015 whoopsie DEL REG 252,0 1044566 /lib/x86_64-linux-gnu/libssl.so.1.0.0
radiusd 4019 root DEL REG 252,0 1044566 /lib/x86_64-linux-gnu/libssl.so.1.0.0
postgres 6819 postgres DEL REG 252,0 1044566 /lib/x86_64-linux-gnu/libssl.so.1.0.0
squid 29654 nobody DEL REG 252,0 1044566 /lib/x86_64-linux-gnu/libssl.so.1.0.0
postgres 29795 postgres DEL REG 252,0 1044566 /lib/x86_64-linux-gnu/libssl.so.1.0.0

[/code]
On the 64-bit Netsight appliance only whoopsie (whatever that is - some sort of crash handler?) uses libssl. Also on the NAC appliances I couldn't upgrade the actual
code:
openssl
package due to a file conflict on
code:
/etc/ssl/openssl.cnf
with the
code:
tag
package.
Userlevel 2
We will be posting an official response to the Heartbleed OpenSSL vulnerability shortly. Please stay tuned!
Userlevel 4
http://esupport.extremenetworks.com/

you can find the office response on above website.
Userlevel 4
See also, in the FAQ section of this forum:
16131, "Extreme Networks Response to US-CERT Vulnerability Advisory VU#720951" (http://bit.ly/1n6cUcI).

Reply