Extreme Networks Response to US-CERT Vulnerability Advisory VU#720951
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-14-2014 05:22 PM
Article ID: 16131
Products
Black Diamond Series X8, 8900, and 8800 running EXOS version 15.4.1
Summit Series X770, X670, X480, X460, X440, X430, E4G-200, and E4G-400 running EXOS version 15.4.1
64-bit (Ubuntu) hardware-based and virtual NetSight appliances running version 4.4, 5.0, 5.1, or 6.0
64-bit (Ubuntu) hardware-based and virtual NAC & IA appliances running version 5.0, 5.1, or 6.0
64-bit (Ubuntu) hardware-based and virtual Purview appliances running version 6.0
Discussion
On April 7 2014, US-CERT issued advisory
(This issue is also tracked as
The advisory overview...
The advisory impact...
The advisory lists a number of affected vendors, including
If within the advisory the hyperlinked
EXOS 15.4.1-patch1-10 is available for download via eSupport's "
The NetSight patch is available for download from the NMS Product page, or here (1.5 MB).
A set of Dragon signatures was released on April 9, to assist in detecting attempted exploits.
Also see this Hub community discussion.
Products
Black Diamond Series X8, 8900, and 8800 running EXOS version 15.4.1
Summit Series X770, X670, X480, X460, X440, X430, E4G-200, and E4G-400 running EXOS version 15.4.1
64-bit (Ubuntu) hardware-based and virtual NetSight appliances running version 4.4, 5.0, 5.1, or 6.0
64-bit (Ubuntu) hardware-based and virtual NAC & IA appliances running version 5.0, 5.1, or 6.0
64-bit (Ubuntu) hardware-based and virtual Purview appliances running version 6.0
Discussion
On April 7 2014, US-CERT issued advisory
720951.
(This issue is also tracked as
CVE-2014-0160, and discussed in 16130.)
The advisory overview...
code:
OpenSSL 1.0.1 contains a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed."
The advisory impact...
code:
By attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.
The advisory lists a number of affected vendors, including
code:
and Extreme Networks
code:
.Enterasys Networks
If within the advisory the hyperlinked
Extreme Networksor
Enterasys NetworksInformation still reads "
code:
", then please refer to this statement (.pdf, 200 KB) submitted to US-CERT on April 11 2014.No statement is currently available from the vendor regarding this vulnerability.
EXOS 15.4.1-patch1-10 is available for download via eSupport's "
code:
" link.Download Software Updates
The NetSight patch is available for download from the NMS Product page, or here (1.5 MB).
A set of Dragon signatures was released on April 9, to assist in detecting attempted exploits.
Also see this Hub community discussion.
0 REPLIES 0
