Are my EMC products affected by the bleeding heart SSL bug?

It’s been all over the news this week:

Bleeding heart

Heartbleed OpenSSL bug

OpenSSL versions 1.0.1 through 1.0.1f  as well as 1.0.2-beta1 are indicated to be vulnerable to Heartbeat Vulnerability.

Due to a missing bounds check in OpenSSL during the TLS heartbeat extension, a maximum of 64 KiB of memory can be revealed to a connected client or server. This may potentially allow an unauthenticated, remote attacker to gain access to sensitive information such as private keys, login passwords, and encryption keys (the so-called Secret Keys). As a result of this disclosure of potentially sensitive information, these Secret Keys could be leveraged to decrypt other sensitive information or conduct so-called man-in-the-middle attacks.

References:

I won’t copy/paste the complete list in this post as the list will be updated over time, but in general I can disclose that (according to EMC) Brocade FOS, Centera, Clariion, Connectrix Manager, Control Center, Data Domain OS, ESRS, Isilon OneFS, , Networker, RecoverPoint, Replication Manager, ViPR, VNVe, VNX1, VNX2, VPLEX, XtremIO are not vulnerable.

You should read the article on bit.ly/1hwgFpW for specific other products as there are a few that might need attention.

Make sure you patch your products if you need to and please change your passwords every now and then (and in this case as soon as possible).

Would you like to comment on this post?