cancel
Showing results for 
Search instead for 
Did you mean: 
cyberz
Level 7
Report Inappropriate Content
Message 1 of 22

openssl bug? CVE-2014-0160

21 Replies
Highlighted
cyberz
Level 7
Report Inappropriate Content
Message 2 of 22

Re: openssl bug? CVE-2014-0160

our customer asks for a workaround?

Re: openssl bug? CVE-2014-0160

I second that.  Is there a workaround?

bianca5
Level 7
Report Inappropriate Content
Message 4 of 22

Re: openssl bug? CVE-2014-0160

McAfee just sent out the following SNS a few minutes ago:

McAfee is aware of the Heartbleed Vulnerability (CVE-2014-0160).This is a vulnerability in OpenSSL that could allow an attacker to gain accessto system memory (in 64K chunks) which potentially could contain sensitiveinformation or communications.

McAfee is investigatingaffected products and will be provide additional information via SNS today.

To subscribe to their SNS service: https://sns.snssecure.mcafee.com

Re: openssl bug? CVE-2014-0160

I have not heard of any workarounds yet, but confirmed that MEG 7.5.1 and 7.5.2 (fips mode doesnt matter) are vulnerable. fyi for those on the new platforms.

PhilM
Level 14
Report Inappropriate Content
Message 6 of 22

Re: openssl bug? CVE-2014-0160

According to Service Bulletin SB10071 in the McAfee Knowledge Center, the only product they have identified to be vulnerable is SIEM.

*******UPDATE********

One of our customers actually raised a ticket against Firewall Enterprise and has been told Firewall Enterprise is affected, but only 8.3.2.

As this information was passed to me by another party and the customer in question is not running 8.3.2, I don't know if a patch or hotfix has been made available.

Message was edited by: PhilM on 10/04/14 15:22:29 IST

Message was edited by: PhilM on 10/04/14 15:22:43 IST

Re: openssl bug? CVE-2014-0160

Kind of in the air here. It is as if sidewinder is not even a mcafee product anymore.

Travler
Level 10
Report Inappropriate Content
Message 8 of 22

Re: openssl bug? CVE-2014-0160

squidikus wrote:

...It is as if sidewinder is not even a mcafee product anymore.


I've noticed that, too.  The MTIS emails now only list the "Next Generation Firewall".

Re: openssl bug? CVE-2014-0160

EPatch E14 posted.

Anyone have any issues with patch this far?

Re: openssl bug? CVE-2014-0160

Installed the patch on 2 fws and no issue. All seems good and the ratings from the ssl inspection sites are showing good ratings.

Hope all is well for everyone else.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community