cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 8

Does the OpenSSL flaw affect UTM?

Just heard some news about a flaw in OpenSSL.  Will this affect IPSec or VPN tunnels?

I know i need to do further research, just checked here first.

Thanks,

Jeff

7 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 8

Re: Does the OpenSSL flaw affect UTM?

Working purely on the information that the version of OpenSSL affected by this problem (1.0.1 - 1.0.1f inclusive - so 1.0.1g is OK) dates back to a time after McAfee stopped selling the UTM product there a chance the system will not be vulnerable. Though as it officially went end-of-life in July 2013 I have not idea whether they will be able to release a fix for it.

Some searching around has revealed that the following Linux commands should help to establish whether OpenSSL is present and which version it is:-

dpkg -l | grep -i openssl

rpm -qa | grep -i openssl

But on the SG565 I still have access to, neither command seems to work.

-Phil.

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 8

Re: Does the OpenSSL flaw affect UTM?

You should be able to SSH or Telnet into your firewall and then type in

openssl version

and that should tell you what version you have.

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 8

Re: Does the OpenSSL flaw affect UTM?

The SG585 running 4.0.6 is reporting OpenSSL version 0.9.8i

So, at that release, it isn't vulnerable.

-Phil.

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 8

Re: Does the OpenSSL flaw affect UTM?

SG560 running 4.0.8 is version 0.9.8n

Thanks for the thread. It was nice to be able to check this.

John

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 8

Re: Does the OpenSSL flaw affect UTM?

I checked the following units:

McAfee/SG560U Version 4.0.10 -- Mon, 21 Mar 2011 19:01:17 +1000

Linux version 2.6.26-uc0 (build@sgbuild) (gcc version 4.2.1) #1 Mon Mar 21 19:30:52 EST 2011

McAfee/SG720 Version 4.0.10 -- Mon, 21 Mar 2011 19:01:17 +1000

Linux version 2.6.26-uc0 (build@sgbuild) (gcc version 4.2.1) #1 Mon Mar 21 20:22:28 EST 2011

>>>All of the above are reporting OpenSSL 0.9.8n 24 MAR 2010

SecureComputing/SG570 Version 3.2.2 -- Mon, 30 Mar 2009 18:06:37 +1000
Linux version 2.4.31-uc0 (build@sgbuild) (gcc version 3.0.4) #1 Mon Mar 30 19:33:44 EST 2009

>>>Above is reporting OpenSSL 0.9.70 28 Sep 2006

Thanks for the information on how to check the OpenSSL version. 

Former Member
Not applicable
Report Inappropriate Content
Message 7 of 8

Re: Does the OpenSSL flaw affect UTM?

McAfee/SG560 Version 4.0.10 -- Mon, 21 Mar 2011 19:01:17 +1000
Linux version 2.6.26-uc0 (build@sgbuild) (gcc version 4.2.1) #1 Mon Mar 21 19:23:40 EST 2011

Above is reporting 0.9.8n 24 Mar 2010

Former Member
Not applicable
Report Inappropriate Content
Message 8 of 8

Re: Does the OpenSSL flaw affect UTM?

McAfee/SG565 Version 4.0.10 -- Mon, 21 Mar 2011 19:01:17 +1000
Linux version 2.6.26-uc0 (build@sgbuild) (gcc version 4.2.1) #1 Mon Mar 21 19:50:28 EST 2011

Above reports 0.9.8n 24 Mar 2010

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community