our customer asks for a workaround?
I second that. Is there a workaround?
McAfee just sent out the following SNS a few minutes ago:
McAfee is aware of the Heartbleed Vulnerability (CVE-2014-0160).This is a vulnerability in OpenSSL that could allow an attacker to gain accessto system memory (in 64K chunks) which potentially could contain sensitiveinformation or communications.
McAfee is investigatingaffected products and will be provide additional information via SNS today.
To subscribe to their SNS service: https://sns.snssecure.mcafee.com
I have not heard of any workarounds yet, but confirmed that MEG 7.5.1 and 7.5.2 (fips mode doesnt matter) are vulnerable. fyi for those on the new platforms.
According to Service Bulletin SB10071 in the McAfee Knowledge Center, the only product they have identified to be vulnerable is SIEM.
One of our customers actually raised a ticket against Firewall Enterprise and has been told Firewall Enterprise is affected, but only 8.3.2.
As this information was passed to me by another party and the customer in question is not running 8.3.2, I don't know if a patch or hotfix has been made available.
Message was edited by: PhilM on 10/04/14 15:22:29 IST
Kind of in the air here. It is as if sidewinder is not even a mcafee product anymore.
...It is as if sidewinder is not even a mcafee product anymore.
I've noticed that, too. The MTIS emails now only list the "Next Generation Firewall".
EPatch E14 posted.
Anyone have any issues with patch this far?
Installed the patch on 2 fws and no issue. All seems good and the ratings from the ssl inspection sites are showing good ratings.
Hope all is well for everyone else.