Is the Symantec CCS, ESM, or SRAS product affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

Article:TECH216618  |  Created: 2014-04-11  |  Updated: 2014-04-12  |  Article URL http://www.symantec.com/docs/TECH216618
Article Type
Technical Solution

Issue



You wish to know if the Symantec Control Compliance Suite (CCS), Symantec Enterprise Security Manager (ESM), or Symantec Risk Automation Suite (SRAS) product is affected by the "heartbleed" OpenSSL bug (CVE-2014-0160) that allows highly sensitive material such as primary key information to be accessed illicitly via a defect in the implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520).


Solution



The following table identifies the products which are affected by the Heartbleed vulnerability:

Product Name

OpenSSL Version used

Affected by Heartbleed

Risk Automation Suite 4.0.8

OpenSSL 1.0.1

Agents affected

Risk Automation Suite 4.0.7

OpenSSL 1.0.0

Not affected

Control Compliance Suite components

OpenSSL 0.9.8

OpenSSL 1.0.0

Not affected

Control Compliance Suite content

OpenSSL 0.9.8

Not affected

Enterprise Security Manager

OpenSSL 0.9.8

OpenSSL 1.0.0

Not affected

For Risk Automation Suite 4.0.8, RHEL and SecureRecon agents (Suse, Fedora, and CentOS) are vulnerable.

In order for someone to exploit the OpenSSL vulnerability in the agent, they must cause the agent to connect to a malicious server. As the agent does not listen on a specific port the possibilities of compromising it are very low.

The CERT description (http://www.kb.cert.org/vuls/id/720951) identities 4 categories of sensitive information that could be leaked. Using these categories, the data which might be leaked from a SRAS agent if someone were to exploit the vulnerability is as follows:

  • Primary key material (secret keys): The agent uses a authentication token.
  • Secondary key material (user names and passwords used by vulnerable services): The agent does not handle secondary key material.
  • Protected content (sensitive data used by vulnerable services): The content that might be leaked from the agent is the data that is transmitted between the agent and the web portal server over the encrypted connection. This includes configuration scan data from that machine.
  • Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations): The memory addresses and content of the agent communicating over the network might be leaked. 



Article URL http://www.symantec.com/docs/TECH216618


Terms of use for this information are found in Legal Notices