Is Symantec System Recovery affected by the OpenSSL vulnerability (CVE-2014-0224)?

Article:TECH218175  |  Created: 2014-06-09  |  Updated: 2014-07-15  |  Article URL http://www.symantec.com/docs/TECH218175
Article Type
Technical Solution


Issue



A security vulnerability has been detected in specific versions of OpenSSL. For more information regarding this vulnerability, please refer to the following link:

http://www.openssl.org/news/secadv_20140605.txt

 


Solution



Backup Exec System Recovery (BESR) or Symanetc System Recovery (SSR) uses VMWare Virtual Disk Development Kit for Physical to Virtual conversion (P2V) which makes use of OpenSSL. All functions except P2V such as Backup/Restore are not impacted by the OpenSSL vulnerability as it does not rely on OpenSSL encryption. Also P2V function is not impacted by the OpenSSL vulnerability after ESXi server is patched with ESXi510-201406401-SG for ESXi 5.1 or ESXi500-201407401-SG for ESXi 5.0.

Similarly the BESR Management Solution (BESR-MS) or SSR Management Solution (SSR-MS) is not impacted by the OpenSSL vulnerability after ESXi server is patched with ESXi510-201406401-SG for ESXi 5.1 or ESXi500-201407401-SG for ESXi 5.0.




 





Article URL http://www.symantec.com/docs/TECH218175


Terms of use for this information are found in Legal Notices