Is Symantec System Recovery affected by the OpenSSL vulnerability (CVE-2014-0224)?

Article:TECH218175  |  Created: 2014-06-09  |  Updated: 2015-01-13  |  Article URL http://www.symantec.com/docs/TECH218175
Article Type
Technical Solution


Issue



A security vulnerability has been detected in specific versions of OpenSSL. For more information regarding this vulnerability, please refer to the following link:

http://www.openssl.org/news/secadv_20140605.txt

 


Solution



Symanetc System Recovery (SSR) uses VMWare Virtual Disk Development Kit for Physical to Virtual conversion (P2V) which makes use of OpenSSL. All functions except P2V such as Backup/Restore are not impacted by the OpenSSL vulnerability as it does not rely on OpenSSL encryption. Also P2V function is not impacted by the OpenSSL vulnerability after ESXi server is patched with ESXi510-201406401-SG for ESXi 5.1 or ESXi500-201407401-SG for ESXi 5.0.

Similarly the BESR Management Solution (BESR-MS) or SSR Management Solution (SSR-MS) is not impacted by the OpenSSL vulnerability after ESXi server is patched with ESXi510-201406401-SG for ESXi 5.1 or ESXi500-201407401-SG for ESXi 5.0.

Backup Exec System Recovery (BESR) 2010 or earlier uses the version of SSL that is included with VMware VDDK 1.1.1 (https://www.vmware.com/support/developer/vddk/VDDK-1.1.1-Relnotes.html) and is not impacted.


 

  CVE-2014-0224
SSR 2011/2013/2013 R2 ESXi 5.1: ESXi510-201406401-SG
ESXi 5.0: ESXi500-201407401-SG
 
BESR 2010 or earlier No impact
Management Solution ESXi 5.1: ESXi510-201406401-SG
ESXi 5.0: ESXi500-201407401-SG






 





Article URL http://www.symantec.com/docs/TECH218175


Terms of use for this information are found in Legal Notices