Hi Symantec
Can you advise if Symantec SEPM 12.1RU6 using which version of OpenSSL and has the POODLE issues been resolved?
Today Symantec has release SEPM 12.5 RU6 and I have the questions below. Can you confirm what version of OpenSSL being used in 12.1RU6 and has the poodle issues being address in SEPM 12.1RU6? Please kindly answer the questions from the link below? http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed SEPM 12.1 RU5 uses OpenSSL 1.0.1h, and according to the link below, OpenSSL versions prior to OpenSSL 1.0.1j are vulnerable to Poodle. With that being said, Symantec, Are you working to update your SEPM software to include OpenSSL version 1.0.1j or later? If so, what is the projected timeframe on an update? If not, is there a way we can modify/update the software to mitigate this vulnerability? https://www.openssl.org/news/vulnerabilities.htmlhttps://www.us-cert.gov/ncas/alerts/TA14-290A http://www.symantec.com/connect/forums/poodle-vulnerability Are there plans to resolve the POODLE vulnerability on Symantec Servers used by SEP clients? I have verified that my SEP 12.1.5 RU5 clients are communicating with Symantec Servers over SSLv3. I'm seeing this flagged in Snort. Example IPs: 143.127.102.41 - ENT-SHASTA-MR-CLEAN.SYMANTEC.COM 216.10.195.167 - stnd-avpip.crsi.symantec.com 216.10.195.237 - central.b6.crsi.symantec.com 216.10.195.168 - stnd-avpip.crsi.symantec.com
Today Symantec has release SEPM 12.1 RU6 and I have the questions below. Can you confirm what version of OpenSSL being used in 12.1RU6 and has the poodle issues being address in SEPM 12.1RU6? Please kindly answer the questions from the link below? http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed SEPM 12.1 RU5 uses OpenSSL 1.0.1h, and according to the link below, OpenSSL versions prior to OpenSSL 1.0.1j are vulnerable to Poodle. With that being said, Symantec, Are you working to update your SEPM software to include OpenSSL version 1.0.1j or later? If so, what is the projected timeframe on an update? If not, is there a way we can modify/update the software to mitigate this vulnerability? https://www.openssl.org/news/vulnerabilities.htmlhttps://www.us-cert.gov/ncas/alerts/TA14-290A http://www.symantec.com/connect/forums/poodle-vulnerability Are there plans to resolve the POODLE vulnerability on Symantec Servers used by SEP clients? I have verified that my SEP 12.1.5 RU5 clients are communicating with Symantec Servers over SSLv3. I'm seeing this flagged in Snort. Example IPs: 143.127.102.41 - ENT-SHASTA-MR-CLEAN.SYMANTEC.COM 216.10.195.167 - stnd-avpip.crsi.symantec.com 216.10.195.237 - central.b6.crsi.symantec.com 216.10.195.168 - stnd-avpip.crsi.symantec.com
Nothing to show that it was closed in 12.1.6:
http://www.symantec.com/docs/TECH225689
New fixes in Symantec Endpoint Protection 12.1.6
I logged a call with Symantec and as usual their engineer unable to answer my simple questions immediately. This is security concern and I was hoping in 12.1RU6 would have the issues resolve. Now I have request escalate to Duty Manager. I will keep everyone post if I have or have not heard back from Symantec support.
Windows Explorer File Properties for ssleay32.dll in the various BIN folders show OpenSSL version 1.0.1m for SEPM 12.1.6 so it seems to be fixed
Good to know, thanks.
Symantec TAC has replied to be as below. We do have internal update stating "This is currently slated to be fixed in Symantec Endpoint Protection 12.1 Release Update 6".
They are unable to confirm when will this information public available.
12.1 RU6 came out last Wednesday....
Kindly look inside this public article from Symantec:
About Symantec Endpoint Protection and the Poodle SSL 3.0 vulnerability (CVE-2014-3566)
https://support.symantec.com/en_US/article.TECH225689.html
I was updated last May 22.