815987 - A public report should be prepared to indicate that this is not applicable to existing releases as no version of ONTAP ships with OpenSSL 1.0.1x.
Any word on when this report should be released? Is 815987 a NetApp Bug ID that I can reference (it did not return any results).
--- Kevin Elliott Microcomputer/Network Specialist Alaska Department of Revenue, ASD-IT (907) 465-2314
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Fletcher Cocquyt Sent: Wednesday, April 09, 2014 12:19 AM To: Ryan Kather Cc: toasters@teaparty.net Subject: Re: heartbleed -- Netapp SSL
Its been a busy day "2/3 of the internet vulnerable"
I've collected external web and internal cmd line tool links to check if your SSL is vulnerable.
http://www.vmadmin.info/2014/04/esxi-55-vulnerable-to-openssl.html
ontap 8.1.2 does not appear to be vulnerable
On Apr 8, 2014, at 4:54 PM, Ryan Kather <rkather@missionpenguin.commailto:rkather@missionpenguin.com> wrote:
You don't need to take the vendors word for it. You can test yourself with;
https://github.com/FiloSottile/Heartbleed
On Tue, Apr 8, 2014 at 5:17 PM, Michael Garrison <mcgarr@umich.edumailto:mcgarr@umich.edu> wrote: We asked support and some of our very helpful NetApp folks earlier today and received the following bug IDs:
815987 - A public report should be prepared to indicate that this is not applicable to existing releases as no version of ONTAP ships with OpenSSL 1.0.1x.
795741 CVE-BUNDLE-OPENSSL: Upgrade OCUM 6.x OpenSSL to 1.0.1g
795814 CVE-BUNDLE-OPENSSL: Upgrade OPM (post-1.0) OpenSSL to 1.0.1g
795466 is for OCUM 5.2XX
So ONTAP isn't vulnerable, but other things like OCUM are.
Hope that helps, Mike Garrison
On Tue, Apr 8, 2014 at 5:08 PM, Douglas Siggins <siggins@gmail.commailto:siggins@gmail.com> wrote:
Greetings, Looking for a quick way to determine what versions of SSL are in use in DOT (7-mode). I could not find anything specific.
I assume the version of SSL is probably not 1.0.1 - 1.0.1f on the Netapps. Anyone have any ideas where to look? _______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
_______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
_______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters