> 815987 - A public report should be prepared to indicate that this is not applicable to existing releases as no version of ONTAP ships with OpenSSL 1.0.1x.

 

Any word on when this report should be released? Is 815987 a NetApp Bug ID that I can reference (it did not return any results).

 

 

---

Kevin Elliott

Microcomputer/Network Specialist

Alaska Department of Revenue, ASD-IT

(907) 465-2314

 

 

 

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Fletcher Cocquyt
Sent: Wednesday, April 09, 2014 12:19 AM
To: Ryan Kather
Cc: toasters@teaparty.net
Subject: Re: heartbleed -- Netapp SSL

 

Its been a busy day "2/3 of the internet vulnerable"

 

I've collected external web and internal cmd line tool links to check if your SSL is vulnerable.

 

http://www.vmadmin.info/2014/04/esxi-55-vulnerable-to-openssl.html



ontap 8.1.2 does not appear to be vulnerable 


 

On Apr 8, 2014, at 4:54 PM, Ryan Kather <rkather@missionpenguin.com> wrote:



You don't need to take the vendors word for it.  You can test yourself with;

https://github.com/FiloSottile/Heartbleed

 

On Tue, Apr 8, 2014 at 5:17 PM, Michael Garrison <mcgarr@umich.edu> wrote:

We asked support and some of our very helpful NetApp folks earlier
today and received the following bug IDs:

815987 - A public report should be prepared to indicate that this is
not applicable to existing releases as no version of ONTAP ships with
OpenSSL 1.0.1x.

795741 CVE-BUNDLE-OPENSSL: Upgrade OCUM 6.x OpenSSL to 1.0.1g

795814 CVE-BUNDLE-OPENSSL: Upgrade OPM (post-1.0) OpenSSL to 1.0.1g

795466 is for OCUM 5.2XX

So ONTAP isn't vulnerable, but other things like OCUM are.

Hope that helps,
Mike Garrison



On Tue, Apr 8, 2014 at 5:08 PM, Douglas Siggins <siggins@gmail.com> wrote:
> Greetings,
> Looking for a quick way to determine what versions of SSL are in use
> in DOT (7-mode). I could not find anything specific.
>
> http://heartbleed.com/
>
>
> I assume the version of SSL is probably not 1.0.1 - 1.0.1f on the
> Netapps. Anyone have any ideas where to look?
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters

 

_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters