Its been a busy day "2/3 of the internet vulnerable"
I've collected external web and internal cmd line tool links to check if your SSL is vulnerable.
http://www.vmadmin.info/2014/04/esxi-55-vulnerable-to-openssl.html
ontap 8.1.2 does not appear to be vulnerable
On Apr 8, 2014, at 4:54 PM, Ryan Kather rkather@missionpenguin.com wrote:
You don't need to take the vendors word for it. You can test yourself with;
https://github.com/FiloSottile/Heartbleed
On Tue, Apr 8, 2014 at 5:17 PM, Michael Garrison mcgarr@umich.edu wrote: We asked support and some of our very helpful NetApp folks earlier today and received the following bug IDs:
815987 - A public report should be prepared to indicate that this is not applicable to existing releases as no version of ONTAP ships with OpenSSL 1.0.1x.
795741 CVE-BUNDLE-OPENSSL: Upgrade OCUM 6.x OpenSSL to 1.0.1g
795814 CVE-BUNDLE-OPENSSL: Upgrade OPM (post-1.0) OpenSSL to 1.0.1g
795466 is for OCUM 5.2XX
So ONTAP isn't vulnerable, but other things like OCUM are.
Hope that helps, Mike Garrison
On Tue, Apr 8, 2014 at 5:08 PM, Douglas Siggins siggins@gmail.com wrote:
Greetings, Looking for a quick way to determine what versions of SSL are in use in DOT (7-mode). I could not find anything specific.
I assume the version of SSL is probably not 1.0.1 - 1.0.1f on the Netapps. Anyone have any ideas where to look? _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters