exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Technologies OpenSSL Heartbleed Issue

CA Technologies OpenSSL Heartbleed Issue
Posted May 19, 2014
Authored by Ken Williams | Site www3.ca.com

CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CA Technologies has confirmed that the majority of their product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | cd70166d5a87d345097aa5d535e0e71a59c770f9dfeb06ac3274b16b979bdcfd

CA Technologies OpenSSL Heartbleed Issue

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability


Issued: April 13, 2014
Updated: May 12, 2014


CA Technologies is investigating an OpenSSL vulnerability, referred to
as the "Heartbleed bug" that was publicly disclosed on April 7, 2014.
CVE identifier CVE-2014-0160 has been assigned to this vulnerability.
CA Technologies has confirmed that the majority of our product
portfolio is unaffected. There are, however, several products that
used vulnerable versions of OpenSSL 1.0.1 and consequently may be
affected. CA Technologies will update this security notice as
additional information becomes available.


Risk Rating

High


These products may be affected

CA ARCserve D2D for Windows 16.5
CA ARCserve D2D for Linux 16.5, 16.5SP1
CA ARCserve High Availability 16.5, 16.5SP1, 16.5SP2 (SP2 build less
than 3800)
CA ARCserve Replication 16.5, 16.5SP1, 16.5SP2 (SP2 build less than
3800)
CA ARCserve Unified Data Protection (Release Candidate)
CA ecoMeter 3.1.1, 3.1.2, 4.0.00, 4.0.01, 4.0.02, 4.1.00, 4.1.01,
4.2.00
CA eHealth 6.3.0.05 thru 6.3.2.04 (all platforms affected)
CA Layer 7 API Gateway 8.1 (installed but not used by default)
CA Layer 7 API Portal 2.6
CA Layer 7 Mobile Access Gateway 8.1 (installed but not used by
default)
CA Mobile Device Management 2014 Q1
CA XCOM Data Transport - Only the Windows 64-bit XCOM application is
affected.

Note: At this time, no other CA Technologies products have been
identified as potentially vulnerable.


Solution

CA ARCserve D2D for Windows 16.5:
Apply fix RO69431.

CA ARCserve D2D for Linux 16.5 and 16.5SP1:
Apply fix RO69417. Note that r16.5 SP1 is a prerequisite for this fix.

CA ARCserve High Availability 16.5, 16.5SP1, 16.5SP2 (SP2 build less
than 3800):
Apply Service Pack 2 (build 3800), which includes the fix for the
OpenSSL Heartbleed vulnerability: RI69547.

CA ARCserve Replication 16.5, 16.5SP1, 16.5SP2 (SP2 build less than
3800):
Apply Service Pack 2 (build 3800), which includes the fix for the
OpenSSL Heartbleed vulnerability: RI69547.

CA ARCserve Unified Data Protection (Release Candidate):
CA expects to provide a solution with the GA release on May 14, 2014

CA ecoMeter 3.1.1, 3.1.2:
These versions of CA ecoMeter use eHealth as the data collection
platform.
Apply the appropriate fix listed below. Important note: Do not apply
this patch to CA eHealth releases prior to 6.3.0.05 and/or systems
utilizing CAC. Customers who use eHealth with CAC should wait for
further notification as the testing for that configuration has not
been completed.
Windows: RO69554
Linux: RO69556
Solaris: RO69555

CA ecoMeter 4.0.00, 4.0.01, 4.0.02, 4.1.00, 4.1.01, 4.2.00:
These versions of CA ecoMeter use eHealth as the data collection
platform.
Apply the appropriate fix listed below. Important note: The current
CA eHealth / CA SiteMinder integration is not compatible with release
6.3.1.02 thru 6.3.2.04. Do not apply this patch to CA eHealth released
prior to 6.3.1.02 and/or system utilizing CAC. Customers who use
eHealth with CAC should wait for further notification as the testing
for that configuration has not been completed.
Windows: RO69442
Linux: RO69443
Solaris: RO69444

CA eHealth 6.3.0.05 - 6.3.1.01 (all platforms):
Apply the appropriate fix listed below. Important note: Do not apply
this patch to CA eHealth releases prior to 6.3.0.05 and/or systems
utilizing CAC. Customers who use eHealth with CAC should wait for
further notification as the testing for that configuration has not
been completed.
Windows: RO69554
Linux: RO69556
Solaris: RO69555

CA eHealth 6.3.1.02 - 6.3.2.04 (all platforms):
Apply the appropriate fix listed below. Important note: The current
CA eHealth / CA SiteMinder integration is not compatible with release
6.3.1.02 thru 6.3.2.04. Do not apply this patch to CA eHealth released
prior to 6.3.1.02 and/or system utilizing CAC. Customers who use
eHealth with CAC should wait for further notification as the testing
for that configuration has not been completed.
Windows: RO69442
Linux: RO69443
Solaris: RO69444

CA Layer 7 API Gateway 8.1:
Solution was delivered on April 10, 2014
Refer to the Layer 7 Technologies Support site for solution.

CA Layer 7 API Portal 2.6:
Solution was delivered on April 10, 2014
Refer to the Layer 7 Technologies Support site for solution.

CA Layer 7 Mobile Access Gateway 8.1:
Solution was delivered on April 10, 2014
Refer to the Layer 7 Technologies Support site for solution.

CA Mobile Device Management 2014 Q1:
Apply Hotfix 1: CA MDM 2014Q1 Hotfix 1

CA XCOM Data Transport (only Windows 64-bit platform is affected):
Solution RO69230 was published on April 11, 2014


Workaround

None


References

CVE-2014-0160 - OpenSSL Heartbleed vulnerability


Change History

v1.0: 2014-04-13, Initial Release
v1.1: 2014-04-14, Updated Layer 7 affected products and solution.
v1.2: 2014-04-14, Updated XCOM Data Transport affected product info.
v1.3: 2014-04-19, Modified affected versions for ARCserve D2D for
Windows, ARCserve High Availability, ARCserve Replication,
eHealth. Added ecoMeter to affected products. Modified solutions
for ARCserve D2D for Windows, ARCserve D2D for Linux, ARCserve
High Availability, ARCserve Replication, eHealth. Added ecoMeter
3.x and 4.x solution information. Added fixes for eHealth
6.3.1.02 – 6.3.2.04, and ecoMeter 4.x.
v1.4: 2014-04-24, Modified ARCserve RHA affected versions. Added
solutions for ARCserve D2D (Windows and Linux), ARCserve RHA,
ecoMeter, eHealth.
v1.5: 2014-05-12, Added fix for MDM. Fixes are now available for all
potentially affected CA products.


If additional information is required, please contact CA Technologies
Support at https://support.ca.com/ .

If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln@ca.com .
PGP key:
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782

Security Notices
https://support.ca.com/irj/portal/anonymous/phpsbpldgpg


Regards,
Ken Williams
Director, Product Vulnerability Response Team
CA Technologies | One CA Plaza | Islandia, NY 11749 | www.ca.com
Ken.Williams@ca.com | vuln@ca.com


Copyright © 2014 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y.
11749. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wj8DBQFTdhtEeSWR3+KUGYURAqHSAJ9DSbzijtuMxwyes6kJ21iJwHkXVQCZARiM
GEWBqKGKzMXNkvtf/sUGm1Q=
=C6WK
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close