Impact of the OpenSSL Security Advisory [1st March 2016] on Backup Exec
Article ID: 100032069
Updated On:
Resolution
Backup Exec is not affected by these vulnerabilities.
Please make sure that SSLv2 is disabled at VMware vSphere side if Agent for VMware and/or Backup Exec Management Plug-in for VMware are used in your environment.
Please make sure that SSLv2 is disabled at VMware vSphere side if Agent for VMware and/or Backup Exec Management Plug-in for VMware are used in your environment.
Issue/Introduction
OpenSSL project has issued a security advisory on 1st March 2016. The following is the list of the vulnerabilities.
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Double-free in DSA code (CVE-2016-0705)
Memory leak in SRP database lookups (CVE-2016-0798)
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
Fix memory issues in BIO_*printf functions (CVE-2016-0799)
Side channel attack on modular exponentiation (CVE-2016-0702)
Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
Reference:
More information on the OpenSSL Security Advisory [1st March 2016] can be found at the following link:
https://www.openssl.org/news/secadv/20160301.txt
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Double-free in DSA code (CVE-2016-0705)
Memory leak in SRP database lookups (CVE-2016-0798)
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
Fix memory issues in BIO_*printf functions (CVE-2016-0799)
Side channel attack on modular exponentiation (CVE-2016-0702)
Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
Reference:
More information on the OpenSSL Security Advisory [1st March 2016] can be found at the following link:
https://www.openssl.org/news/secadv/20160301.txt
Was this article helpful?
Yes
No
Powered by
