Impact of the OpenSSL Security Advisory [3rd May 2016] on Backup Exec
Article ID: 100032478
Updated On:
Resolution
Backup Exec is not affected by these vulnerabilities except CVE-2016-2107.
For CVE-2016-2107, Backup Exec 15 Feature Pack 1 or later can be impacted by this vulnerability.
The vulnerability has a low (version 2.0)/medium (version 3.0) CVSS score with high Access/Attack Complexity.
For ASN.1 BIO excessive memory allocation (CVE-2016-2109). Backup Exec does not use these functions internally. Backup Exec is not affected by this vulnerability.
Veritas Technologies LLC has acknowledged that the above-mentioned issue is present in the current version(s) listed under the Product(s) Section of this article. Veritas Technologies LLC is committed to product quality and satisfied customers.
This issue is currently under investigation by Veritas Technologies LLC. Pending the outcome of the investigation, this issue may be resolved by way of a patch or hotfix in current or future revisions of the software. However, this particular issue is not currently scheduled for any release. If you feel this issue has a direct business impact for you and your continued use of the product, please contact your Veritas Sales representative or the Veritas Sales group to discuss these concerns. For information on how to contact Veritas Sales, please see http://www.veritas.com.
Please be sure to refer back to this document periodically as any changes to the status of the issue will be reflected here.
For CVE-2016-2107, Backup Exec 15 Feature Pack 1 or later can be impacted by this vulnerability.
The vulnerability has a low (version 2.0)/medium (version 3.0) CVSS score with high Access/Attack Complexity.
For ASN.1 BIO excessive memory allocation (CVE-2016-2109). Backup Exec does not use these functions internally. Backup Exec is not affected by this vulnerability.
Veritas Technologies LLC has acknowledged that the above-mentioned issue is present in the current version(s) listed under the Product(s) Section of this article. Veritas Technologies LLC is committed to product quality and satisfied customers.
This issue is currently under investigation by Veritas Technologies LLC. Pending the outcome of the investigation, this issue may be resolved by way of a patch or hotfix in current or future revisions of the software. However, this particular issue is not currently scheduled for any release. If you feel this issue has a direct business impact for you and your continued use of the product, please contact your Veritas Sales representative or the Veritas Sales group to discuss these concerns. For information on how to contact Veritas Sales, please see http://www.veritas.com.
Please be sure to refer back to this document periodically as any changes to the status of the issue will be reflected here.
Issue/Introduction
OpenSSL project has issued a security advisory on 3rd May 2016. Following is the list of the vulnerabilities.
More information on the OpenSSL Security Advisory [3rd May 2016] can be found at the following link:
https://www.openssl.org/news/secadv/20160503.txt
- Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- EVP_EncodeUpdate overflow (CVE-2016-2105)
- EVP_EncryptUpdate overflow (CVE-2016-2106)
- ASN.1 BIO excessive memory allocation (CVE-2016-2109)
- EBCDIC overread (CVE-2016-2176)
More information on the OpenSSL Security Advisory [3rd May 2016] can be found at the following link:
https://www.openssl.org/news/secadv/20160503.txt
Was this article helpful?
Yes
No
Powered by
