login about faq

Hi just to check, if ssh tectia is affected by the 2 vulnerability? and if there is any update or patch for them? product: tectia SSH ( OS: Linux ) Thanks.

asked Jan 30 '15 at 04:30

edmund's gravatar image

edmund
1333


Hi Edmund,

See below for information regarding both vulnerabilities and different Tectia products.


POODLE (CVE-2014-3566)

The "POODLE" (CVE-2014-3566) vulnerability in SSL version 3.0 (SSL3.0) was announced on 24 September 2014. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.

SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support SSL 3.0 and browsers will retry failed connections with older protocol versions, including SSL 3.0 to work around bugs in HTTPS servers. A network attacker can cause connection failures and because of this, they can trigger the use of SSL 3.0 and then exploit this issue.

Generic advisory is that SSL 3.0 should be disabled in all affected applications, in favor of the newer encryption mechanism TLS (Transport Layer Security).

Tectia Products Affected by the "POODLE" vulnerability

Tectia products that ARE NOT affected

  • Tectia SSH Client
  • Tectia SSH Server
  • Tectia ConnectSecure
  • Tectia MFT Events

Tectia products that ARE INDIRECTLY affected

Tectia products that ARE affected

  • All Tectia Manager versions ARE affected. Disabling SSL Version 3 will require maintenance update. Tectia Manager customers have been advised separately.

GHOST (CVE-2015-0235)

SSH Communication Security recommends all customers to patch affected systems from their respective OS vendors.

CryptoAuditor

CryptoAuditor is NOT affected by this vulnerability.

The following Tectia products ARE INDIRECTLY affected by the "Ghost" vulnerability:

Tectia SSH Server

Tectia SSH Server IS INDIRECTLY affected if the system in which Tectia SSH Server is installed has a vulnerable glibc. Tectia SSH Server loads the glibc library dynamically in all our supported versions. In other platforms, we link to the native libc.

Solution: Upgrade operating system glibc.

Workaround: To disable the call to gethostbyname\_r, the following configuration option should be disabled in the Tectia SSH Server configuration:

<settings resolve-client-hostname="no"/>

(The default is yes). This modification will affect all settings that require match with a FQDN of the client, for instance, a selector that is set to match to a FQDN will no longer match.

Tectia SSH Client/ConnectSecure/MFT Events

These products ARE INDIRECTLY affected if the system in which Tectia SSH Client/ConnectSecure/MFT Events is installed has a vulnerable glibc.

Solution: Upgrade operating system glibc.

Tectia Manager

Tectia Manager IS INDIRECTLY affected if the system in which Tectia Manager is installed has a vulnerable glibc.

Solution: Upgrade operating system glibc.

Tectia MobileID

Tectia MobileID IS INDIRECTLY affected if the system in which Tectia MobileID is installed has a vulnerable glibc.

Solution: Upgrade operating system glibc.

Universal SSH Key Manager

Universal SSH Key Manager IS INDIRECTLY affected if the system in which Universal SSH Key Manager is installed has a vulnerable glibc.

Solution: Upgrade operating system glibc.

More information about "Ghost":

link

answered Jan 30 '15 at 10:46

SSH%20KB's gravatar image

SSH KB ♦
509249246237

edited Apr 07 '15 at 09:16

Roman's gravatar image

Roman ♦♦
7735817

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×1

Asked: Jan 30 '15 at 04:30

Seen: 4,504 times

Last updated: Apr 07 '15 at 09:16

Related questions

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.