Summary

"TLS heartbeat read overrun" vulnerability (CVE-2014-0160) in OpenSSL 1.0.1-1.0.1f affects

BoKS Manager and Server Agent for Unix/Linux version 6.7

Issue Description

A vulnerability "TLS heartbeat read overrun" (CVE-2014-0160) has been
discovered in OpenSSL 1.0.1-1.0.1f and this affects BoKS Manager and
Server Agent for Unix/Linux version 6.7. Both SSL/TLS server and client
applications are affected. The vulnerability can be used to reveal up to
64k of memory to a connected client or server thus possibly exposing
secret information.
The following BoKS SSL/TLS client and server applications are affected.
The M/R/A column indicates whether the application is running on Master,
Replica and/or Agent respectively.
SSL server applications
ApplicationM/R/AComment
$BOKS_lib/httpsrv MOld BoKS GUI
$BOKS_lib/boks_bccasdMAdministration server
$BOKS_lib/boks_autoregisterdMAuto-registration service
$BOKS_lib/boks_pwmdMOptional extension package
$BOKS_lib/boks_csspdM/RBoKS Desktop authentication
$BOKS_lib/boks_sslproxyM/R/ABoKS Desktop telnet proxy
SSL client applications
ApplicationMRAComment
$BOKS_sbin/adgroupMAD Bridge administration
$BOKS_lib/ldapsearchMadsync, ldapusersync
$BOKS_lib/ldapmodifyMcurrently not used
$BOKS_lib/crldownload_ldapMCRL download
$BOKS_lib/curlMCRL download
$BOKS_lib/ems/modules/emsldapMEvent system LDAP connector
$BOKS_lib/auth/modules/hpsaauthM/RBoKS Desktop external auth
$BOKS_lib/auth/modules/ldapauthM/RBoKS Desktop external auth
$BOKS_sbin/adjoinM/R/AAD membership administration
$BOKS_lib/boks_safewordM/R/ABoKS safeword auth
$BOKS_lib/ldapauthM/R/ABoKS LDAP auth
$BOKS_lib/boks_autoregisterM/R/AAuto-registration

Resolution / Workaround

Install hotfix HFBM-0043, available from the Fox Technologies customer support
site, on all affected systems.

This hotfix includes replacement binaries built with OpenSSL version 1.0.1g
where the vulnerability has been fixed. Some of the binaries are dynamically
linked against OpenSSL and in these cases it is actually the OpenSSL shared
library that is replaced instead of the application binary.

Update

This hotfix (HFBM-0043) introduces a problem that causes FCC to report
"An error occured" when attempting to expand the Basic Data panel for an
AD-mapped host group. Apply HFBM-0046 to resolve the problem.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018