CTX207555
2016-03-20
1970-01-01
Vulnerability check for openssl.

Question and Answers

Vulnerability check for openssl. Confirm if the stated vulnerabilities affect NetScaler or not.?

CVE-2015-6358
CVE-2015-7255
CVE-2015-7256
CVE-2015-7276
CVE-2015-8251

Answer :

The secure team was investigating about the Vulnerability check for open ssl.
Summarizing the response we can abstract that NetScaler is unaffected.

??
  • NetScaler does not come with a hard coded X509 cert and key. It is generated on the fly upon start, but the secure deployment guide specifies that this is to be replaced with a CA issued certificate soon.??
  • SSH keys are generated on first boot using some entropy in the system. If removed, a new one is created upon next reboot.??
  • LOM had a hard coded key in place in the older versions (2.52), but that practice has been abolished for a long time now. None of the currently supported LOM firmware versions have hard coded keys/certs.??
  • Nowhere in the product on any of the interfaces do we use hard coded keys/certs.
  • On all interfaces, we generate a cert and key pair upon first boot. Additionally, deleting these will also generate a new one.
  • For Command Center, SVM and Insight Center the certificate and the keys are created during install time. No hardcoded keys.
  • Verified the use any of the 3rd party embedded components listed ?? in the kb article (https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=566724&SearchOrder=4)?? to verify if we are affected. Based on update from the security team NetScaler don’t use any of them and not affected.


??

Applicable Products


 

Join the conversation

Citrix Discussions

Open a case

Citrix Support

特别说明


本文来源为Citrix.com所有,翻译后版权归翻译者所有.如需转载请注明出处.

文档版本


.

广告招租


最新留言


.

广告招租


.