https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32886#M24120 <HTML><HEAD></HEAD><BODY><P>no probs</P><P></P><P>Should mention, if you have medium severity threats set to alert in the profile, make sure that the rule for heartbleed is above this! you can shuffle the ordering around in the vuln' protection profile.</P></BODY></HTML> Thu, 10 Apr 2014 13:35:00 GMT Dpeters1 2014-04-10T13:35:00Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32824#M24058 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Just wondering if any Palo Alto versions are affected by this bug in OpenSSL?</P><P></P><P><A href="http://heartbleed.com/">http://heartbleed.com/</A></P><P></P><P>Regards</P></BODY></HTML> Tue, 08 Apr 2014 05:35:20 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32824#M24058 AdamBatey 2014-04-08T05:35:20Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32825#M24059 <HTML><HEAD></HEAD><BODY><P>I would like to know this, too. We need a word on this, anything really. A security company like Palo Alto should be on top of issues like this.</P></BODY></HTML> Tue, 08 Apr 2014 07:39:32 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32825#M24059 MijndertS 2014-04-08T07:39:32Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32826#M24060 <HTML><HEAD></HEAD><BODY><P>likewise - are the PAN devices using OpenSSL under the hood for cert creation?</P><P>If so, which vers?</P><P></P><P>I know many of our F5s are "safe" as they run 0.9.8x</P><P></P><P>Any plans on releasing an update to patch CVE-2014-0160 exploits?</P></BODY></HTML> Tue, 08 Apr 2014 12:16:17 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32826#M24060 cramman 2014-04-08T12:16:17Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32827#M24061 <HTML><HEAD></HEAD><BODY><P>I have tested GP SSL VPN for the heartbleed bug. It seems PANOS 6.0.1 is not vulnerable.</P></BODY></HTML> Tue, 08 Apr 2014 13:55:00 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32827#M24061 gafrol 2014-04-08T13:55:00Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32828#M24062 <HTML><HEAD></HEAD><BODY><P>I just tested the same against 5.0.10 --&gt; Not vulnerable !</P></BODY></HTML> Tue, 08 Apr 2014 14:01:09 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32828#M24062 gafrol 2014-04-08T14:01:09Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32829#M24063 <HTML><HEAD></HEAD><BODY><P>Palo Alto Networks does not use the Open SSL version that has this vulnerability. Please open a support case if you would like to get more info in the coverage for CVE-2014-0160.</P><P></P><P>Deepak</P></BODY></HTML> Tue, 08 Apr 2014 14:18:37 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32829#M24063 dpalani 2014-04-08T14:18:37Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32830#M24064 <HTML><HEAD></HEAD><BODY><P>We really need some kind of a badge or little PA icon indicator next to people that actually work for PA, that are speaking on behalf of the company. I have no idea if <A href="https://live.paloaltonetworks.com/u1/10365">dpalani</A> works for PA or not, and whether this is the "official word" or not</P></BODY></HTML> Tue, 08 Apr 2014 14:38:09 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32830#M24064 ericgearhart 2014-04-08T14:38:09Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32831#M24065 <HTML><HEAD></HEAD><BODY><P>agreed, im calling to confirm 100%. this ones a doozy.</P></BODY></HTML> Tue, 08 Apr 2014 17:18:17 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32831#M24065 choff123 2014-04-08T17:18:17Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32832#M24066 <HTML><HEAD></HEAD><BODY><P>CVE-2014-0160 is reported on open ssl version 1.0.1 and the firewall uses version 0.9.8, you are more than welcome to open up a case with support and confirm that.</P><P></P><P>Regards.</P><P>Deepak</P></BODY></HTML> Tue, 08 Apr 2014 17:35:11 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32832#M24066 dpalani 2014-04-08T17:35:11Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32833#M24067 <HTML><HEAD></HEAD><BODY><P>Anyone spoken with support about a Vulnerability Protection signature update to catch this?</P><P></P><P>Or has anyone managed to create a custom signature?</P></BODY></HTML> Tue, 08 Apr 2014 19:01:46 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32833#M24067 Dpeters1 2014-04-08T19:01:46Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32834#M24068 <HTML><HEAD></HEAD><BODY><P>I would like to know this as well. I was thinking about trying to do this but I think this is big enough Palo Alto should do this if it is possible. This would be great to buy us some time on mitigating this.</P></BODY></HTML> Tue, 08 Apr 2014 19:50:48 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32834#M24068 pwebber 2014-04-08T19:50:48Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32835#M24069 <HTML><HEAD></HEAD><BODY><P>PAN-OS is not vulnerable to this bug, as we use an older branch of OpenSSL (0.9.8) which is not affected by this issue.</P><P></P><P>--Noah</P><P>Palo Alto Networks Support</P></BODY></HTML> Tue, 08 Apr 2014 20:22:33 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32835#M24069 NoahMH 2014-04-08T20:22:33Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32836#M24070 <HTML><HEAD></HEAD><BODY><P><STRONG>Is PAN-OS vulnerable?</STRONG></P><P></P><P>PAN-OS is not vulnerable, as we use an older branch of OpenSSL (0.9.8) which is not affected by this issue.</P><P></P><P><STRONG>Are Palo Alto Networks public services vulnerable?</STRONG></P><P></P><P>We are in the midst of evaluating our own exposure to CVE-2014-0160 within our public-facing infrastructure, including the update service, WildFire, PAN-DB, public web site, etc.&nbsp; We do not yet have the results of this analysis but we will provide an update once our investigation and remediation is complete.</P><P></P><P><STRONG>Does Palo Alto Networks provide IPS coverage for this vulnerability?</STRONG></P><P></P><P>Our threat research team is researching the vulnerability in an effort to provide coverage ASAP.&nbsp; We hope to have coverage released late today, but we cannot commit to a release timeframe until protections are developed and tested.</P><P></P><P><STRONG>What should customers do if they identify vulnerable servers (running OpenSSL 1.0.1 through 1.0.1f)?</STRONG></P><P></P><P>Vulnerable servers should be patched to OpenSSL 1.0.1g (available as of April 7th 2014).&nbsp; SSL private keys should be assumed to be compromised and should be replaced after the OpenSSL patch is in place.</P></BODY></HTML> Tue, 08 Apr 2014 20:23:29 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32836#M24070 NoahMH 2014-04-08T20:23:29Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32837#M24071 <HTML><HEAD></HEAD><BODY><P> I was wondering if we could create a vulnerability signature to alert, then setup a rule to block this type of traffic.</P></BODY></HTML> Tue, 08 Apr 2014 21:07:30 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32837#M24071 tstores 2014-04-08T21:07:30Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32838#M24072 <HTML><HEAD></HEAD><BODY><P>Any update on the timing of the IPS signature release for this?</P></BODY></HTML> Wed, 09 Apr 2014 05:08:51 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32838#M24072 chrisp 2014-04-09T05:08:51Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32839#M24073 <HTML><HEAD></HEAD><BODY><H1>Application and Threat Content Release Notes</H1><H2>Version 429</H2><P></P><P><STRONG>Notes</STRONG>: A critical vulnerability in OpenSSL (CVE-2014-0160: OpenSSL Private Key Disclosure Vulnerability) was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows arbitrary memory readout, which effectively exposes primary key material and compromises the integrity of the secure channel.</P><P>To address this vulnerability, Palo Alto Networks has released an emergency content update that provides detection of attempted exploitation of CVE-2014-0160 with IPS vulnerability signature ID 36416 ("OpenSSL TLS Heartbeat Information Disclosure Vulnerability") with critical severity and a default action of block. Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices. If you have any questions about coverage for this advisory, please contact Support. </P><H3>Modified Decoders (1)</H3><TABLE border="0" cellpadding="0" width="90%"><TBODY><TR><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="71"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Name</STRONG></P></TD></TR><TR><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">ssl</SPAN></P></TD></TR></TBODY></TABLE><H3>New Vulnerability Signatures (1)</H3><TABLE border="0" cellpadding="0" width="90%"><TBODY><TR><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="71"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Severity</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="71"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">ID</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Attack Name</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="105"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">CVE ID</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="80"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Vendor ID</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="18%"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Default Action</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="18%"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Minimum PAN-OS Version</STRONG></P></TD></TR><TR><TD style="background: #EF3942; padding: .75pt 3.75pt .75pt 3.75pt;"><P align="center" style="text-align: center;"><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">critical</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">36416</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">OpenSSL TLS Heartbeat Information Disclosure Vulnerability</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">CVE-2014-0160</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">reset-server</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><OL style="list-style-type: decimal;"><LI><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">3.1.0</SPAN></LI></OL></TD></TR></TBODY></TABLE></BODY></HTML> Wed, 09 Apr 2014 13:14:42 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32839#M24073 gafrol 2014-04-09T13:14:42Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32840#M24074 <HTML><HEAD></HEAD><BODY><P>How do you check for ssl version</P></BODY></HTML> Wed, 09 Apr 2014 13:36:18 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32840#M24074 infotech 2014-04-09T13:36:18Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32841#M24075 <HTML><HEAD></HEAD><BODY><P>Anyone else not able to get this update to show up in dynamic updates? Or am I missing something?</P></BODY></HTML> Wed, 09 Apr 2014 14:24:40 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32841#M24075 aglej 2014-04-09T14:24:40Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32842#M24076 <HTML><HEAD></HEAD><BODY><P>I have installed Application and Threat Content Release 429 but I cannot find the Signature....?</P><P></P><P><IMG __jive_id="12722" alt="Capture.JPG.jpg" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12722_Capture.JPG.jpg" /></P><P></P><P><IMG __jive_id="12719" alt="Capture.JPG.jpg" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12719_Capture.JPG.jpg" style="width: 620px; height: 305px;" /></P><P></P><P><IMG __jive_id="12720" alt="Capture.JPG.jpg" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12720_Capture.JPG.jpg" style="width: 620px; height: 307px;" /></P><P></P><P><IMG __jive_id="12721" alt="Capture.JPG.jpg" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12721_Capture.JPG.jpg" style="width: 620px; height: 190px;" /></P><P></P><P>Anyone else ?</P><P></P><P>I just checked on the Dynamic Updates Website on Support, it's not there.... Withdrawal ?</P></BODY></HTML> Wed, 09 Apr 2014 14:26:37 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32842#M24076 gafrol 2014-04-09T14:26:37Z https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32843#M24077 <HTML><HEAD></HEAD><BODY><P>Version 429 isn't showing up for me either.</P></BODY></HTML> Wed, 09 Apr 2014 14:34:05 GMT https://live.paloaltonetworks.com/t5/general-topics/openssl-heartbleed-bug-cve-2014-0160/m-p/32843#M24077 dbaumann 2014-04-09T14:34:05Z