OpenSSL Heartbleed bug: CVE-2014-0160

Reply
Highlighted
L2 Linker

Re: OpenSSL Heartbleed bug: CVE-2014-0160

I would like to know this as well. I was thinking about trying to do this but I think this is big enough Palo Alto should do this if it is possible. This would be great to buy us some time on mitigating this.

L3 Networker

Re: OpenSSL Heartbleed bug: CVE-2014-0160

PAN-OS is not vulnerable to this bug, as we use an older branch of OpenSSL (0.9.8) which is not affected by this issue.

--Noah

Palo Alto Networks Support

L3 Networker

Re: OpenSSL Heartbleed bug: CVE-2014-0160

Is PAN-OS vulnerable?

PAN-OS is not vulnerable, as we use an older branch of OpenSSL (0.9.8) which is not affected by this issue.

Are Palo Alto Networks public services vulnerable?

We are in the midst of evaluating our own exposure to CVE-2014-0160 within our public-facing infrastructure, including the update service, WildFire, PAN-DB, public web site, etc.  We do not yet have the results of this analysis but we will provide an update once our investigation and remediation is complete.

Does Palo Alto Networks provide IPS coverage for this vulnerability?

Our threat research team is researching the vulnerability in an effort to provide coverage ASAP.  We hope to have coverage released late today, but we cannot commit to a release timeframe until protections are developed and tested.

What should customers do if they identify vulnerable servers (running OpenSSL 1.0.1 through 1.0.1f)?

Vulnerable servers should be patched to OpenSSL 1.0.1g (available as of April 7th 2014).  SSL private keys should be assumed to be compromised and should be replaced after the OpenSSL patch is in place.

Not applicable

Re: OpenSSL Heartbleed bug: CVE-2014-0160

I was wondering if we could create a vulnerability signature to alert, then setup a rule to block this type of traffic.

L3 Networker

Re: OpenSSL Heartbleed bug: CVE-2014-0160

Any update on the timing of the IPS signature release for this?

L4 Transporter

Re: OpenSSL Heartbleed bug: CVE-2014-0160

Application and Threat Content Release Notes

Version 429

Notes: A critical vulnerability in OpenSSL (CVE-2014-0160: OpenSSL Private Key Disclosure Vulnerability) was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows arbitrary memory readout, which effectively exposes primary key material and compromises the integrity of the secure channel.

To address this vulnerability, Palo Alto Networks has released an emergency content update that provides detection of attempted exploitation of CVE-2014-0160 with IPS vulnerability signature ID 36416 ("OpenSSL TLS Heartbeat Information Disclosure Vulnerability") with critical severity and a default action of block. Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices. If you have any questions about coverage for this advisory, please contact Support.

Modified Decoders (1)

Name

ssl

New Vulnerability Signatures (1)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

critical

36416

OpenSSL TLS Heartbeat Information Disclosure Vulnerability

CVE-2014-0160

reset-server

  1. 3.1.0
L4 Transporter

Re: OpenSSL Heartbleed bug: CVE-2014-0160

How do you check for ssl version

Not applicable

Re: OpenSSL Heartbleed bug: CVE-2014-0160

Anyone else not able to get this update to show up in dynamic updates? Or am I missing something?

L4 Transporter

Re: OpenSSL Heartbleed bug: CVE-2014-0160

I have installed Application and Threat Content Release 429 but I cannot find the Signature....?

Capture.JPG.jpg

Capture.JPG.jpg

Capture.JPG.jpg

Capture.JPG.jpg

Anyone else ?

I just checked on the Dynamic Updates Website on Support, it's not there.... Withdrawal ?

L1 Bithead

Re: OpenSSL Heartbleed bug: CVE-2014-0160

Version 429 isn't showing up for me either.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!