OpenSSL Heartbleed bug: CVE-2014-0160

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

OpenSSL Heartbleed bug: CVE-2014-0160

L1 Bithead

Hi,

Just wondering if any Palo Alto versions are affected by this bug in OpenSSL?

http://heartbleed.com/

Regards

64 REPLIES 64

Application and Threat Content Release Notes

Version 429

Notes: A critical vulnerability in OpenSSL (CVE-2014-0160: OpenSSL Private Key Disclosure Vulnerability) was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows arbitrary memory readout, which effectively exposes primary key material and compromises the integrity of the secure channel.

To address this vulnerability, Palo Alto Networks has released an emergency content update that provides detection of attempted exploitation of CVE-2014-0160 with IPS vulnerability signature ID 36416 ("OpenSSL TLS Heartbeat Information Disclosure Vulnerability") with critical severity and a default action of block. Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices. If you have any questions about coverage for this advisory, please contact Support.

Modified Decoders (1)

Name

ssl

New Vulnerability Signatures (1)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

critical

36416

OpenSSL TLS Heartbeat Information Disclosure Vulnerability

CVE-2014-0160

reset-server

  1. 3.1.0

L4 Transporter

How do you check for ssl version

Anyone else not able to get this update to show up in dynamic updates? Or am I missing something?

I have installed Application and Threat Content Release 429 but I cannot find the Signature....?

Capture.JPG.jpg

Capture.JPG.jpg

Capture.JPG.jpg

Capture.JPG.jpg

Anyone else ?

I just checked on the Dynamic Updates Website on Support, it's not there.... Withdrawal ?

Version 429 isn't showing up for me either.

Ok I have deleted the Content Image 429 on the Firewall and hit the Check now button again, not coming down the line anymore ...

Something screwed up 429 ?

Hello gafrol,


If you have an issue with 429 not being able to see the new tid, can you log out of the device then log back in again and see if you see it.


Regards,

Jahnavi.

Did not help either. For some reason 429 is not available for download anymore.

I just was told that they revoked the 429 update... New release time is unknown

L4 Transporter

openssl version does not work on my windows server

Windows has its own implementation of SSL they are not using openssl. To check openssl version simply enter "openssl version" on the cmd line.

Hello gafrol,

Contents 429 has been pulled, it is not available for download anymore.

Thanks.

Content 429 has been pulled and PAN engineering team  is working on it. We will keep you updated on this.

Thanks

yes I tried that command and it did not work on my windows servers

Looks like it's available again...just a minute ago.

  • 25115 Views
  • 64 replies
  • 5 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!