This post is also available in: Italian

Reading Time: 2 minutes

Heartbleed is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of a server or a client, allowing (with special forget packets) reading (small) portition of the victim client. This could expose to lost of some data and potentially also confidendial data.

Heartbleed.com has a detailed explanation of the issue, which is related to the “heartbeat” section of OpenSSL’s transport layer security (TSL) protocols and has been in the wild since March 2012 and affect all version from OpenSSL 1.0.1 through 1.0.1f.

You need to upgrade the OpenSSL binaries if you are implementing services with SSL but also you have to change your password (or you certificates) if you are using (of have used) affected services (see also The Heartbleed Hit List: The Passwords You Need to Change Right Now).

On the Dell side some products are affected and other no, and like done by VMware there is a dedicated page about this issue: Heartbleed Remediation.

On the server side seems like fine: Dell does not consider CVE-2014-0160 to be a security vulnerability in DRAC5, iDRAC6, or iDRAC7. The affected OpenSSL packages are not part of, supported in, or used in DRAC or iDRAC.

Also Dell does not consider CVE-2014-0160 to be a security vulnerability for any of the following OpenManage products:

  • Dell Open Manage Server Administrator (OMSA) agent
  • Dell Chassis Management Controller (CMC)
  • Dell OpenManage Integration for VMware vCenter
  • Dell Repository Manager
  • Dell OpenManage Essentials (OME)
  • Dell OpenManage Power Center
  • Dell Connectors for CA/IBM/HP
  • Dell Plug-in for Oracle Enterprise Manager

Anyway there is a post regards a fix for OME 1.3 that could be downloaded from Dell support site.

More complicated on the Dell Software side: some SonicWALL SRA (specific firmware versions), Kace 3000, some other software also some Dell Networking products are affected.

Just look at the Heartbleed Remediation to verify if your products is affected. Funny but no Dell storage are in this list yet, so probably the list is not yet complete. For the storage products the recomented practice is keep them in a management and protected network (some firmware version are affected).

Share

Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-24. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-23. Nutanix NTC 2014-20. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.