Is Symantec System Recovery affected by the OpenSSL vulnerability (CVE-2014-0224)?

Problem

A security vulnerability has been detected in specific versions of OpenSSL. For more information regarding this vulnerability, please refer to the following link:

http://www.openssl.org/news/secadv_20140605.txt

 

Solution

Symanetc System Recovery (SSR) uses VMWare Virtual Disk Development Kit for Physical to Virtual conversion (P2V) which makes use of OpenSSL. All functions except P2V such as Backup/Restore are not impacted by the OpenSSL vulnerability as it does not rely on OpenSSL encryption. Also P2V function is not impacted by the OpenSSL vulnerability after ESXi server is patched with ESXi510-201406401-SG for ESXi 5.1 or ESXi500-201407401-SG for ESXi 5.0.

Similarly the BESR Management Solution (BESR-MS) or SSR Management Solution (SSR-MS) is not impacted by the OpenSSL vulnerability after ESXi server is patched with ESXi510-201406401-SG for ESXi 5.1 or ESXi500-201407401-SG for ESXi 5.0.

Backup Exec System Recovery (BESR) 2010 or earlier uses the version of SSL that is included with VMware VDDK 1.1.1 (https://www.vmware.com/support/developer/vddk/VDDK-1.1.1-Relnotes.html) and is not impacted.


 

 CVE-2014-0224
SSR 2011/2013/2013 R2ESXi 5.1: ESXi510-201406401-SG
ESXi 5.0: ESXi500-201407401-SG
 
BESR 2010 or earlierNo impact
Management SolutionESXi 5.1: ESXi510-201406401-SG
ESXi 5.0: ESXi500-201407401-SG






 


Terms of use for this information are found in Legal Notices.

Search

Survey

Did this article answer your question or resolve your issue?

No
Yes

Did this article save you the trouble of contacting technical support?

No
Yes

How can we make this article more helpful?

Email Address (Optional)