APTARE IT Analytics Security Vulnerability

Articolo: 100049190
Data ultima modifica: 2020-12-23
Valutazioni: 0 0
Prodotto/i: APTARE IT Analytics

Severity

Critical

Description

Security research has disclosed that there is a vulnerability that would allow a low privileged user on a Windows system to load malicious OpenSSL code. In addition, there is a related vulnerability which enables similar access on Linux.

APTARE IT Analytics versions 10.5 and 10.4 may be affected.

Veritas will communicate any new and updated information as soon as we discover and verify the information.  Questions and comments are welcomed and should be directed to Veritas Support

Action Required

Please refer to the Master Advisory for more details on the security advisory and recommended action.

Further information see APTARE IT Analytics Advisory.

 

Manual Mitigation Steps

The manual steps for mitigation are as follows:

Windows

Aptare 10.4:

  1. Open a new powershell window with Run as Administrator option
     
  2. If c:\apache24\conf\openssl.cnf is present, ensure that the file is required and the contents are correct. If not, rename the file
    • # Rename-Item -Path c:\apache24\conf\openssl.cnf -NewName c:\apache24\conf\openssl.cnf_renamed
       
  3. Create c:\apache24\conf if not present
    • # New-Item -ItemType directory -Path c:\apache24\conf
       
  4. Set ACLs so that only Administrator can access the directory c:\apache24\conf\
    • # $acl = Get-Acl c:\apache24\conf; $acl.SetAccessRuleProtection($true,$false); Set-Acl c:\apache24\conf $acl
       
  5. Delete the openssl binary
    • # Remove-Item -Path c:\opt\apache\bin\openssl.exe

 

Aptare 10.5 and Newer:

  1. Open a new powershell window with Run as Administrator option.
     
  2. If C:\usr\local\ssl\openssl.cnf is present, ensure that the file is required and the contents are correct. If not, rename the file​​​​​​​
    • # Rename-Item -Path C:\usr\local\ssl\openssl.cnf -NewName C:\usr\local\ssl\openssl.cnf_renamed
       
  3. Create C:\usr\local\ssl if not present​​​​​​​
    • # New-Item -ItemType directory -Path C:\usr\local\ssl
       
  4. Set ACLs so that only Administrator can access the directory c:\apache24\conf\​​​​​​​
    • # $acl = Get-Acl C:\usr\local\ssl; $acl.SetAccessRuleProtection($true,$false); Set-Acl C:\usr\local\ssl $acl
       
  5. Delete the openssl binary​​​​​​​
    • # Remove-Item -Path c:\opt\apache\bin\openssl.exe

 

Linux

  1. Using a terminal session 
    • # sudo su -
    • # rm /opt/apache/ssl/bin/openssl
       
  2. If /usr/local/ssl/openssl.cnf file is present, Ensure that the file required and the contents are correct. If not, rename the file​​​​​​​
    • # mv /usr/local/ssl/openssl.cnf /usr/local/ssl/openssl.cnf_renamed
      ​​​​​​​​​​​​​​
  3. Create /usr/local/ssl if not present​​​​​​​
    • # mkdir /usr/local/ssl
      ​​​​​​​
  4. Set permission only for root​​​​​​​
    • # chown -R root:root /usr/local/ssl
    • # chmod -R o-rwx /usr/local/ssl

Il contenuto è stato utile?