Follow

Response to CVE-2014-0160 - "The Heartbleed Bug"

A vulnerability in OpenSSL has been recently announced.  Specifically, the (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.


Please see the following links for publicly disclosed details on the OpenSSL Vulnerability:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
http://www.kb.cert.org/vuls/id/720951

 

Kaseya has reviewed our product offerings in relation to the vulnerability as follows:

Kaseya Virtual Systems Administrator (VSA)
This product does not make use of the affected OpenSSL versions/protocols described in vulnerability CVE-2014-0160.

Kaseya Traverse
This product does not make use of the affected OpenSSL versions/protocols described in vulnerability CVE-2014-0160.

Kaseya Network Monitor (KNM)
This product does not make use of the affected OpenSSL versions/protocols described in vulnerability CVE-2014-0160.

Kaseya 365Command
This product does not make use of the affected OpenSSL versions/protocols described in vulnerability CVE-2014-0160.

Kaseya BYOD Suite
The BYOD Suite had utilized an affected version of OpenSSL for some of its functionality.  We are currently updating the system to the latest version of OpenSSL (which is not affected).  An updated notification will be posted shortly when our update is complete.

Was this article helpful?
8 out of 8 found this helpful
Have more questions? Submit a request

1 Comments

  • 0
    Avatar
    John Nuttall

    UPDATE:

    As of 10th April 2014 all BYOD servers were confirmed as being updated against the "Heartbleed" vulnerability.

Article is closed for comments.