OpenSSL version on Veeam Proxy Appliance

Availability for the Always-On Enterprise

OpenSSL version on Veeam Proxy Appliance

Veeam Logoby michaelryancook » Wed Oct 25, 2017 10:03 pm

Hi all. This is related to Case # 02358134. Our security team recently scanned our environment and the veeam proxy appliance used in SureBackup jobs was flagged as using an older OpenSSL version that has numerous vulnerabilities. We are running Veeam B&R 9.0.0.1715. I logged into the console of the proxy and verified that version 1.0.0 is installed and that the proxy is listening on port 443. We are trying to determine if there are any updates available that would address this vulnerability? Is the same version used in 9.5?

TIA, Michael
michaelryancook
Expert
 
Posts: 116
Liked: 14 times
Joined: Tue Nov 26, 2013 6:13 pm
Full Name: Michael Cook

Re: OpenSSL version on Veeam Proxy Appliance

Veeam Logoby foggy » Thu Oct 26, 2017 4:21 pm

Hi Michael, the version that comes with the appliance in Veeam B&R v9 and v9.5 should be OpenSSL-1.0.1i and it didn't change in the recent release.
foggy
Veeam Software
 
Posts: 15394
Liked: 1142 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: OpenSSL version on Veeam Proxy Appliance

Veeam Logoby michaelryancook » Thu Oct 26, 2017 8:05 pm

Hi Foggy. Ours is definitely OpenSSL-1.0.0 not 1.0.1. We have been told that we need to run OpenSSL-1.0.1u or higher so even v9.5 will not address our issue. I may have to discuss with security to see what the exploit entails to see if we can leave as is.
michaelryancook
Expert
 
Posts: 116
Liked: 14 times
Joined: Tue Nov 26, 2013 6:13 pm
Full Name: Michael Cook

Re: OpenSSL version on Veeam Proxy Appliance

Veeam Logoby foggy » Fri Oct 27, 2017 2:27 pm 1 person likes this post

We will be updating the appliance in one of the future releases.
foggy
Veeam Software
 
Posts: 15394
Liked: 1142 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: OpenSSL version on Veeam Proxy Appliance

Veeam Logoby michaelryancook » Fri Oct 27, 2017 5:06 pm

Thanks Foggy
michaelryancook
Expert
 
Posts: 116
Liked: 14 times
Joined: Tue Nov 26, 2013 6:13 pm
Full Name: Michael Cook

[MERGED] OpenSSL Security Issue "CVE-2017-3736"

Veeam Logoby louis8963 » Thu Nov 09, 2017 7:08 am

Hi all,

On 02 Nov 2017, OpenSSL release a Security Advisory talking about the secutiry issue
Ref: https://www.openssl.org/news/secadv/20171102.txt

I like to know is it related to VEEAM product like VEEAM 9.5 backup & replication.

After create case on the VEEAM support.

VEEAM engineer referral and advise me open a topic here.

So, any one can help?

Thanks.
louis8963
Lurker
 
Posts: 1
Liked: never
Joined: Thu Nov 09, 2017 6:53 am
Full Name: Chan Kin Hei


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Google Feedfetcher and 1 guest