Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Please confirm whether your firmware is affected by the new OpenSSL defect

smicker_
Occasional Contributor
‎04-08-2014 10:03:PM
‎04-08-2014 10:03:PM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

I'm able to see 7.3 (and all others) on both the mag and sa download pages.
0 Kudos
smicker_
Occasional Contributor
‎04-08-2014 10:15:PM
‎04-08-2014 10:15:PM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

BTW, updated release are now up that fix heartbleed.
0 Kudos
agregor67_
New Contributor
‎04-09-2014 04:50:AM
‎04-09-2014 04:50:AM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

We see information about bug in software. Now device SA4500 working with system 7.4.R8.
Issue CVE-2014-0160 in OpenSSL
JUNIPER (kb.pulsesecure.net/JSA10623)

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=kb29004

In this document see :
SOLUTION:
Juniper Networks has released 8.0R3.1 and 7.4R9.1 to resolve this issue on the server
side for its SSL VPN product family. The fixed build includes openssl libraries with
disabled heartbeat extension options (using the openssl option -DOPENSSL_NO_HEARTBEATS)

In this situation Juniper TAC it is recomended new version 7.4R9.1 for SA4500.

Please send me official JTAC recomendation for this bug.

0 Kudos
agregor67_
New Contributor
‎04-09-2014 05:10:AM
‎04-09-2014 05:10:AM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

 

Juniper Networks Secure Access Release Notes

IVE Platform Version 7.4R9.1 Build # 30599

 

Known Issues/Limitations Fixed in 7.4R9.1 Release

This release fixes the issue described in JSA10623. For more detailed info please refer KB29004.

 

Version 7.4R9.1 it is fixed and not have bug ?

Can you confirmed this information ?

0 Kudos
flip_pipe_
Frequent Contributor
‎04-09-2014 06:03:AM
‎04-09-2014 06:03:AM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

Yes, in our SA2500 and SA6500 solve the problem.

0 Kudos
mtessier_
Frequent Contributor
‎04-09-2014 09:08:AM
‎04-09-2014 09:08:AM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

I am running 7.4r7 in production. This version of the IVE / Pulse should be vulnerable. However when scanned with http://filippo.io/Heartbleed it's indicating that our systems are not vulnerable.

 

I have 7.4r9.1 running in our lab and we're planning on upgrading tonight, but I was really hoping to be able to confirm that the issue has been patched.

 

Does anyone have another way to test for the vulnerability?

0 Kudos
CaseyH_
Contributor
‎04-09-2014 09:13:AM
‎04-09-2014 09:13:AM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

Check out the FAQ/Status section of the website.

 

http://filippo.io/Heartbleed/faq.html

 

 

0 Kudos
flip_pipe_
Frequent Contributor
‎04-09-2014 09:18:AM
‎04-09-2014 09:18:AM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

I've used this script: http://pastebin.com/WmxzjkXJ

 

But there is an "improved" version: https://gist.github.com/mpdavis/10171593

0 Kudos
kohster_
Contributor
‎04-09-2014 09:41:AM
‎04-09-2014 09:41:AM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

Does anyone know why the Pulse clients are listed as vulnerable and what the vulnerability actually entails?  Are they only listed because they were built with a vulnerable version of OpenSSL?  What would an attack on a client actually look like or be able to compromise?

0 Kudos
wavetrain2013_
Occasional Contributor
‎04-09-2014 10:14:AM
‎04-09-2014 10:14:AM

Re: Please confirm whether your firmware is affected by the new OpenSSL defect

Anyone else seeing HC timeouts with the new 7.4R9.1 code?

 

Our HC runs every 10 mins and after upgrading from 7.4R5 to 7.4R9.1 I am getting HC timeouts on a Win7 and MacOS  Pulse clients.

 

Since HC is done over SSL I'm wondering if this new code's fix of disabling heartbeat extensions is impacting it.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.