ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

OpenSSL 1.0.2zd reported vulnerability


Article ID: 241706


Updated On:




OpenSSL 1.0.2zd vulnerability on Siteminder Access Gateway r12.8.x.

Symantec Siteminder Access Gateway bundles OpenSSL 1.0.2 with all versions of r12.8.x

r12.8.1: OpenSSL 1.0.2q
r12.8.1: OpenSSL 1.0.2q
r12.8.2: OpenSSL 1.0.2q
r12.8.3: OpenSSL 1.0.2r
r12.8.4: OpenSSL 1.0.2u
r12.8.5: OpenSSL 1.0.2x
r12.8.6: OpenSSL 1.0.2za
r12.8.6a: OpenSSL 1.0.2za

Vulnerabilities have been reported on various versions of OpenSSL 1.0.2 all the way through to 1.0.2zd.  This impacts all GA versions of Symantec Siteminder Access Gateway up to and including r12.8.6a.



Component: OpenSSL
Versions Impacted: 1.0.2 - 1.0.2zd
Severity: Moderate


The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Reported by Elison Niven (Sophos).

Fixed in OpenSSL 1.0.2ze


Release : 12.8.6a

Component : Siteminder Access Gateway


Upgrade the OpenSSL in all Siteminder Access Gateways to OpenSSL 1.0.2ze


r12.8.6 and higher on Windows:
r12.8.5 and Lower on Windows:
r12.8.6a and lower on Linux:


OpenSSL 1.0.2ze on Linux Installation Instructions

1) Copy "" to the Access Gateway Server

2) Unzip ""


3) Stop the Access Gateway Server.

4) Navigate to the '<InstallDir>/CA/secure-proxy' directory.

5) Note the permissions on the '<InstallDir>/CA/secure-proxy/SSL/' directory.

6) Backup the '<InstallDir>/CA/secure-proxy/SSL/' directory.

7) Copy '/1.0.2ze_linux64bit/Release/bin/openssl' to the '/<Intall_Dir>/CA/secure-proxy/SSL/bin/bin drectory.

cp -r /1.0.2ze_linux64bit/Release/bin/openssl /<InstallDir>/CA/secure-proxy/SSL/bin/openssl

8) Copy the library files from '/1.0.2ze_linux64bit/Release/lib/' to the '/<Intall_Dir>/CA/secure-proxy/SSL/lib/' directory.

cp -r /Release_openssl102ze_linux64/Release/lib/lib* ./<InstallDir>/CA/secure-proxy/SSL/lib/

9) Re-set the permissions on the copied files.

10) Re-source the environment variables;

. ./

11) Re-start the Access Gateway.

./proxy-engine/sps-ctl start


   OpenSSL 1.0.2ze Windows Installation Instructions

1) Stop the Access Gateway server

2) Browse to the "<Install_Dir>\CA\secure-proxy\SSL\bin\" directory in Access Gateway

Default: C:\Program Files\CA\secure-proxy\SSL\

3) Back-up the following files:


4) Replace with the files from ""

5) Browse to the "<Install_Dir>\CA\secure-proxy\HTTPD\bin\" directory in Access Gateway

Default: C:\Program Files\CA\secure-proxy\HTTPD\

6) Back-up the following files:


7) Replace with the files from ""

8) Start the Access Gateway server

Attachments get_app get_app get_app