PAMSC Endpoint OpenSSL 1.0.2k vulnerabilities
Article ID: 368698
Updated On:
Products
Issue/Introduction
PAMSC 14.10 was scanned and OpenSSL libraries were found to be vulnerable.
|
Description |
Path |
Reported |
Fixed |
|
OpenSSL 1.0.x < 1.0.2m RSA/DSA Unspecified Carry Issue |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2m |
|
OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2n |
|
OpenSSL 1.0.x < 1.0.2o Multiple Vulnerabilities |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2o |
|
OpenSSL 1.0.x < 1.0.2p Multiple Vulnerabilities |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2p |
|
OpenSSL 1.0.x < 1.0.2q Multiple Vulnerabilities |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2q |
|
OpenSSL 1.0.x < 1.0.2r Information Disclosure Vulnerability |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2r |
|
OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2t |
|
OpenSSL 1.0.2 < 1.0.2u Procedure Overflow Vulnerability |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2u-dev |
|
OpenSSL 1.0.2 < 1.0.2x Null Pointer Dereference Vulnerability |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2x |
|
OpenSSL 1.0.2 < 1.0.2w Information Disclosure |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2w |
|
OpenSSL 1.0.2 < 1.0.2y Multiple Vulnerabilities |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2y |
|
OpenSSL 1.0.2 < 1.0.2za Vulnerability |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2za |
|
OpenSSL 1.0.2 < 1.0.2zd Vulnerability |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2zd |
|
OpenSSL 1.0.2 < 1.0.2ze Vulnerability |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2ze |
|
OpenSSL 1.0.2 < 1.0.2zf Vulnerability |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2zf |
|
OpenSSL 1.0.2 < 1.0.2zg Multiple Vulnerabilities |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2zg |
|
OpenSSL 1.0.2 < 1.0.2zh Multiple Vulnerabilities |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2zh |
|
OpenSSL 1.0.2 < 1.0.2zi Vulnerability |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2zi |
|
OpenSSL 1.0.2 < 1.0.2zj Vulnerability |
/opt/seos/lbin/openssl |
1.0.2k |
1.0.2zj |
Environment
PAMSC 14.10
Resolution
Solution:
PAMSC 14.10 CP6 will be using WolfSSL which currently has no known CVEs as of May 2024.
And the OpenSSL binaries will be updated to 1.1.1w.
Workaround:
"/opt/seos/lbin/openssl" is used by PIM/PAMSC only for the purpose of creating certificates during the installation.
As such, it can be safely backup and removed from file system without concerns of breaking any functionality.
Please backup the openssl binaries from the lbin folder and remove them.
NOTE:
For Windows Endpoints, the openssl binary gets removed after the installation so there is no remaining openssl.exe on the filesystem once the installation completes.
Feedback
