Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎05-13-2013

We are running ArubaOS 6.1.3.10 on Aruba650 controller, does this OS get affected by Heartbleed bug

We are running ArubaOS 6.1.3.10 on Aruba650 controller, does this OS get affected by Heartbleed bug in OpenSSL

MVP
Posts: 471
Registered: ‎11-04-2011

Re: We are running ArubaOS 6.1.3.10 on Aruba650 controller, does this OS get affected by Heartbleed

According to the security bulletin, ArubaOS 6.1 is not affected as is does not use the vulnerable SSL libraries.

 

http://www.arubanetworks.com/support/alerts/aid-040814.asc

 

AFFECTED VERSIONS

- - � ArubaOS 6.3.x, 6.4.x 
- - � ClearPass 6.1.x, 6.2.x, 6.3.x

Previous versions of these products used an earlier version of OpenSSL 
that is not vulnerable.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
New Contributor
Posts: 3
Registered: ‎05-13-2013

Re: We are running ArubaOS 6.1.3.10 on Aruba650 controller, does this OS get affected by Heartbleed

Thanks hrobers.

 

Is there any way to get this library version from ArubaOS command line? (or GUI)

MVP
Posts: 471
Registered: ‎11-04-2011

Re: We are running ArubaOS 6.1.3.10 on Aruba650 controller, does this OS get affected by Heartbleed

I could not find how to get the library version.

 

However, you can test if an appliance has heartbeat enabled with an openssl client (I use Ubuntu 12.04 for the tests below). Use OpenSSL with the following commandline options, and enter the command  B  when connected:

 

# openssl s_client -connect 172.30.0.30:443 -tlsextdebug -debug -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
......
    Verify return code: 19 (self signed certificate in certificate chain)
---
B    <<<<<<< ENTER THE B HERE, IT WILL INITIATE A HEARTBEAT
HEARTBEATING
write to 0x22f01d0 [0x22fa213] (85 bytes => 85 (0x55))
0000 - 18 03 02 00 50 47 82 3b-d6 c5 f0 f9 13 3a 77 5a   ....PG.;.....:wZ
0010 - 9c 37 f1 04 4e 06 12 d8-fb 1a 00 b1 19 92 3e c2   .7..N.........>.
0020 - 21 57 4d da 62 70 cf 28-26 06 18 89 9c 2d f3 86   !WM.bp.(&....-..
0030 - 5e a9 16 1d 41 7e f5 ea-77 d1 0e 2e f3 5a 38 10   ^...A~..w....Z8.
0040 - 75 e1 1e ef 18 fc f6 d1-1c ec 8a 43 e3 3d a6 66   u..........C.=.f
0050 - a0 42 c5 17 5f                                    .B.._
read from 0x22f01d0 [0x22f5cc3] (5 bytes => 5 (0x5))
0000 - 18 03 02 00 50                                    ....P
read from 0x22f01d0 [0x22f5cc8] (80 bytes => 80 (0x50))
0000 - e0 55 6b e4 5b 3f 14 9d-34 9d c0 13 0f 59 ee e1   .Uk.[?..4....Y..
0010 - f8 24 db 01 2d 33 01 f5-10 b5 13 e6 9d a0 ba 63   .$..-3.........c
0020 - 48 07 d0 1e be 1e 64 f7-38 eb 3a a7 a1 f6 62 ee   H.....d.8.:...b.
0030 - 08 15 1f 45 7f a5 08 9f-0e 5e 54 f4 0b cf 98 56   ...E.....^T....V
0040 - e7 71 2c 0a ff 86 89 b1-d1 9e c9 c4 0a ba 53 22   .q,...........S"
read R BLOCK

This one IS vulnerable.

 

The following is NOT (peer does not accept heartbeats):

 

% openssl s_client -connect 192.168.31.1:443 -tlsextdebug -debug -state
....

    Verify return code: 19 (self signed certificate in certificate chain)
---
B
HEARTBEATING
140691834463904:error:1413B16D:SSL routines:SSL_F_TLS1_HEARTBEAT:peer does not accept heartbearts:t1_lib.c:2521:
write to 0x12e21d0 [0x12ec213] (37 bytes => 37 (0x25))
0000 - 15 03 02 00 20 1b 94 8f-82 3f 40 6c 4d 2b 11 b6   .... ....?@lM+..
0010 - 9a 62 6f f7 2a 90 a5 b2-2e 67 1e a0 6d f5 03 75   .bo.*....g..m..u
0020 - 66 a4 a3 8f e5                                    f....
SSL3 alert write:warning:close notify

Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
New Contributor
Posts: 3
Registered: ‎05-13-2013

Re: We are running ArubaOS 6.1.3.10 on Aruba650 controller, does this OS get affected by Heartbleed

Appreciate it..

Search Airheads
Showing results for 
Search instead for 
Did you mean: