How to Verify OpenSSL Version in a VDI-in-a-Box Appliance

How to Verify OpenSSL Version in a VDI-in-a-Box Appliance

book

Article ID: CTX140975

calendar_today

Updated On:

Description

The version of OpenSSL used by VDI-in-a-Box’s vdiManager virtual appliance has been identified as vulnerable to a number of security vulnerabilities, including CVE-2014-0160 and CVE-2014-0224. This article describes how to verify the version of OpenSSL contained within the appliance and also verify whether this is up to date.

More information on the Citrix response to these vulnerabilities can be found in the following articles:

Instructions

Log on as user kvm directly to vdiManager’s console from hypervisor, or use any SSH program like PuTTY to log on to vdiManager. The default password is kaviza123.

  1. Type the following rpm command:
    kvm@vdimgr:~$ rpm -q --changelog openssl |more

    - fix CVE-2010-5298 - possible use of memory after free
- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
- fix CVE-2014-0198 - possible NULL pointer dereference
- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

  2. vdiManager is correctly patched if 7 entries of OpenSSL related fixes are listed.

  3. If you cannot find any words related to CVE-2014-* like mentioned in the preceding step, then the appliance has old OpenSSL binary. Migration process is required to update to the appliances containing fixed version of OpenSSL. Follow the procedure mentioned in Citrix eDocs - Migrate from VDI-in-a-Box 5.1.x to VDI-in-a-Box 5.3 to migrate from older version to 5.3.8 or 5.4.4 or later.

Issue/Introduction

This article explains how to verify OpenSSL version in a VDI-in-a-Box appliance.
Powered by Wolken Software