T10000D - OpenSSL Vulnerabilities

Asset ID:	1-72-2380304.1
Update Date:	2018-03-29
Keywords:

Solution Type Problem Resolution Sure

Solution 2380304.1 : T10000D - OpenSSL Vulnerabilities

Applies to:

StorageTek T10000D Tape Drive - Version All Versions and later
Information in this document applies to any platform.

BUG 27585005 - Assess T10KD's for OpenSSL vulnerabilities.
SR 3-16896668511, not view able due to being a security SR.

Symptoms

OpenSSL Vulnerabilities

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
OpenSSL CVE-2016-6304 Denial of Service Vulnerability
OpenSSL CVE-2016-6302 Denial of Service Vulnerability
OpenSSL CVE-2016-7052 Denial of Service Vulnerability
OpenSSL CVE-2016-2180 Local Denial of Service Vulnerability
OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability

Changes

Cause

Possible SSL Vulnerability

Solution

OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
   Issue with the MDC2 hash. This hash is not present in the OpenSSL FIPS
Object Module and so this issue does not affect the T10000D.

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
   Issue with OpenSSL TLS implementation and does not affect T10000D.

OpenSSL CVE-2016-6302 Denial of Service Vulnerability
   Issue with OpenSSL TLS implementation and does not affect T10000D.

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
   Issue with OpenSSL TLS implementation and does not affect T10000D.

OpenSSL CVE-2016-2180 Local Denial of Service Vulnerability
   The TS_OBJ_print_bio() code is not part of the FIPS Object Module.

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
   Issue with OpenSSL TLS implementation and does not affect T10000D.

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability

The code construct in question was not used in the FIPS Object module and so the T10000D drives are not affected by the vulnerability.

Attachments

This solution has no attachment