3PAR StoreServ Storage
cancel
Showing results for 
Search instead for 
Did you mean: 

OpenSSL heart bleed - HP 3PAR

satishstorage
Occasional Contributor

OpenSSL heart bleed - HP 3PAR

Any HP 3PAR products are vulnerable to heartbleed bug ?? 

3 REPLIES
Sheldon Smith
Honored Contributor

Re: OpenSSL heart bleed - HP 3PAR

Hp is checking all its products. Initial unofficial checks indicate the SP and InForm images use versions of OpenSSL that are not vulnerable to heartbleed. Contact your local Sales person for latest information.

 

 

Note: While I work for HP, all of my comments (whether noted or not), are my own and are not any official representation of the company.
----------
If my post was useful, click on my KUDOS! "White Star" !


Note: While I work for Hewlett Packard Enterprise, all of my comments (whether noted or not), are my own and are not any official representation of the company.
----------
If my post was useful, click on my KUDOS! thumb below!
South
Occasional Visitor

Re: OpenSSL heart bleed - HP 3PAR

Please see:

 

Critical Security Bulletins - 04/22/2014

HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information

http://alerts.hp.com/r?2.1.3KT.2ZR.1ApFgQ.KVlXP4..T.f154.8SCm.bW89MQ%5f%5fCbGOFOC0

Content Type: Storage Software security bulletins

 

The impact of this vulnerability on 3PAR OS is unclear.  You can limit the impact by placing the 3PAR management LAN ports, and other 3PAR tools on a separate VLAN and restrict access, that is a good practice anyway.

 

I have not seen anything official on the Service Processor, Policy Manager, Inform Management Console, Command Line Interface, System Reporter, or any of the other 3PAR tools yet.  I guess the most serious would be vulnerabilities in the Service processor and Policy Manager as these typically require access to the internet for the remote monitoring to work.  A formal statement from HP is overdue.

 

 

Dennis Handly
Acclaimed Contributor

Re: OpenSSL heartbleed - HP 3PAR

>Critical Security Bulletins - 04/22/2014

 

This was updated last week to indicate patches are in place for 3.1.3 and 3.1.2.

 

>You can limit the impact by placing the 3PAR management LAN ports,

 

Exactly