- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- hpsmh heartbleed
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2014 04:45 PM - last edited on 04-13-2014 08:32 PM by Maiko-I
04-12-2014 04:45 PM - last edited on 04-13-2014 08:32 PM by Maiko-I
hpsmh heartbleed
Hi,
We discovered that hpsmh (version 7.2.2-8) is vurnerable for the OpenSSL Heartbleed problem on tcp port 2381, when will HP fix this issue? Is it possible to manual patch the embedded openssl?
Alwin.
P.S. This trhead has been moevd from ProLiant Servers (ML,DL,SL) to ITRC HP Systems Insight Manager Forum. - Hp forum moderator
- Tags:
- OpenSSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2014 10:49 PM
04-13-2014 10:49 PM
Re: hpsmh heartbleed
Hello,
this would interest me too!
I've read in the Revision history of SMH for Windows, that the last update to openSSL was with HP SMH version 7.3.0.9 in which OpenSSL got updated to version 1.0.1e.
According to the OpenSSL Security Advisory (https://www.openssl.org/news/secadv_20140407.txt) the "heartbleed" is fixed in version 1.0.1g.
HP can you please provide us information about a release of a fixed HP SMH?
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2014 02:20 AM
04-14-2014 02:20 AM
Re: hpsmh heartbleed
They released a security bulletin now which is available here: http://alerts.hp.com/r?2.1.3KT.2ZR.11MyKG.KUeOn0..N.ewLY.8RKW.bW89MQ%5f%5fDCTOFQR0
(No information yet about a release of a fixed version)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2014 08:59 AM - edited 04-15-2014 09:10 AM
04-15-2014 08:59 AM - edited 04-15-2014 09:10 AM
Re: hpsmh heartbleed
I was able to patch the service with a non-vulnerable openssl obtained from Red Hat rpms:
openssl-1.0.1e-16.el6_5.7.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm
It is necessary to extract the binary, libraries and creating the necessary symlinks:
/opt/hp/hpsmh # ll bin/openssl
-rwxr-xr-x 1 czkccz adminux 521472 Apr 15 10:00 bin/openssl
/opt/hp/hpsmh # ll lib/libssl.so*
lrwxrwxrwx 1 root root 16 Apr 15 10:06 lib/libssl.so -> libssl.so.1.0.1e
lrwxrwxrwx 1 root root 16 Apr 15 10:06 lib/libssl.so.1.0.0 -> libssl.so.1.0.1e
-rwxr-xr-x 1 czkccz adminux 441112 Apr 15 10:01 lib/libssl.so.1.0.1e
/opt/hp/hpsmh # ll lib/libcrypto.so*
lrwxrwxrwx 1 root root 19 Apr 15 10:09 lib/libcrypto.so -> libcrypto.so.1.0.1e
lrwxrwxrwx 1 root root 19 Apr 15 10:09 lib/libcrypto.so.1.0.0 -> libcrypto.so.1.0.1e
-rwxr-xr-x 1 czkccz adminux 1950976 Apr 15 10:08 lib/libcrypto.so.1.0.1e
lrwxrwxrwx 1 root root 19 Apr 15 10:10 lib/libcrypto.so.10 -> libcrypto.so.1.0.1e
/opt/hp/hpsmh #
I ran the script (https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl) to check and indicated that it is no longer vulnerable.
# /etc/init.d/hpsmhd start
Starting hpsmhd .. done
# ./ssl-hearbleed-check.pl -s 127.0.0.1:2381
...ssl received type=22 ver=0x301 ht=0x2 size=77
...ssl received type=22 ver=0x301 ht=0xb size=968
...ssl received type=22 ver=0x301 ht=0xe size=0
...send heartbeat#1
no reply - probably not vulnerable
#
I hope it will be useful, while a new hpsmh version is released.
Regards
Sergio Ramirez
GNU/Linux Team
HP Enterprise Services México
Sergio Manuel Ramirez Martinez
GNU/Linux Team
HP Enterprise Services México
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2014 10:26 PM
04-15-2014 10:26 PM
Re: hpsmh heartbleed
Do we have any procedure for windows systems?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2014 06:10 PM
04-16-2014 06:10 PM
Re: hpsmh heartbleed
Windows
64
7.3.2.1 = cp023240 = http://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v96952/cp023240.exe
7.2.3.1 = cp023243 = http://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v96957/cp023243.exe
32
7.3.2.1 = cp023239 = http://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v96949/cp023239.exe
7.2.3.1 = cp023242 = http://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v96955/cp023242.exe
Linux
64
7.3.2.1 = http://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v96951/hpsmh-7.3.2-1.x86_64.rpm
32
7.3.2.1 = http://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v96948/hpsmh-7.3.2-1.i386.rpm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2014 05:33 AM
04-18-2014 05:33 AM
Re: hpsmh heartbleed
Hello people,
I've updated the SMH for a Windows 2008 R2 server to the new version 7.3.2.1.
Now i get a timeout on the System Management homepage. I used the VCA 7.2.0.0 and this version becomes unresponsive with the new SMH. I had to update to the latest VCA. That version has the bug that you can't update the Diskfirmware. HP advised me to uninstall the VCA since HPSUm is the new way to update instead of VCA. So HP is leaving VCA. So i've just posteded this message to let you all know.
Kind regards,
Andrew Haak
Andrew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2014 12:52 AM
04-23-2014 12:52 AM
Re: hpsmh heartbleed
Hi Andrew,
thanks for your information!
Are you aware of any other bugs from the newest VCA except the harddisk firmware issue?
We'd like to have it installed anyway on the systems, so you have a overview of installed firmware/driver/software on one page... (unless we'll have rolled out HPSUM on every system)
Thanks and regards,
Ville
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2014 08:54 AM
04-23-2014 08:54 AM
Re: hpsmh heartbleed
Please be aware that the 32 bit Windows 7.3.2.1 version of the patch breaks the HP smh, the service starts but is not listening on 2381
smhstart_err.log show it cannot load the php5apache2.so module
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2014 12:25 PM
04-23-2014 12:25 PM
Re: hpsmh heartbleed
mikj , I think I installed this on a 32bit windows 7.3.2.1 version and now when I try to open up https://localhost:2381 i get a page can not be displayed ... are you having same issue as me ?
I installed this on my windows 2003 standard version.
thanks.