OpenSSL Heartbleed Vulnerability - K3000
Hello all,
I have generated my keys for the K3000 appliance via the K1000, meaning that I used the K1000 to generate the keys. I saw that the K3000 is running version 1.0.1 and it is vulnerable. Does this affect my K3000 appliance even if I have used the K1000 for the keys?
Answers (5)
http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL122931
We got a secureworks notification this morning about our K3. It doesn't matter where you generated your keys from, it matters which version of OpenSSL is running on the box. For us K3 folks, we just have to wait for the fix and be glad our K1/K2 aren't affected.
Comments:
-
Thanks a lot Asevera. - elvenil 10 years ago
This seems like an answer better posed directly to the KACE service center.
Have you put in a ticket with Dell directly? If so: What did they have to say about the vulnerabilities?
If not: you should...?
http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL122931
Here you go, now that I looked around...
Got this last night:
Dear K3000 Customer,
This is a follow up email from the email sent to you on April 14th.
We are contacting you because Dell KACE has published a Security Fix for the OpenSSL Heartbleed vulnerability. Details are listed below.
Description: Security Hot Fix is Available for Dell KACE K3000 v1.198240 (1.1 SP2)
Resolution: Dell KACE has released a security hot fix for the K3000 (applies to minimum version 1.1.98240) that can be downloaded by navigating to http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL122931 to remediate this vulnerability.
For customers on earlier versions, you will need to upgrade to v1.1.98240 prior to applying the security fix. K3000 v1.2 downloads can be accessed here: https://www.kace.com/support/my/downloads
Once applied the new version will be 1.1.98241