AnsweredAssumed Answered

Solaris 10 SPARC failing with CVE-2014-0224 with OpenSSL 1.0.1j

Question asked by Jon Shaw on Apr 16, 2015
Latest reply on Apr 17, 2015 by Jon Shaw

Hello,

 

We are failing for this vulnerability (exploitable) with a score of F, and I don't know why.  From our server:

$ openssl version -v

OpenSSL 1.0.1j 15 Oct 2014

$ openssl version -a

OpenSSL 1.0.1j 15 Oct 2014

built on: Thu Oct 16 17:27:20 EST 2014

platform: solaris64-sparcv9-cc

options:  bn(64,32) rc4(ptr,char) des(ptr,risc1,16,int) idea(int) blowfish(ptr)

compiler: cc -xtarget=ultra -m64 -xcode=pic32 -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -m64 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM

OPENSSLDIR: "/usr/local/ssl"

 

I'm not sure how to troubleshoot this problem.  Any suggestions would be appreciated.

 

Thank you

Outcomes