{"status":"success","advisory":{"_id":"6835471f5b16347a91c39c46","kb_acknowledgements":null,"kb_affected_list":["Cluster Network Switch (NetApp CN1610)","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","Config Advisor","FlashRay","NetApp Host Agent","NetApp Manageability SDK","NetApp SMI-S Provider","NetApp VTL","OnCommand Balance","OnCommand Unified Manager Core Package","OnCommand Unified Manager Host Package","OnCommand Workflow Automation","Open Systems SnapVault Agent","Service Processor","SnapDrive for Unix","SnapDrive for Windows","SnapProtect"],"kb_bad_data":false,"kb_cve":["CVE-2014-3505","CVE-2014-3506","CVE-2014-3507","CVE-2014-3508","CVE-2014-3509","CVE-2014-3510","CVE-2014-3511","CVE-2014-3512","CVE-2014-5139"],"kb_exploitation":"Public","kb_fixes":[{"product":"NetApp Manageability SDK","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/nmsdk/5.3.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager Host Package","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://library-clnt.dmz.netapp.com/info/communications/ECMP1400690.html"},{"product":"Config Advisor","fixes":[],"instructions":null,"wontfix":true,"eos_link":null},{"product":"OnCommand Unified Manager Core Package","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/occore_win/5.2.1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/occore_lin/5.2.1P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapDrive for Windows","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_win/7.1.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapDrive for Unix","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_redhatlinux/5.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SMI-S Provider","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/smis/Windows/5.2.1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/smis/Linux/5.2.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp VTL","fixes":[],"instructions":null,"wontfix":true,"eos_link":"mysupport.netapp.com/info/eoa/df_eoa_category_page.html?category=Platforms#ECMLP2562710"},{"product":"OnCommand Workflow Automation","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa/3.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Open Systems SnapVault Agent","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/aix/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/hpux/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/linux/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/sol/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/solx86/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/esx/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/win2003/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/win2008/3.0.1P6/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Clustered Data ONTAP","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.3.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Host Agent","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMLP2512371.html"},{"product":"OnCommand Balance","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_ib/4.2.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Service Processor","fixes":[],"instructions":null,"wontfix":true,"eos_link":null},{"product":"Clustered Data ONTAP Antivirus Connector","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap_av_connector/1.0.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Cluster Network Switch (NetApp CN1610)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm/","cves":[]}],"instructions":"Apply version 1.1.0.8 or later to receive the fix.","wontfix":false,"eos_link":null},{"product":"SnapProtect","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapprotect/11.0SP4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"FlashRay","fixes":[],"instructions":null,"wontfix":true,"eos_link":"n/a"}],"kb_impact":"Exploitation of this vulnerability may lead to disclosure of information or a disruption of service.","kb_internal_notes":[{"burt":"846390","jira":"","product":"Cluster Network Switch (NetApp CN1610)"},{"burt":"846397","jira":"","product":"Clustered Data ONTAP"},{"burt":"846384","jira":"","product":"Clustered Data ONTAP Antivirus Connector"},{"burt":"846407","jira":"","product":"Config Advisor"},{"burt":"846401","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"846393","jira":"","product":"FlashRay"},{"burt":"846386","jira":"","product":"NetApp Host Agent"},{"burt":"846383","jira":"","product":"NetApp Manageability SDK"},{"burt":"846398","jira":"","product":"NetApp SMI-S Provider"},{"burt":"846402","jira":"","product":"NetApp Storage Encryption"},{"burt":"846404","jira":"","product":"NetApp VTL"},{"burt":"846385","jira":"","product":"OnCommand Balance"},{"burt":"846395","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"846387","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"846392","jira":"","product":"OnCommand Unified Manager Host Package"},{"burt":"846405","jira":"","product":"OnCommand Workflow Automation"},{"burt":"846389","jira":"","product":"Open Systems SnapVault Agent"},{"burt":"846382","jira":"","product":"Service Processor"},{"burt":"846396","jira":"","product":"SnapDrive for Unix"},{"burt":"846399","jira":"","product":"SnapDrive for Windows"},{"burt":"846400","jira":"","product":"SnapProtect"},{"burt":"846403","jira":"","product":"StorageGRID9 (9.x and prior)"},{"burt":"846406","jira":"","product":"Virtual Storage Console for Citrix XenServer"}],"kb_investigating_list":[],"kb_num":"9010010","kb_ref":["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3505","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3506","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3507","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3508","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3509","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3510","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3511","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3512","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5139","https://www.openssl.org/news/secadv_20140806.txt","https://www.openssl.org/news/vulnerabilities.html"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20141030","version":"1.0"},{"comment":"Updated Affected Products","date":"20141118","version":"2.0"},{"comment":"Updated Products Not Affected","date":"20150318","version":"3.0"},{"comment":"Updated Software Versions and Fixes","date":"20150320","version":"4.0"},{"comment":"Updated Software Versions and Fixes","date":"20150326","version":"5.0"},{"comment":"Updated Affected Products, Products Not Affected, & Software Versions and Fixes","date":"20150327","version":"6.0"},{"comment":"OnCommand Unified Manager Core Package (5.x) added to Software Versions and Fixes","date":"20150721","version":"7.0"},{"comment":"OnCommand Unified Manager Host Package added to Affected Products & Software Versions and Fixes","date":"20150828","version":"8.0"},{"comment":"Clustered Data ONTAP added to Software Versions and Fixes; Data ONTAP Edge moved to Products Not Affected","date":"20150911","version":"9.0"},{"comment":"Data ONTAP SMI-S Agent & NetApp Host Agent added to Software Versions and Fixes","date":"20150917","version":"10.0"},{"comment":"SnapDrive for UNIX (SDU) and SnapDrive for Windows added to Software Versions and Fixes","date":"20151029","version":"11.0"},{"comment":"SnapProtect added to Software Versions and Fixes","date":"20160811","version":"12.0"},{"comment":"FlashRay removed due to EOL","date":"20161108","version":"13.0"},{"comment":"ATTO FibreBridge, StorageGRID Webscale and Storage Services Connector moved to Products Not Affected, Cluster Network/Management Switches (Cisco), Fibre Channel Switch (Cisco) and Fibre Channel Switch (Brocade) moved to Affected Products and added to Software Versions and Fixes, Cluster Network/Management Switches (NetApp) added to Software Versions and Fixes; Final status","date":"20161130","version":"14.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2014-3505":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2014-3506":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:ND/RC:ND","CVE-2014-3507":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2014-3508":"CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C","CVE-2014-3509":"CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C","CVE-2014-3510":"CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2014-3511":"CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:C","CVE-2014-3512":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2014-5139":"CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},"kb_scoring_calc":[{"cve_id":"CVE-2014-3505","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3506","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:ND/RC:ND"},{"cve_id":"CVE-2014-3507","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3508","range":"LOW","score":3.7,"vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3509","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3510","range":"LOW","score":3.7,"vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3511","range":"LOW","score":3.7,"vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3512","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-5139","range":"LOW","score":1.6,"vector":"AV:L/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions through 0.98za, 1.0.0m, and 1.0.1h are susceptible to memory leaks, denial of service attacks, and potential crashes that can be caused by specially crafted packets or handshake messages.\r\n<ul><li>Double Free when processing DTLS packets (CVE-2014-3505)</li><li>DTLS memory exhaustion (CVE-2014-3506)</li><li>DTLS memory leak from zero-length fragments (CVE-2014-3507)</li><li>Information leak in pretty printing functions (CVE-2014-3508)</li><li>Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)</li><li>OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)</li><li>OpenSSL TLS protocol downgrade attack (CVE-2014-3511)</li><li>SRP buffer overrun (CVE-2014-3512)</li><li>Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)</li></ul>","kb_title":"August 2014 OpenSSL CVE Bundle Security Vulnerabilities in Multiple NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Data ONTAP operating in 7-Mode","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","NetApp Cloud Backup (formerly AltaVault)","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp Storage Encryption","OnCommand Insight","OnCommand Performance Manager (Unified Manager Performance Pkg)","Single Mailbox Recovery","Snap Creator Framework","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)","System Manager 9.x","Virtual Storage Console for Citrix XenServer"],"kb_workarounds":"None.","ntap_advisory_id":"NTAP-20141030-0001","adv_id":"ntap-20141030-0001","published_date":"2014-10-30T00:00:00","updated_date":"2016-11-30T00:00:00","inserted_date":"2025-05-27T05:01:19.716000","modified_date":null}}