Skip to main content

Fujitsu

Spain

Archived content

NOTE: this is an archived page and the content is likely to be out of date.

SERVICE FACTS

OPENSSL VULNERABILITY - THE “HEARTBLEED” BUG EFFECT ON PRIMERGY AND RELATED SOFTWARE

PROBLEM / QUESTION

A significant and serious security vulnerability, known as Heartbleed has been identified in the popular OpenSSL cryptographic protocol that affects Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption.

Many users now are concerned about the security of Fujitsu software and services and need to know whether or not action is required in order to restore secure communication.

This SupportBulletin is intended to answer the most common questions regarding the effect of the Heartbleed bug on Fujitsu PRIMERGY software and services.

AFFECTED AND UNAFFECTED PRODUCTS

  • The following Fujitsu PRIMERGY product is affected:
    • ServerView RAID Manager versions 5.5, 5.6 and 5.7
  • The following Fujitsu PRIMERGY products are not affected:
    • Fujitsu does not consider CVE-2014-0160 to be a security vulnerability for any of the following ServerView Suite products:
      ServerView Installation Manager
      ServerView Scripting Toolkit (WIN PE and Linux)
      ServerView PXE Mass Update Tools
      ServerView Integration Pack for Altiris
      ServerView Deployment Manager
      ServerView Operations Manager for Windows and Linux
      ServerView Agents and Providers for Windows
      ServerView Agents and Providers for Linux
      ServerView CIM Providers for ESXi
      ServerView PrimeCollect
      ServerView Update Manager Express
      ServerView Storman
      ServerView Online Diagnostics
      ServerView Virtual I/O Manager
      ServerView Integration Packages for Microsoft System Center products
      ServerView Integration Package for HP Operations Manager
      ServerView Integration Package for HP OpenView NNM
      ServerView Plug-in for Nagios
      ServerView Plug-in for VMware VCenter
      ServerView iRMC S1/S2/S3/S4
      ServerView Management Blade (MMB) of BX400, BX600 or BX900
      AIS Connect
    • Fujitsu does not consider CVE-2014-0160 to be a security vulnerability for any of the following components:
      Baseboard Management Controller (BMC) of CX250 S1/S2
      cBlades of PRIMERGY BladeFrame BF200 / BF400 S2
      PY BX600 Eth Switch 1Gb 10/6+2 (SB9)
      PY CB Eth Switch/IBP 1Gb 18/6 (SB6)
      PY CB Eth Switch/IBP 36/8+2x10Gb (SB11)
      PY CB Eth Switch/IBP 1Gb 36/12 (SB11a)
      PY CB Eth Switch/IBP 10Gb 18/8 (SBAX2)
      SBAX3/CFX2000
      Brocade FC/VDX
      CB DCB Switch FEX B22F 10Gb 16/8 (Cisco)
      Mellanox PTM
      Mellanox IB switch
      Mellanox IB HBA
      Emulex HBA/CNA
      Intel NIC
      Intel IB switch
      Intel IB HBA

    Note:

    Linux operating systems may also be affected by the Heartbleed vulnerability and may have to be updated! Please note that affected versions require adjustments if ServerView Operations Manager is running on these systems (see section Solution / Workaround below)! A list of affected versions can be found here:

SOLUTION / WORKAROUND

ServerView RAID Manager:

Updated versions of ServerView RAID Manager 5.6, 5.7 as well as a new version 5.8 are already available. Please update to latest versions – depending on hardware respectively operating system:

  • The new version 5.8.5 of ServerView RAID Manager is already available on the Fujitsu Driver & DownloadsOpen a new window web server and also on the ServerView Installation Manager DVD 11.14.4!
  • The corrected version 5.7.11 of ServerView RAID Manager – which is only required for VMware ESX Server 4.0 – is already available on the Fujitsu Driver & DownloadsOpen a new window web server!
  • The corrected version 5.6.7 of ServerView RAID Manager – which is only required for older RAID controllers**) – is already available on the Fujitsu Driver & DownloadsOpen a new window web server!

**) Please use the following ServerView RAID Manager versions for older RAID controllers:

  • - ServerView RAID Manager 5.6.7 which supports Adaptec HostRAID, IBM ServeRAID, LSI SCSI RAID, Promise RAID controllers
  • ServerView RAID Manager 2.3.18 which supports Adaptec 2120S, 2200S, 2020ZCR (not affected by the vulnerability; no update is necessary)

The corrected versions are available for download on the Fujitsu Driver & DownloadsOpen a new windows web server.

Until the corrected versions are installed, please make sure that the server which is running ServerView RAID Manager is not reachable from the Internet! Deinstalling ServerView RAID Manager involves the risk of not being able to monitor the status of the server’s RAID or any occurring problems. It might therefore be more advisable to restrict the web access of ServerView RAID Manager to the local system. The following options can be changed within the configuration file of ServerView RAID Manager:

  • Edit the file amDPatch.ini in directory %ProgramFiles%\Fujitsu\ServerView Suite\RAID Manager\bin (Windows) respectively /opt/Fujitsu/ServerViewSuite/RAIDManager/bin (Linux, VMware ESX Server).
  • In order to refuse external connections to the web interface of ServerView RAID Manager, please use the following option:
    LocalConnections = 1
    (Default: LocalConnections = 0)  ***)
    This is the recommended setting until the corrected version of ServerView RAID Manager has been installed. This option only allows local connections to the web interface by using the web address https://localhost:3173.
  • Additionally customers who want to completely restrict the access to the web interface of ServerView RAID Manager may also remove the value SJT from the Modules option:
    Modules = amSNMP, amMPX, amCmd, amEMSV
    (Default: Modules = SJT, amSNMP, amMPX, amCmd, amEMSV)  ***)
    This will refuse any access to the web interface of ServerView RAID Manager. It's then still possible to manage the server's RAID by using the local ServerView RAID Manager amCLI command (please see the ServerView RAID Manager manual for more information).
  • In order to enable the new settings, it is necessary to restart the ServerView RAID Manager service amService (Windows) respectively amDaemon (Linux, VMware ESX Server)!

***)     After installation of the corrected version of ServerView RAID Manager, please check these options and revert to the default value if necessary.

ServerView Suite on Linux Operating Systems:

It is strongly recommended to examine the operating system and hypervisor, as well as any hardware, middleware or software products on all existing servers for CVE-2014-0160 vulnerability and to engage their respective vendors for information.

An affected Linux distribution should be updated to a not affected OpenSSL version as soon as possible. The necessary procedure is also described here:
https://access.redhat.com/site/solutions/781793

In addition, two symbolic links have to be adapted if ServerView Operations Manager is installed on these systems:

  1. Remove the following existing symbolic links for ServerView / OpenSSL:
    rm /usr/lib/serverview/libssl.so
    rm /usr/lib/serverview/libcrypto.so
  2. Establish new symbolic links for ServerView pointing to the updated – not affected – OpenSSL version. The example below lists the commands for OpenSSL version 1.0.1g:
    ln -s /usr/lib/libssl.so.1.0.1g /usr/lib/serverview/libssl.so
    ln -s /usr/lib/libcrypto.so.1.0.1g /usr/lib/serverview/libcrypto.so

VMware ESXi 5.5

A new Fujitsu custom image has been released to solve the problem of the affected VMware product. The Fujitsu Custom Offline Bundle ESXi 5.5 Update 1 (version 311.1.1746018) has been released and is available for download on the Fujitsu Driver & DownloadsOpen a new window web server.

Additional Actions

After applying all necessary fixes for ServerView RAID Manager and/or Linux operating systems, please consider to change certificates, passwords, etc. Please check the Internet for additional information on doing so. A good starting point might be http://heartbleed.com.


Important note:
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. FUJITSU RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. FUJITSU EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.

Last Update: 02.06.2014