Systemwalker Service Quality Coordinator: Vulnerability in processing of ChangeCipherSpec messages in OpenSSL(CVE-2014-0224). August 7th, 2014
1. Description
In the case of the following functions and conditions of Systemwalker Service Quality Coordinator, a vulnerability problem exists in handling the messages of Change Cipher Spec in OpenSSL.
- Agentless Monitoring (All kinds of OS, V13.5.0 or later)
- In the case the monitored server is VMware ESX, VMware ESXi, or VMware vCenter, and
- In the case "HTTPS" is set as the communication method for communicating with monitored server, and
- In the case a monitored server is using the OpenSSL corresponding to this vulnerability.
- Service Operation Management (All kinds of OS, all versions)
- In the case "HTTPS" service is manged, and
- In the case the managed service is using the OpenSSL corresponding to this vulnerability.
- End User Response Management (Browser Agent) (OS: Windows, all versions)
- In the case a collection server is using "HTTPS" service, and
- In the case the collection server is using the OpenSSL corresponding to this vulnerability.
The workaround shown in 3-3. are provided, and Fujitsu requests that these be applied promptly.
2. Impact
The communication data of Systemwalker Service Quality Coordinator can be decoded or falsified by man-in-the-middle attack.
Please refer to the public information of JVN described in "4. Related information" for the severity of this vulnerability.
3. Affected systems and corresponding action
3-1. Affected systems:
PRIMERGY, GP5000, PRIMEPOWER, GP7000F, SPARC, PRIMEQUEST, CELSIUS, FMV
3-2. Affected products and required patch
| Products | Version | Target OS | Package name | Patch ID. |
|---|---|---|---|---|
| Systemwalker Service Quality Coordinator Enterprise Edition | V11.0L10 | Windows NT Server 4.0/ Windows 2000 Server(x86)/ Windows Server 2003(x86) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | V11.0L10 | RHEL(v.3) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 11.0 | Solaris 7/ 8/ 9 | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | V12.0L10 | Windows 2000 Server(x86)/ Windows Server 2003(x86) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | V12.0L10 | RHEL(v.3) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 12.0 | Solaris 7/ 8/ 9 | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.0.0 | Windows 2000 Server(x86)/ Windows Server 2003(x86) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.0.0 | Windows Server 2003(IPF) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.0.0 | RHEL(v.4 for x86) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.0.0 | RHEL(v.4 for Itanium) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.0.0 | Solaris 7/ 8/ 9/ 10 | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.3.0 | Windows 2000 Server(x86)/ Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.3.0 | Windows Server 2003(IPF)/ Windows Server 2008(IPF) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.3.0 | RHEL5(for x86)/ RHEL5(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.3.0 | RHEL5(for Intel Itanium) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.3.0 | Solaris 9/ 10 | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.4.0 | Windows 2000 Server(x86)/ Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.4.0 | Windows Server 2003(IPF)/ Windows Server 2008(IPF) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.4.0 | Windows Server 2003(x64)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.4.0 | RHEL5(for x86)/ RHEL5(for Intel64)/ RHEL6(for x86)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.4.0 | RHEL5(for Intel64)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.4.0 | RHEL5(for Intel Itanium) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.4.0 | Solaris 9/ 10 | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.5.0 | Windows 2000 Server(x86)/ Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.5.0 | Windows Server 2003(x64)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.5.0 | RHEL5(for x86)/ RHEL5(for Intel64)/ RHEL6(for x86)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.5.0 | RHEL5(for Intel64)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 13.5.0 | Solaris 9/ 10 | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.0 | Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.0 | Windows Server 2003(x64)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.0 | RHEL5(for x86)/ RHEL5(for Intel64)/ RHEL6(for x86)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.0 | RHEL5(for Intel64)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.0 | Solaris 9/ 10/ 11 | - | Pending* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.1 | Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64)/ Windows Server 2012(x64) | - | T009341WP-03 |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.1 | Windows Server 2003(x64)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64)/ Windows Server 2012(x64) | - | T009342XP-03 |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.1 | RHEL5(for x86)/ RHEL5(for Intel64) | - | T009343LP-02 |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.1 | RHEL5(for Intel64) | - | Scheduled* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.1 | RHEL6(for x86)/ RHEL6(for Intel64) | - | T009344LP-02 |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.1 | RHEL6(for Intel64) | - | Scheduled* |
| Systemwalker Service Quality Coordinator Enterprise Edition | 15.0.1 | Solaris 9/ 10/ 11 | - | T009347SP-02 |
| Systemwalker Service Quality Coordinator Standard Edition | V11.0L10 | Windows Server NT 4.0/ Windows 2000 Server(x86)/ Windows Server 2003(x86) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | V11.0L10 | RHEL(v.3) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 11.0 | Solaris 7/ 8/ 9 | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | V12.0L10 | Windows 2000 Server(x86)/ Windows Server 2003(x86) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | V12.0L10 | RHEL(v.3) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 12.0 | Solaris 7/ 8/ 9 | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.0.0 | Windows 2000 Server(x86)/ Windows Server 2003(x86) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.0.0 | RHEL(v.4 for x86) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.0.0 | RHEL(v.4 for Itanium) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.0.0 | Solaris 7/ 8/ 9/ 10 | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.3.0 | Windows 2000 Server(x86)/ Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.3.0 | Windows Server 2003(IPF)/ Windows Server 2008(IPF) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.3.0 | RHEL5(for x86)/ RHEL5(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.3.0 | RHEL5(for Intel Itanium) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.3.0 | Solaris 9/ 10 | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.4.0 | Windows 2000 Server(x86)/ Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64)/ 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.4.0 | Windows Server 2003(IPF)/ Windows Server 2008(IPF) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.4.0 | Windows Server 2003(x64)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.4.0 | RHEL5(for x86)/ RHEL5(for Intel64)/ RHEL6(for x86)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.4.0 | RHEL5(for Intel64)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.4.0 | RHEL5(for Intel Itanium) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.4.0 | Solaris 9/ 10 | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.5.0 | Windows 2000 Server(x86)/ Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.5.0 | Windows Server 2003(x64)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.5.0 | RHEL5(for x86)/ RHEL5(for Intel64)/ RHEL6(for x86)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.5.0 | RHEL5(for Intel64)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 13.5.0 | Solaris 9/ 10 | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.0 | Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.0 | Windows Server 2003(x64)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.0 | RHEL5(for x86)/ RHEL5(for Intel64)/ RHEL6(for x86)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.0 | RHEL5(for Intel64)/ RHEL6(for Intel64) | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.0 | Solaris 9/ 10/ 11 | - | Pending* |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.1 | Windows Server 2003(x86)/ Windows Server 2003(x64)/ Windows Server 2003 R2(x86)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x86)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64)/ Windows Server 2012(x64) | - | T009341WP-03 |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.1 | Windows Server 2003(x64)/ Windows Server 2003 R2(x64)/ Windows Server 2008(x64)/ Windows Server 2008 R2(x64)/ Windows Server 2012(x64) | - | T009342XP-03 |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.1 | RHEL5(for x86)/ RHEL5(for Intel64) | - | T009343LP-02 |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.1 | RHEL5(for Intel64) | - | Scheduled* |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.1 | RHEL6(for x86)/ RHEL6(for Intel64) | - | T009344LP-02 |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.1 | RHEL6(for Intel64) | - | Scheduled* |
| Systemwalker Service Quality Coordinator Standard Edition | 15.0.1 | Solaris 9/ 10/ 11 | - | T009347SP-02 |
| Systemwalker Service Quality Coordinator Browser Agent | V11.0L10 | Windows NT Server 4.0/ Windows 98/ Windows ME/ Windows 2000 Server/ Windows XP | - | Pending* |
| Systemwalker Service Quality Coordinator Browser Agent | V12.0L10 | Windows 98/ ME/ Windows 2000 Server/ Windows XP | - | Pending* |
| Systemwalker Service Quality Coordinator Browser Agent | 13.0.0 | Windows 98/ ME/ Windows 2000 Server/ Windows XP | - | Pending* |
| Systemwalker Service Quality Coordinator Browser Agent | 13.3.0 | Windows 2000 Server/ Windows XP/ Windows Vista | - | Pending* |
| Systemwalker Service Quality Coordinator Browser Agent | 13.4.0 | Windows 2000 Server/ Windows XP/ Windows Vista/ Windows 7 | - | Pending* |
| Systemwalker Service Quality Coordinator Browser Agent | 13.5.0 | Windows 2000 Server/ Windows XP/ Windows Vista/ Windows 7 | - | Pending* |
| Systemwalker Service Quality Coordinator Browser Agent | 15.0.0 | Windows XP/ Windows Vista/ Windows 7 | - | Pending* |
| Systemwalker Service Quality Coordinator Browser Agent | 15.0.1 | Windows XP/ Windows Vista/ Windows 7/ Windows 8 | - | Pending* |
For the solution, please refer to the following "3-3. Workaround".
Note: Determining the affected product
How to confirm the version level of the product which you are using is as below.
Note that Uninstallation and Management (middleware) can be confirmed when the version level of Systemwalker Service Quality Coordinator is V15.0.0 or later.
How to confirm the version level of the product:
If the server is Windows:
- From the Start menu, select All Programs or All Applications, Fujitsu, Uninstallation and Management(middleware).
- Confirm the version level of Systemwalker Service Quality Coordinator.
Or,
- Double-click Add/Remove Programs or Add or Remove Programs in Control Panel.
- Confirm the version level of Systemwalker Service Quality Coordinator.
If the server is Linux:
- Confirm the version level by Uninstallation and Management(middleware).
Run the following command from the Console.
# /opt/FJSVcir/cir/bin/cimanager.sh -c
Or,
- Run the following command from the Console.
The package name can be confirmed in Release Note.
# rpm -iq package-name
Example: When you confirm the version level of Manager:
# rpm -iq FJSVsqcmg
If the server is Solaris:
- Confirm the version level by Uninstallation and Management(middleware).
Run the following command from the Console.
# /opt/FJSVcir/cir/bin/cimanager.sh -c
Or,
- Run the following command from the Console.
The package name can be confirmed in Release Note.
# pkginfo -l package-name
Example: When you confirm the version level of Manager:
# pkginfo -l FJSVsqcmg
3-3. Workaround
- In case of I. Agentless Monitoring described in 1. Description
Agentless Monitoring: Apply patches for the VMware which is monitored server.
Regarding patches of VMware, please refer to the public information described in 4. Related information. - In case of II. Service Operation Management and III. End User Response Management (Browser Agent) described in 1. Description
Change the version of the following OpenSSL to 1.0.1h or later.- Service Operation Management: The OpenSSL which the managed service uses
- End User Response Management (Browser Agent): The OpenSSL which the collection server uses
4. Related information
- National Vulnerability Database (NVD): CVE-2014-0224
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 - VMware
5. Revision history
- August 7th, 2014: 5th release
- "3-2. Affected products and required patch": Added Patch IDs.
- July 24th, 2014: 4th release
- "3-2. Affected products and required patch": Added Patch IDs.
- July 11th, 2014: 3rd release
- "3-2. Affected products and required patch": Updated some patch schedules.
- June 23rd, 2014: 2nd release
- "1. Description" and "3-3. Workaround": Corrected the words "Browser Agent" to "End User Response Management (Browser Agent)".
- "4. Related information": Added related information of the VMware.
- June 13th, 2014: Initial release
