cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Heartbleed.com - OpenSSL security concerns

Hello Serv-U users,

With the announcement of the Heartbleed bug \ CVE-2014-0160 we are seeing a large amount of our users concerned with their deployments of Serv-U being affected.

The links about tell us that only the following OpenSSL libraries are effected

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable


Serv-U is officially UNAFFECTED due to the fact we are currently using OpenSSL 0.9.8


We made sure though our own testing and validation that the "heartbleed" bug is something our administrators do not need to worry about.


If you have any questions comments or concerns about this issue please feel free to reply to this or submit a technical support ticket

Comments

I just check ours with those two files (SSLEAY32.DLL & LIBEAY32.DLL) mentioned from the other forum (Re: OpenSSL in Serv-U ver 15.x) and found out we're using 1.0.1e.

I run to another site https://lastpass.com/heartbleed" to test vulnerability for our site and it came out as NOT VULNERABLE.

What other steps can I verify that our system is not affected by this bug?

What about the NCM built-in SFTP server?

Is that safe or vulnerable?

While I cannot speak directly for NCM's built in SFTP server I know the NCM team is still currently testing their product and will make a public announcement as soon as it is confirmed either way.

For further confirmation on NCM please contact their team via support ticket or their section in Thwack.

austinkeith....i look forward to this announcement... thanks

Thank you...

Thanks for the information.

Version history
Revision #:
1 of 1
Last update:
‎04-08-2014 04:17 PM
Updated by: