USN-5488-1: OpenSSL vulnerability - CRITICAL

Comments

1 comment

  • Avatar
    Firewalla

    Thank you for the note.

    First, we only patch vulnerabilities that are specific to running Firewalla. (We also actively monitor the impacted CVE's and patch them with each release) If you look above, things like "vim", really don't apply to us. 

    As for the OpenSSL CVE's, we do track them. The ones you listed are related to c_rehash, this is something we don't use. And even if we use it, the vulnerability is pretty much privilege escalation 

    On such operating systems, an attacker
    could execute arbitrary commands with the privileges of the script.

    Due to the nature of how firewalla look at network packets, firewalla user "pi" has sudo access to the system already; so if you can get into the system, you are essentially root.

    1
    Comment actions Permalink

Please sign in to leave a comment.