Knowledge Search


×
 

[SBR] Patches for Steel-Belted Radius Enterprise and Global Enterprise for OpenSSL Vulnerability

  [KB29217] Show Article Properties


Summary:

This article provides basic information for the OpenSSL vulnerability documented in CVE-2014-0224.

Important: This article ONLY applies to Steel-Belted Radius Enterprise Release 6.10-6.17 and Steel-Belted Radius Global Enterprise Release 6.10-6.17.

This article does not address Steel-Belted Radius Carrier Release 7.x/8.x.  Please contact JTAC directly for information regarding this version.

Symptoms:

Steel-Belted Radius version 6.1x has been identified as being vulnerable to the OpenSSL vulnerability discussed in Vulnerability Summary for CVE-2014-0224.

This article will provide access to and instructions for installing the patched libraries.

Cause:
Solution:

Steel-Belted Radius is supported on three platforms; Windows, Linux and Solaris (Sparc).

Download the appropriate archive file from this article and extract to a temporary directory on your server:

Windows x86 and x64
Linux
Solaris

Windows:

  1. Stop the Steel-Belted Radius service via the 'services' control panel.
  2. Once stopped, copy the files located in the archive to "C:\Program Files\Common Files\Funk Software\" or "C:\Program Files (x86)\Common Files\Funk Software\" depending on the operating system version.
  3. Start the Steel-Belted Radius service and verify that the server starts by logging into the Web Admin.


Linux/Solaris:

  1. Stop the Steel-Belted Radius daemon by issuing the command : ./sbrd stop from within the /opt/JNPRsbr/radius  directory.
  2. Use the chmod command to change the permissions on the libraries to rwxr-xr-x. Issue the command : chmod 755 *.so in the temporary directory.
  3. Once the daemon is stopped, copy the files in the temporary directory to /opt/JNPRsbr/radius/system/lib
  4. Start the Steel-Belted Radius daemon by issuing the command : ./sbrd start from within the /opt/JNPRsbr/radius directory.
  5. Verify that the server has started by logging into the Web Admin.
Related Links: