Patch available for OpenSSL Heartbleed security bug in synthetic TEA Agent

This patch addresses the CVE-2014-0160 bug discovered in the OpenSSL (https://www.openssl.org/) handling transport layer security (TLS) and datagram transport layer security (DTLS) Heartbeat Extension packets. Nicknamed the Heartbleed Bug, this bug introduces a serious vulnerability in the popular OpenSSL cryptographic software library.

Unsupported parameter for macro: title Due of this, the macro might have some unexpected results.

Do you need to install this patch?

Borland-Silk-Performer-Synthetic-Transaction-Monitoring-for-BMC-Software-version-15-00, used with BMC Synthetic End User Experience Monitoring 2.5.01, includes a version of OpenSSL (1.0.1c) that has the Heartbleed bug. However, because of the way in which OpenSSL is used in the product, synthetic transaction monitoring is not vulnerable to the problems identified in this bug. Synthetic transaction monitoring does not use the OpenSSL library to make any external incoming or outgoing connections. The vulnerable version of OpenSSL is used only in the module that decrypts synthetic transaction data after it is captured. For these reasons, BMC believes that synthetic transaction monitoring customers are not at risk from the OpenSSL vulnerability.

However, BMC takes security seriously and is releasing this patch, which updates the OpenSSL library in the product.

If you have questions about whether to install this patch, contact BMC Customer Support.

Patch contents

The patch contains the following files:

File name	Description
readme.pdf	This file, which contains patch description and installation instructions
AgentCredentialsUtil.jar	Utility to update BMC Application Performance Management Console credentials and results archive password
BMCTEAAgent.exe	Agent executable file
BMCTEAAgent.pdb	Agent debugging and project state information
libeay32.dll	Encryption functions that enable coded communication over networks
ssleay32.dll	Module associated with The OpenSSL Toolkit from The OpenSSL Project

Compatibility

The patch applies to Borland Silk Performer Synthetic Transaction Monitoring for BMC Software version 15.00, which is compatible with BMC Real End User Experience Monitoring and Analytics 2.5.01.

Issue addressed

The patch addresses the issue of an OpenSSL cryptography library security vulnerability.

Applying the patch

Perform the following procedure for each installed BMC TEA Agent.

Stop the TEA Agent service.
Extract the patched files to a temporary folder.
Back up the TEA Agent files by copying the TEAAgent folder located in the installation directory.
The default installation directory is C:\Program Files (x86)\BMC Software\BMCTEAAgent.
Copy (overwrite) the files provided in the patch to the TEAAgent folder.
Modify the TEA Agent credentials by using the supplied AgentCredentialsUtil.jar (see instructions below).
Start the TEA Agent service.

Modifying the TEA Agent credentials (AgentCredentialsUtility.jar)

Ensure that the AgentCredentialsUtility.jar file is in the installationDirectory/TEAAgent directory.

Run the utility in interactive mode or with arguments.

Interactive mode

Use the CLI to run the JAR file and follow the instructions on the display.

Example

{{code language="none"}}
C:\>java -jar "C:\Program Files (x86)\BMC Software\BMCTEAAgent\TEAAgent\AgentCredentialsUtil.jar"
{{/code}}

Arguments mode

Use the CLI to run the JAR file with the following syntax:

C:\>java -jar "<installationDirectory>\AgentCredentialsUtil.jar" <APMconsoleAdminUserName> <adminUserPassword> <resultsArchivePassword>

Provide values for the following parameters:

<installationDirectory> is the location of the JAR file
<APMconsoleAdminUserName> is the APM Console administrator user name
<adminUserPassword> is the APM Console administrator password
<resultsArchivePassword> is the results archive password

Example

C:\>java -jar "C:\Program Files (x86)\BMC Software\BMCTEAAgent\TEAAgent\AgentCredentialsUtil.jar" myUser myUserP@$$word myArchivePassword

The JAR automatically replaces the agent-credentials.txt file in the /WorkingFolder/Conf/ directory.

Warning

After applying the patch, do not use the TEA Agent version 1.0.01 installation utility to modify the TEA Agent configuration. The earlier installation utility will overwrite the new files.

Instead, you can manually change configuration values in installationDirectory\TEAAgent\WorkingFolder\Conf.

If a problem occurs

If you encountered problems during the installation of the patch or if you could not access the internet to run the installation, contact BMC Customer Support.