The Dell KACE family of appliances includes the K1000 Systems Management Appliance, the K2000 Systems Deployment Appliance and the Dell KACE K3000 Mobile Device Management Appliance. While all three appliances utilize OpenSSL, only the K3000 utilizes a version of OpenSSL that is vulnerable to the Heartbleed vulnerability detailed at http://www.us-cert.gov/ncas/alerts/TA14-098A. The Heartbleed vulnerability affects all versions of the K3000. The Heartbleed vulnerability does not affect any version of the K1000 or K2000 appliances.
Dell KACE has released a security hot fix for the K3000 (applies to minimum version 1.1.98240) that can be downloaded here to remediate this vulnerability.
Once applied the new version will be 1.1.98241
Release Note 1: For customers on earlier versions, you will need to upgrade to v1.1.98240 prior to applying the security fix. K3000 downloads can be accessed here: https://www.kace.com/support/my/downloads
Release Note 2: Known issue that persists from previous K3 upgrades; occasionally the restart of nginx does not complete and the update seems to hang. This is rare, but if it occurs, a reboot of the K3000 machine resolves this - the update will be complete after that.
Release Note 3: The version increase to 1.1.98241 is indicated in the About K3000 screen, but not in the bottom right of the Mobile Management or K3000 Settings screens.
Notice: KACE also recommends that you update passwords and any other sensitive data, and regenerate certificates:
Information on Dell KACE hotfixes can be found at: http://www.kace.com/support/resources/kb/SearchKB
K3000 Mobile Management Appliance
Created on: 4/8/2014
Last Update on: 4/17/2014