A fix is available
APAR status
Closed as program error.
Error description
Communications Server for Windows, v6.4 and v6.1.3 -------------------------------------------------- Product could allow a remote attacker to obtain sensitive information, caused by the failure to check the contents of the padding bytes when using CBC cipher suites of some TLS implementations. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack to decrypt sensitive information and calculate the plaintext of secure connections.
Local fix
Problem summary
Product could allow a remote attacker to obtain sensitive information, caused by the failure to check the contents of the padding bytes when using CBC cipher suites of some TLS implementations. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack to decrypt sensitive information and calculate the plaintext of secure connections.
Problem conclusion
The TN3270 Server code has been modified to enable strict padding check. Clients that do not implement padding correctly may not be able to connect.
Temporary fix
Comments
APAR Information
APAR number
JR52067
Reported component name
COMM SERV NT 6.
Reported component ID
5639F2503
Reported release
640
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-12-16
Closed date
2014-12-16
Last modified date
2014-12-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
COMM SERV NT 6.
Fixed component ID
5639F2503
Applicable component levels
R640 PSY
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSHQNF","label":"Communications Server for Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
14 October 2021