Technical Blog Post
Abstract
Helping us help you - The POODLE Problem.
Body
Hello folks,
So as you may be aware we've had a raft of interestingly named vulnerabilities poping up recently. There's been FREAK, Logjam, Bar Mitzvah (so called because it's actually based on a 13 year old vulnerability in RC4) but today we're going to focus on POODLE.
POODLE stands for "Padding Oracle On Downgraded Legacy Encryption" and it's impacted a whole raft of products from just about every vendor out there, including IBM. We've issued a number of fixes for it, details of which can be found here - http://www-01.ibm.com/support/docview.wss?uid=swg21694339
What I want to talk about today, specifically, is a customer who was still seeing a machine being flagged up as vulnerable in his security scans even though he had installed the fix for POODLE on his TEMS. If you checked the cinfo output, it confirmed the fix was installed -
ms Tivoli Enterprise Monitoring Server
aix536 Version: 06.30.04.00
Patch: 6.3.0-TIV-ITM-FP0004 APARs: IV68044
The issue here was that the customer had not installed the fix for the AX component, the shared libraries -
ax IBM Tivoli Monitoring Shared Libraries
aix526 Version: 06.30.04.00
aix536 Version: 06.30.04.00
When installing the POODLE fix, make sure you have also updated the shared libraries and not just the TEMS component or else you will still see issues in your vulnerability scans and you will still have the SSL V3 port showing as open in your logs -
+5677D5E1.0000 SSL V2 CipherSpecs: Disabled
+5677D5E1.0000 SSL V3 CipherSpecs: 352F0A
To resolve this, install the patch on the system for the ax component and restart the machine.
Hope you find this useful.
Subscribe and follow us for all the latest information directly on your social feeds:
|
|
|
Check out all our other posts and updates: | |
Academy Blogs: | h |
Academy Videos: | http://ow.ly/PIKFz |
Academy Google+: | http://ow.ly/Dj3nn |
Academy Twitter Handle: | http://ow.ly/Dj35c |
UID
ibm11083387