IBM Support

JR52067: ENABLE STRICT PADDING FOR CVE-2014-8730

A fix is available

Communications Server for Windows, Version 6.4 -- Latest Fixpack

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Communications Server for Windows, v6.4 and v6.1.3
--------------------------------------------------
Product could allow a remote attacker to obtain sensitive
information, caused by the failure to check the contents of the
padding bytes when using CBC cipher suites of some TLS
implementations. A remote user with the ability to conduct a
man-in-the-middle attack could exploit this vulnerability via a
POODLE (Padding Oracle On Downgraded Legacy Encryption) like
attack to decrypt sensitive information and calculate the
plaintext of secure connections.

Local fix

  • 



Problem summary


    

  • Product could allow a remote attacker to obtain sensitive
information, caused by the failure to check the contents of the
padding bytes when using CBC cipher suites of some TLS
implementations. A remote user with the ability to conduct a
man-in-the-middle attack could exploit this vulnerability via a
POODLE (Padding Oracle On Downgraded Legacy Encryption) like
attack to decrypt sensitive information and calculate the
plaintext of secure connections.

    



Problem conclusion


    

  • The TN3270 Server code has been modified to enable strict
padding check. Clients that do not implement padding correctly
may not be able to connect.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR52067
    • 

  • Reported component name
    COMM SERV NT 6.
    • 

  • Reported component ID
    5639F2503
    • 

  • Reported release
    640
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2014-12-16
    • 

  • Closed date
    2014-12-16
    • 

  • Last modified date
    2014-12-16
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
JR52061
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    COMM SERV NT 6.
    • 

  • Fixed component ID
    5639F2503
    • 



Applicable component levels


    

  • R640  PSY  
       
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSHQNF","label":"Communications Server for Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            14 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback