Direct links to fixes
4.7.0.3-SterlingConnectDirectforMicrosoftWindows-x86-fp0003
4.6.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if007
4.7.0.3-SterlingConnectDirectforMicrosoftWindows-x86-fp0003-if002
4.6.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if010
4.7.0.3-SterlingConnectDirectforMicrosoftWindows-x86-fp0003-if005
4.7.0.3-SterlingConnectDirectforMicrosoftWindows-x86-fp0003-if012
4.6.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if015
4.6.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if017
4.7.0.3-SterlingConnectDirectforMicrosoftWindows-x86-fp0003-if015
4.7.0.3-SterlingConnectDirectforMicrosoftWindows-x86-fp0003-if020
4.6.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if022
4.7.0.4-SterlingConnectDirectforMicrosoftWindows-x86-fp0004
4.6.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if028
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006
4.7.0.4-SterlingConnectDirectforMicrosoftWindows-x86-fp0004-if007
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if008
4.7.0.4-SterlingConnectDirectforMicrosoftWindows-x86-fp0004-if016
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if009
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if013
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if015
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if018
4.7.0.4-SterlingConnectDirectforMicrosoftWindows-x86-fp0004-if023
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if006
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if013
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if016
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if025
4.7.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006
4.7.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if005
4.7.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if006
4.7.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if012
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if001
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if009
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if016
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if018
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if021
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if023
Sterling Connect:Direct for Microsoft Windows 4.6.0 Fix Packs
APAR status
Closed as program error.
Error description
SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE, CVE-2014-3566) attack. SSLv3 is enabled in IBM Sterling Connect:Direct for Microsoft Windows.
Local fix
STRRTC - 446820 VF / VF Circumvention: None
Problem summary
Users Affected: Sterling Connect:Direct for Windows 4.5.00 Sterling Connect:Direct for Windows 4.5.01 Sterling Connect:Direct for Windows 4.6.0 Sterling Connect:Direct for Windows 4.7.0 Problem Description: The SSLv3 protocol contains a number of weaknesses including POODLE (Padding Oracle On Downgraded Legacy Encryption, CVE-2014-3566). IBM Sterling Connect:Direct for Microsoft Windows is therefore also vulnerable when the SSLv3 protocol is used. Platforms Affected: Windows
Problem conclusion
Resolution Summary: Updated the SSL/TLS handshake to prevent a remote attacker from initiating an SSLv3 fallback when the session must be TLS. Recommendation: SSLv3 is an obsolete and insecure protocol. Use the TLS protocol instead. To fully disable SSLv3 and use TLS instead, ensure that all secure connections are configured to 'Enable TLS Protocol' and 'Disable Override'. Delivered In: Sterling Connect:Direct for Windows 4.5.00 Patch 054 Sterling Connect:Direct for Windows 4.5.01 Patch 020 Sterling Connect:Direct for Windows 4.6.0.5 Sterling Connect:Direct for Windows 4.7.0.2
Temporary fix
Comments
APAR Information
APAR number
IT05253
Reported component name
STR CD FOR WIND
Reported component ID
5725C9908
Reported release
470
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-10-29
Closed date
2014-11-12
Last modified date
2014-11-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR CD FOR WIND
Fixed component ID
5725C9908
Applicable component levels
Document Information
Modified date:
25 August 2023