Helping us help you - The POODLE Problem.
ShaunR 2700005SW1 Comment (1) Visits (7420)
So as you may be aware we've had a raft of interestingly named vulnerabilities poping up recently. There's been FREAK, Logjam, Bar Mitzvah (so called because it's actually based on a 13 year old vulnerability in RC4) but today we're going to focus on POODLE.
POODLE stands for "Padding Oracle On Downgraded Legacy Encryption" and it's impacted a whole raft of products from just about every vendor out there, including IBM. We've issued a number of fixes for it, details of which can be found here - http
What I want to talk about today, specifically, is a customer who was still seeing a machine being flagged up as vulnerable in his security scans even though he had installed the fix for POODLE on his TEMS. If you checked the cinfo output, it confirmed the fix was installed -
ms Tivoli Enterprise Monitoring Server
The issue here was that the customer had not installed the fix for the AX component, the shared libraries -
ax IBM Tivoli Monitoring Shared Libraries
When installing the POODLE fix, make sure you have also updated the shared libraries and not just the TEMS component or else you will still see issues in your vulnerability scans and you will still have the SSL V3 port showing as open in your logs -
Hope you find this useful.
Subscribe and follow us for all the latest information directly on your social feeds: