Helping us help you - The POODLE Problem.

Body

Hello folks,

So as you may be aware we've had a raft of interestingly named vulnerabilities poping up recently.  There's been FREAK, Logjam, Bar Mitzvah (so called because it's actually based on a 13 year old vulnerability in RC4) but today we're going to focus on POODLE.

POODLE stands for "Padding Oracle On Downgraded Legacy Encryption" and it's impacted a whole raft of products from  just about every vendor out there, including IBM.  We've issued a number of fixes for it, details of which can be found here - http://www-01.ibm.com/support/docview.wss?uid=swg21694339

What I want to talk about today, specifically, is a customer who was still seeing a machine being flagged up as vulnerable in his security scans even though he had installed the fix for POODLE on his TEMS. If you checked the cinfo output, it confirmed the fix was installed -

  ms Tivoli Enterprise Monitoring Server
    aix536 Version: 06.30.04.00
       Patch: 6.3.0-TIV-ITM-FP0004 APARs: IV68044

The issue here was that the customer had not installed the fix for the AX component, the shared libraries -

   ax IBM Tivoli Monitoring Shared Libraries
     aix526 Version: 06.30.04.00
     aix536 Version: 06.30.04.00

When installing the POODLE fix, make sure you have also updated the shared libraries and not just the TEMS component or else you will still see issues in your vulnerability scans and you will still have the SSL V3 port showing as open in your logs -

  +5677D5E1.0000                   SSL V2 CipherSpecs: Disabled
   +5677D5E1.0000                   SSL V3 CipherSpecs: 352F0A

To resolve this, install the patch on the system for the ax component and restart the machine. 

Hope you find this useful.

Subscribe and follow us for all the latest information directly on your social feeds: