IBM Support

6.1.1-TIV-TDI-LA0035

Download


Abstract

This TDI 6.1.1 Limited Availability Interim Fix contains fix for the SSLv3 CVE-2014-3566 POODLE Vulnerability.

Download Description


+-----------------------------------------------------+
Interim Fix 6.1.1-TIV-TDI-LA0035 README
Tivoli Directory Integrator 6.1.1
LA Interim Fix 35
(All platforms)
Date: JAN 2015
+-----------------------------------------------------+

COPYRIGHT STATEMENT
====================
JAN 2015

References in this publication to IBM products, programs, or services do
not imply that IBM intends to make these available in all countries in
which IBM operates. Any reference to an IBM program product in this
publication is not intended to state or imply that only IBM's program
product may be used. Any functionally equivalent program may be used
instead.

IBM is a trademark of the International Business Machines Corporation.

Copyright International Business Machines Corporation 2015.
All rights reserved.

Fix For
========

APAR - IO22715
PMR - 74578,49R,000

General Description:
====================
This Limited Availability Interim Fix contains fix for the SSLv3 CVE-2014-3566 POODLE Vulnerability.


Details:
========
CVE-ID: CVE-2014-3566

DESCRIPTION: SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack.
This vulnerability could allow a man-in-the-middle attacker to access the plain text of network traffic encrypted using SSLv3.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97013 for the current score
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)


Prerequisites:
==============
Tivoli Directory Integrator 6.1.1 Fixpack 10 must be installed.


Platforms:
==========
All supported Platforms.


Sizes of Files Included in this Fix:
============================

12,645 diserverapirmi.jar
2,648 MailboxConnectorUtils.jar


Applying the Fix:
=================

- Unzip the fix package to a temporary directory. The ZIP file contains diserverapirmi.jar, MailboxConnectorUtils.jar and readme file.
- Backup the older diserverapirmi.jar from the TDI installed system (TDI Install dir\jars\common). For this, rename the older files by changing its extension (Change extension to something other than .jar, .zip).
- Backup the older MailboxConnectorUtils.jar from the TDI installed system (TDI Install dir\jars\connectors). For this, rename the older files by changing its extension (Change extension to something other than .jar, .zip).
- Replace with the new diserverapirmi.jar file which is backed up earlier with the fix file.
- Replace with the new MailboxConnectorUtils.jar file which is backed up earlier with the fix file.


Confirming the Fix has been applied successfully:
=================================================
The problem must be resolved.


md5sum of Files Included in this Fix:
=====================================

a87d152c90ff1896e51782b242aca032 diserverapirmi.jar
b520fc5f1f2cb60cbbe1bf2f2f399a6f MailboxConnectorUtils.jar

Prerequisites

Tivoli Directory Integrator 6.1.1 Fixpack 10 must be installed.

Installation Instructions

Refer to 6.1.1-TIV-TDI-LA0035.README.txt for details

On
[{"DNLabel":"6.1.1-TIV-TDI-LA0035","DNDate":"21 Jan 2015","DNLang":"English","DNSize":"14527","DNPlat":{"label":"All Platforms","code":""},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Directory+Integrator&fixids=6.1.1-TIV-TDI-LA0035&source=SAR","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSCQGF","label":"Tivoli Directory Integrator"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.1","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

TDI ITDI IDI SDI ISDI

Document Information

Modified date:
15 June 2018

UID

swg24039212