SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere MQ.
CVE ID: CVE-2014-3566
DESCRIPTION: IBM WebSphere MQ could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plain text of encrypted connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97013 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
The vulnerability affects all versions and releases of IBM WebSphere MQ, IBM WebSphere MQ Internet Pass-Thru and IBM Mobile Messaging and M2M Client Pack.
Workarounds and Mitigations
SSLv3 users will want to disable SSLv3 on WebSphere MQ servers and clients and switch to using the TLS protocol.
IBM WebSphere MQ - All versions
WebSphere MQ channels select either SSL or TLS protocol from the channel CipherSpec. The following CipherSpecs are associated with the SSLv3 protocol and channels that use these should be changed to use a TLS CipherSpec;
UNIX, Linux and Windows
Use of TLS protocol is enforced by enabling FIPS 140-2 compliance mode. Enabling FIPS 140-2 compliance mode disables SSLv3 connections from being accepted by the IBM WebSphere MQ listener.
WebSphere MQ for UNIX, Linux and Windows
WebSphere MQ Managed File Transfer FIPS enablement
WebSphere MQ MQI clients
WebSphere MQ Classes for Java
WebSphere MQ Classes for JMS
WebSphere MQ MQTT Java and telemetry clients
WebSphere MQ Explorer
WebSphere MQ Managed .NET client
In addition to the MQ CipherSpecs associated with the SSLv3 protocol, IBM WebSphere MQ will prevent the following TLS CipherSpecs from being used by channels in FIPS 140-2 compliance mode;
A summary of MQ CipherSpecs, protocols and FIPS compliance status can be found here.
Note that certificate keystore management using FIPS compliant software is only required for full FIPS 140-2 compliance, it is not required for mitigation of this vulnerability.
IBM i platform
Use of the SSLv3 protocol can be disabled at a system level by altering the QSSLPCL system value. Use Change System Value (CHGSYSVAL) to modify the QSSLPCL value, changing the default value of *OPSYS to a list that excludes *SSLV3, for example;
Note that support for TLS protocol versions varies by operating system and maintenance level.
HP OpenVMS platform (Alpha & Itanium)
Use of the SSLv3 protocol can be disabled by upgrading to Fix Pack V22.214.171.124 and applying interim APAR fix IT05182. After applying the fix, MQ channels attempting to start using an SSLv3 CipherSpec will fail and MQ listeners will also reject incoming connections attempting to use the SSLv3 protocol.
HP NonStop Server platform
Prior to IBM WebSphere MQ Fix Pack V126.96.36.199 all supported CipherSpecs are vulnerable to POODLE as they all use the SSLv3 protocol. IBM WebSphere MQ Fix Pack V188.8.131.52 adds support for CipherSpecs that use the TLS protocol. Customers should upgrade to IBM WebSphere MQ Fix Pack V184.108.40.206 if they wish to use these CipherSpecs.
IBM have released a patch, IBM WebSphere MQ V220.127.116.11 Patch 1, that deprecates the use of SSLv3 CipherSpecs, this patch is available from IBM Support.
After applying the patch, MQ channels attempting to start using an SSLv3 CipherSpec will fail.
SSLv3 CipherSpec support can be re-enabled if required, by setting the 'AMQ_SSL_V3_ENABLE' environment variable, as documented in the readme file issued with the patch.
Please note: This patch is not useable on any version of IBM WebSphere MQ on HP NonStop Server other than V18.104.22.168.
Support Pac MAT1: WebSphere MQ client for HP Integrity NonStop Server
The WebSphere MQ client for HP Integrity NonStop Server can enforce use of TLS on outbound connections through setting a TLS cipherspec, the client does not accept inbound connections.
Support Pac MS81: IBM WebSphere MQ Internet Pass-Thru
Users of IBM WebSphere MQ Internet Pass-Thru 2.0 and older releases should first upgrade to IBM WebSphere MQ Internet Pass-Thru 2.1.
Alter the MQIPT route configuration to exclude support for SSL, for example;
Note that the MQIPT servlet uses the SSL/TLS library of the application server: there is no POODLE security fix for the MQIPT servlet because its SSLv3 protocol support is provided by the application server. However, the servlet could be impacted if the application server's SSL/TLS library is vulnerable. Contact your application server vendor to obtain any POODLE security fixes required.
Support Pac MA9B: IBM Mobile Messaging and M2M Client Pack - Eclipse Paho MQTT C Client
Specify a format string to the enabledCipherSuites field of MQTTAsync_sslProperties that precludes SSLv3 protocol from being used on an outbound connection, for example;
The client does not accept inbound connections.
IBM recommends that you review your entire environment to identify other areas that enable SSLv3 protocol and take appropriate mitigation (such as disabling SSLv3) and remediation actions.
Get Notified about Future Security Bulletins
IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.
20 October 2014: Original document published
23 October 2014: Updated to include Websphere MQ for NonStop Server
27 October 2014: Updated to qualify MQIPT application server may require further action
5 November 2014: Updated to remove z/OS platform, System z customers should check the System z Security Portal for latest updates relating to this vulnerability
6 November 2014: Updated to add OVMS interim fix details
20 November 2014: Updated to add HP-NSS interim fix details
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
15 June 2018