ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Is Symantec Security Information Manager (SSIM) 4.8.x vulnerable to the "POODLE" vulnerability (CVE-2014-3566)?

book

Article ID: 161310

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher-text using a padding oracle side-channel attack.
 

Resolution

Symantec is aware that SSIM 4.8.x  is vulnerable on port 443 to the "POODLE" vulnerability.

To address this vulnerability, we recommend customers  use the FIPS operational mode.

SSIM itself can be configured to disallow SSLv3.
The ITDS server (TCP port 636) has the FIPS operational mode enabled by default and therefore disallows SSLv3 traffic.
The FIPS operational mode can be enabled  for the IBM HTTP server (TCP port 443) to disallow SSLv3.
               
In the directory /opt/Symantec/simserver/bin you will find the script set_fips_mode.sh to switch on the FIPS operational mode for the IBM HTTP server.
 

./set_fips_mode.sh --status
That will tell you if the FIPS operational mode is enabled.


./set_fips_mode.sh –on
That will turn on the FIPS operational mode, which will disallow SSLv3 traffic.
 

./set_fips_mode.sh –off
That will turn off the FIPS operational mode and will allow SSLv3 traffic.
 
So once the FIPS operational mode is turned on, SSLv3 traffic is disallowed.  On the agent side FIPS mode is turned on by default.

 

 

Applies To

 

SSIM 4.8.x