ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SSL 3.0 POODLE Attack Vulnerability

book

Article ID: 161381

calendar_today

Updated On:

Products

Deployment Solution

Issue/Introduction

 SSL 3.0 Poodle is a security vulnerability where SSL v3.0 can be attacked and the encrypted data between the computers and servers can be potentially intercepted and decrypted. 

The SSL protocol 3.0 that is used in OpenSSL through 1.0.1i and other products uses a non-deterministic CBC padding. This padding makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-oracle attack that is known as the “POODLE” issue. This issue has major impact on the web servers and the browsers but can potentially affect any communication where the attacker can control the client-side of the communications and gets visibility of the resulting ciphertext.

We have identified the potential impact for this issue due to the presence of the vulnerable version of SSLv3 with Deployment Solution 6.9, ITMS 7.5, and ITMS 7.1 suites of products. Refer to the list of solutions affected in the Plan of Action below.

Cause

 

For more information about the SSL 3.0 POODLE attack vulnerability, visit the following web site:
National Vulnerability Database 

Resolution

 

Plan of action:

The following table lists the release versions in which fixes for the affected solution were available (newer versions after the ones mentioned here have the fixes already included) :

Affected solutions

Release version in which the fixes were included

Deployment Solution (all versions)

7.1 SP2 MP1 v11, 7.5 SP1 HF4

Deployment Solution 6.9

DS 6.9SP6 v1

Ghost Imaging Foundation

7.1 SP2 MP1 v11, 7.5 SP1 HF4, DS 6.9SP6 v1

Network Discovery

7.1 SP2 MP1 v11, 7.5 SP1 HF5

PPA

7.1 SP2 MP1 v11, 7.5 SP1 HF5

Agent for UNIX, Linux, and Mac

 

 7.1 SP2 MP1 v11, 7.5 SP1 HF4

For more information read the following article: http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

 

Applies To

 

 

Affected solutions (shipped with sslv3)

  • Deployment Solution (all versions)
  • Deployment Solution 6.9
  • Ghost Imaging Foundation
  • Network Discovery
  • PPA
  •  Agent for UNIX, Linux, and Mac