MAA - Patch for SSLv3 disable CVE-2014-3566

book

Article ID: 168190

calendar_today

Updated On:

Products

Malware Analysis Software - MA

Issue/Introduction

This article describes the installation of the Patch for CVE-2014-3566
Note: Only install this patch if you are running MAG2 v3.5.x or older!  SSLv3 is already disabled on MAA versions 4.x and greater.

Resolution

Copy the attached file poodlefix.sh to your MAG2 Appliance's /tmp folder.
Login to your MAG2 appliance using the g2 user.

Run these commands to disable SSL v3:
[email protected]:/tmp$ sudo ./poodlefix.sh
[sudo] password for g2:

Console Output will look like this:

SSLv3 is enabled on this server. Disabling it..
Restarting web server..
Verifying SSL connection..
 - SSL TLS1.2 working
 - SSLv3 disabled

SSLv3 disabled on this server. System is safe.

 

Attachments

poodlefix.sh get_app