Vulnerability in the 'NSopenssl30' ODBC Wire Protocol driver on the Siteminder r12.9 Policy Server
Article ID: 411025
Updated On:
Products
Issue/Introduction
The 'NSopenssl30' ODBC wire protocol driver which shipped with the Siteminder r12.9 Policy Server was compiled with OpenSSL 3.0.1. There have been a number of vulnerabilities published for OpenSSL 3.0.1 - 3.0.15.
Environment
PRODUCT: Symantec Siteminder
COMPONENT: Policy Server
VERSION: r12.9
OPERATING SYSTEM: Linux
Cause
The file 'NSopenssl30.so' is an ODBC Wire Protocol driver from Progress DataDirect. Analysis indicates that the cryptographic library used for 'NSopenssl30.so' is from OpenSSL version "3.0.1". There have been a number of vulnerabilities (CVE's) published which impact OpenSSL 3.0.1 - 3.0.15.
CVE's Impacting OpenSSL 3.0.1 - 3.0.15
CVE-2024-13176
CVE-2024-9143
CVE-2024-6119
CVE-2024-5535
CVE-2024-4741
CVE-2024-4603
CVE-2024-2511
CVE-2024-0727
CVE-2023-6237
CVE-2023-6129
CVE-2023-5678
CVE-2023-5363
CVE-2023-4807
CVE-2023-3817
CVE-2023-3446
CVE-2023-2975
CVE-2023-2650
CVE-2023-0465
CVE-2023-0464
CVE-2023-0466
CVE-2023-1255
CVE-2022-4203
CVE-2022-4304
CVE-2022-4450
CVE-2023-0215
CVE-2023-0216
CVE-2023-0217
CVE-2023-0286
CVE-2023-0401
CVE-2022-3996
CVE-2022-3602
CVE-2022-3786
CVE-2022-3358
CVE-2022-2097
CVE-2022-2274
CVE-2022-2068
CVE-2022-1292
CVE-2022-1343
CVE-2022-1434
CVE-2022-1473
CVE-2022-0778
Resolution
Attached to this KB are operating system dependant versions of 'NSopenssl30' compiled with OpenSSL 3.0.16.
Instructions to upgrade 'NSopenssl30' on Siteminder r12.9 Policy Sever.
LINUX
1) Download 'NSopenssl30_Linux.zip' from this KB
2) Copy 'NSopenssl30_Linux.zip' to the Siteminder Policy Server and decompress it
3) Stop the Siteminder Policy Server
4) Change to the following directory
/<Install_Dir>/CA/siteminder/odbc/lib/
5) Back-up the existing file by renaming it to "NSopenssl30.so.BAK"
mv NSopenssl30.so NSopenssl30.so.BAK
5) Copy the 'NSopenssl30.so' from 'NSopenssl30_Linux.zip' to '/<Install_Dir>/CA/siteminder/odbc/lib/'
6) Start the Siteminder Policy Server
7) Validate Policy Server functionality
8) Delete "/<Install_Dir>/CA/siteminder/odbc/lib/NSopenssl30.so.BAK"
WINDOWS
1) Download 'NSopenssl30_win.zip' from this KB
2) Copy 'NSopenssl30_win.zip' to the Siteminder Policy Server and decompress it
3) Stop the Siteminder Policy Server
4) Change to the following directory
<Drive>:\<Install_Dir>\CA\siteminder\bin\
4) Back-up the existing file by renaming it to "nsopenssl30.dll.BAK"
ren nsopenssl30.dll nsopenssl30.dll.BAK
5) Copy the 'nsopenssl30.dll' from 'NSopenssl30_win.zip' to <Drive>:\<Install_Dir>\CA\siteminder\bin\
6) Start the Siteminder Policy Server
7) Validate Policy Server functionality
8) Delete "<Drive>:\<Install_Dir>\CA\siteminder\bin\nsopenssl30.dll.BAK"
Additional Information
Vulnerabilities in OpenSSL 3.0.x
CVE's Impacting OpenSSL 3.0.1 - 3.0.15
CVE-2024-13176
CVE-2024-9143
CVE-2024-6119
CVE-2024-5535
CVE-2024-4741
CVE-2024-4603
CVE-2024-2511
CVE-2024-0727
CVE-2023-6237
CVE-2023-6129
CVE-2023-5678
CVE-2023-5363
CVE-2023-4807
CVE-2023-3817
CVE-2023-3446
CVE-2023-2975
CVE-2023-2650
CVE-2023-0465
CVE-2023-0464
CVE-2023-0466
CVE-2023-1255
CVE-2022-4203
CVE-2022-4304
CVE-2022-4450
CVE-2023-0215
CVE-2023-0216
CVE-2023-0217
CVE-2023-0286
CVE-2023-0401
CVE-2022-3996
CVE-2022-3602
CVE-2022-3786
CVE-2022-3358
CVE-2022-2097
CVE-2022-2274
CVE-2022-2068
CVE-2022-1292
CVE-2022-1343
CVE-2022-1434
CVE-2022-1473
CVE-2022-0778
Attachments
Feedback
