CVE-2024-9143 : R12.9 Policy Server CAPKI OpenSSL 3.0.15

search cancel

CVE-2024-9143 : R12.9 Policy Server CAPKI OpenSSL 3.0.15

book

Article ID: 411681

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Vulnerability Scan finds R12.9 Policy Server to be vulnerable for " CVE-2024-9143 ".

Environment

Component: CA Siteminder Policy Server (SMPLC)
Release: 12.9

Resolution

"etpki-install_6_0_1_05_linux.zip" contains the CAPKI which includes patch for CVE-2024-9143.

Please see documentation below.

Enhancements/Upgrades

CA PKI 6.0.1 release

Additional platform support:

- Windows:

- Visual studio 2017 -32 bit

- Visual studio 2013 -32 bit and 64 bit

- Linux:

- Linux 32 bit

- AIX:

- AIX 32 bit

* The following security vulnerabilities are mitigated:

- CVE-2024-9143

- CVE-2024-13176

The OpenSSL version is still 3.0.15 but this one includes the patch for CVE-2024-9143.

The instruction to install is as below.

------------------
Linux
------------------

Steps to port the CAPKI with openssl 3.0.15 (included the CVE CVE-2024-9143)

Enhancements/Upgrades

1. Stop the PS , Take the backup of <installedpath>/siteminder/etpki-install folder

2. Unzip the attachment copy the new etpki-install to siteminder installed folder /<installedpath>/siteminder/

3. Check the CAPKI folder where it is installed usually in /siteminder/CAPKI or /XXXX/CA/SharedComponents/CAPKI

Take the backup of CAPKI6 folder inside /siteminder/CAPKI or /XXXX/CA/SharedComponents/CAPKI
Export the below env variable based on the CAPKI is installed path
export CAPKIHOME=/XXXX/CA/SharedComponents/CAPKI

4. Go to etpki-install/redist/

5. ./setup install caller=ps12

6. New CAPKI6 folder is created in path /XXXX/CA/SharedComponents/CAPKI/ then

move the CAPKI6
mv /XXXX/CA/SharedComponents/CAPKI/CAPKI6 /F6/CA/siteminder/CAPKI/

7. Start the PS

Attachments

etpki-install_6_0_1_05_linux.zip get_app

Feedback

thumb_up Yes

thumb_down No