sdo
10 years agoModerator
Appliance and OpenSSL POODLE vulnerability...
Hi, does anyone know what we can do to mitigate this:
Found this:
http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks
…which links to this Poodle article:
http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat
…the POODLE wiki page:
https://en.wikipedia.org/wiki/POODLE#External_links
…the US-Cert page re POODLE:
https://www.us-cert.gov/ncas/alerts/TA14-290A
…the OpenSSL Org related advisory:
https://www.openssl.org/news/secadv_20141015.txt
…which suggests that users of SSLv3 should upgrade:
OpenSSL 1.0.1 users should upgrade to 1.0.1j. OpenSSL 1.0.0 users should upgrade to 1.0.0o. OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
The Symantec N5230 Appliance running Appliance v2.6.1.2, reports its OpenSSL version as:
my-appliance:/home/maintenance # openssl version OpenSSL 0.9.8j-fips 07 Jan 2009
.
Is there an official statement re appliances?
Thanks.
I do believe this is the statement.
Impact of CVE-2014-3566 ("POODLE") and CVE-2014-8730 ("POODLE 2.0") SSL Vulnerabilities on NetBackup family of products
- Article: TECH225557
- Updated: December 16, 2014
- Article URL: http://www.symantec.com/docs/TECH225557