cancel
Showing results for 
Search instead for 
Did you mean: 

Appliance and OpenSSL POODLE vulnerability...

sdo
Moderator
Moderator
Partner    VIP    Certified

Hi, does anyone know what we can do to mitigate this:

Found this:

http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks

…which links to this Poodle article:

http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat

…the POODLE wiki page:

https://en.wikipedia.org/wiki/POODLE#External_links

…the US-Cert page re POODLE:

https://www.us-cert.gov/ncas/alerts/TA14-290A

…the OpenSSL Org related advisory:

https://www.openssl.org/news/secadv_20141015.txt

…which suggests that users of SSLv3 should upgrade:

OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

The Symantec N5230 Appliance running Appliance v2.6.1.2, reports its OpenSSL version as:

my-appliance:/home/maintenance # openssl version

OpenSSL 0.9.8j-fips 07 Jan 2009

.

Is there an official statement re appliances?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

mnolan
Level 6
Employee Accredited Certified

I do believe this is the statement.

 

 

Impact of CVE-2014-3566 ("POODLE") and CVE-2014-8730 ("POODLE 2.0") SSL Vulnerabilities on NetBackup family of products

View solution in original post

3 REPLIES 3

GulzarShaikhAUS
Level 6
Partner Accredited Certified

HI Man!

Raise it with Symantec! They are the right people to comment on this.

mnolan
Level 6
Employee Accredited Certified

I do believe this is the statement.

 

 

Impact of CVE-2014-3566 ("POODLE") and CVE-2014-8730 ("POODLE 2.0") SSL Vulnerabilities on NetBackup family of products

sdo
Moderator
Moderator
Partner    VIP    Certified

Thanks again.