The Poodle SSLv3 vulnerability and its impact on Novell Open Enterprise Server.

  • Document ID:7015793
  • Creation Date:20-Oct-2014
  • Modified Date:11-Dec-2014
    • Micro Focus Products:
      Open Enterprise Server

Environment

Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 11 (OES 11) Linux

Situation

Unlike many other vulnerabilities this security issue is not within code but within a protocol.  Therefore, it is not about a particular OS that needs to be patched.  Resolving this vulnerability requires a review of an environment's ability to remove SSLv3 services and use TLS instead.  Both clients and servers need to be reviewed as to whether their applications and services still require SSLv3.
 
An explanation on the subject can be found here :
Understanding POODLE
CVE-2014-3566

The following components in OES are determined to be vulnerable to CVE-2014-3566 :
  • Novell SMS
  • Novell NCP
  • Novell Remote Manager
  • NetIQ eDirectory
  • Novell iPrint
  • Pure-FTP

Resolution


Resolution for OES components vulnerable to CVE-2014-3566 :
  • Novell SMS
The solution that addresses the Poodle vulnerability for Novell SMS has been released with the following patches :

- December 2014 OES 2 SP3 Hot patch for OES - 8994
- December 2014 OES 11 SP1 Scheduled Maintenance Update - 9878
- December 2014 OES 11 SP2 Scheduled Maintenance Update - 9879
  • Novell NCP
The solution that addresses the Poodle vulnerability for Novell NCP has been released with the following patches :

- December 2014 OES 2 SP3 Hot patch for OES - 8994
- December 2014 OES 11 SP1 Scheduled Maintenance Update - 9878
- December 2014 OES 11 SP2 Scheduled Maintenance Update - 9879
  • Novell Remote Manager
The solution that addresses the Poodle vulnerability for Novell Remote Manager has been released with the following patches :

- December 2014 OES 2 SP3 Hot patch for OES - 8994
- December 2014 OES 11 SP1 Scheduled Maintenance Update - 9878
- December 2014 OES 11 SP2 Scheduled Maintenance Update - 9879
  • NetIQ eDirectory
See TID 7015785 for details about Poodle and it's impact on eDirectory.
  • Novell iPrint
See TID 7015854 for details about Poodle and it's impact on iPrint.
  • Pure-FTP
SUSE team has provided a solution, and the same has been ported to the Novell OES implementation of Pure-FTP. This is currently targeted to be released in a upcoming hot-patch.

** Please note, this is a live document and details may change as they become available **.

Cause

CVE-2014-3566