Is NAM vulnerable to OpenSSL CVE-2014-3569?

  • 7016027
  • 05-Jan-2015
  • 05-Jan-2015


NetIQ Access Manager 3.2
NetIQ Access Manager 4.0


CVE-2014-3569 outlines a new vulnerability against OpenSSL. The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.

NAM Access Gateway implements OpenSSL and is it vulnerable to this attack?


NAM is not vulnerable to this CVE-2014-3569.

Additional Information

OpenSSL consumed by NAM does not use the no-ssl3 flag.