Environment
Access Manager 4.4
Access Manager 4.3
Access Gateway Appliance
Access Manager Appliance
CVE-2017-5754 - Meltdown vulnerability
CVE-2017-5753 and CVE-2017-5715 - Spectre vulnerability
Situation
Although most Access Manager components ships a number of Web based applications that are not susceptible to these vulnerabilities, the applications run on operating systems that are vulnerable and will need to be patched. Access Manager also includes the Access Gateway Appliance and Access Manager Appliance that ship with the SLES11 SP4 operating system and must also be patched.
Resolution
kernel-default-3.0.*.x86_64.rpm
microcode_ctl-1.*.x86_64.rpm
For Access Manager components installed and running on top of the Windows or RHEL platforms, make sure the updates available from each vendor is applied:
- Microsoft Windows: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
- Red Hat Enterprise Server: https://access.redhat.com/articles/3307751
For the Analytic Server Appliance, one extra step is required assuming the Security Update channel is configured as per https://www.netiq.com/documentation/access-manager-44-appliance/install_upgrade/data/bowu0bx.html#b1lkaxvd.
Running the Security updates will only get the kernel update and not the second microcode_ctl-1.*.x86_64.rpm as it is not installed by default. An extra step will be required to install this by running ‘zypper in –f microcode_ctl-1.*.x86_64.rpm’ from the Analytic Server console.
Status
Security AlertAdditional Information
Tests |
NAM 4.4 without SuSE patches (Transactions per second) |
NAM 4.4 with SuSE patches (Transactions per second ) |
% performance difference |
IDP logins with secure name password form |
180 |
170 |
-5.555555556 |
IDP Post credentials |
280 |
280 |
0 |
PR access with secure name password form |
155 |
155 |
0 |
Public page access with SSL ( Single page for each request) |
162 |
130 |
-19.75308642 |
Public page access with SSL ( 10 pages for each request) |
15.58 |
-16.10123856 |