Environment
NetIQ Sentinel 7.0
NetIQ Sentinel 7.1
NetIQ Sentinel 7.2
NetIQ Sentinel Log Manager 1.2
NetIQ Security Manager 6.5.4
NetIQ Sentinel 7.1
NetIQ Sentinel 7.2
NetIQ Sentinel Log Manager 1.2
NetIQ Security Manager 6.5.4
Situation
The original Poodle vulnerability (CVE-2014-3566) involved
SSLv3's inability to properly check the padding bytes after
decryption. This led to these bytes not being considered while
checking the integrity of a message.
A new announcement came that there was a Poodle variant re purposed to attack TLS (CVE-2014-8730).
For more information about Sentinel and CVE-2014-3566 'POODLE', see TID#7016068
Resolution
The engineering team has determined that Sentinel,
Sentinel Log Manager and Security Manager are not affected
by this vulnerability.
This vulnerability is not in the TLS protocol itself but in how it is implemented. The components of Sentinel, Sentinel Log Manager and Security Manager use the following TLS implementations which are not affected by this vulnerability:
- Java Secure Socket Extension (JSSE) is not affected.
- The version of Mozilla Network Security Services (NSS)
used is later than 3.12.7 which is not affected. NSS has fixed this
vulnerability in version 3.12.7 - see https://bugzilla.mozilla.org/show_bug.cgi?id=571796.
- OpenSSL is not affected - see https://mta.opensslfoundation.net/pipermail/openssl-users/2014-December/000025.html.
- Microsoft Secure Channel (Schannel) is not affected.
- Check Point OPSEC Software Development Kit (SDK) is not affected - see https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103683.
Additional Information
For more information about Sentinel and CVE-2014-3566 'POODLE', see TID#7016068