Trend Micro - Securing Your Journey to the Cloud Business
Support
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Preventing POODLE vulnerability attacks in InterScan Messaging Security Virtual Appliance (IMSVA)

    • Updated:
    • 14 Sep 2015
    • Product/Version:
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • Platform:
    • N/A N/A
Summary

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. CVE-2014-3566, also known as POODLE vulnerability, allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

According to the OpenSSL article: This POODLE Bites: Exploiting The SSL 3.0 Fallback, SSL3.0 [RFC6101] is an obsolete and insecure protocol and has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346], and TLS 1.2 [RFC5246].

Details
Public

AdminUI

  1. Open the /opt/trend/imss/UI/adminUI/conf/server.xml file using a text editor.
  2. Look for the sslProtocol for 8445 port.

    You will find sslProtocol="TLS".

    Change this to: sslProtocols="TLSv1, TLSv1.1, TLSv1.2"

    Make sure that there is an "s" at the end of sslProtocols.

  3. Save and close file.
  4. Restart the adminUI using the command "S99ADMINUI  restart".

EUQUI

  1. Open the /opt/trend/imss/UI/euqUI/conf/EUQ.conf file using a text editor.
  2. Find the key SSLProtocol

    If the key exists, it will look like this:

    SSLProtocol All -SSLv2

    Change the key to:

    SSLProtocol All -SSLv2 -SSLv3

    If it doesn't exist,append it at the end of file.

  3. Save and close the file.
  4. Open the /opt/trend/imss/UI/euqUI/conf/server.xml file using a text editor.
  5. Look for the sslProtocol for the 8446 port.

    You will find sslProtocol="TLS".

    Changed it to: sslProtocols="TLSv1, TLSv1.1, TLSv1.2"

    Note: Make sure that there is an "s" at the end of sslProtocols.

  6. Restart EUQUI using the command "S99EUQ  restart".

Postfix

We recommend disabling SSL 3.0 in Postfix if you are using TLS.

  1. Open the /opt/trend/imss/postfix/etc/postfix/main.cf file using a text editor.
  2. Look for the following keys:

    smtpd_tls_protocols = !SSLv2, !SSLv3
    smtp_tls_protocols = !SSLv2, !SSLv3
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtp_tls_mandatory_protocols = !SSLv2, !SSLv3

    If the keys do not exist, append them at the end of the file.

  3. Save and close the file.
  4. Restart postfix using the command "postfix restart".

AdminUI

  1. Open the /opt/trend/imss/UI/php/conf/widget.conf file using a text editor.
  2. Look for the SSLProtocol key.

    If it existis, it looks like this:

    SSLProtocol All -SSLv2

    Change it to:

    SSLProtocol All -SSLv2 -SSLv3

    If the key doesn't exist, append it at the end of file.

  3. Save and close file.
  4. Restart adminUI using the command "S99ADMINUI restart".

EUQUI

  1. Open the /opt/trend/imss/UI/euqUI/conf/EUQ.conf file using a text editor.
  2. Look for the SSLProtocol key.

    If it existis, it looks like this:

    SSLProtocol All -SSLv2

    Change it to:

    SSLProtocol All -SSLv2 -SSLv3

    If the key doesn't exist, append it at the end of file.

  3. Save and close the file.
  4. Open the /opt/trend/imss/UI/euqUI/conf/server.xml file using a text editor.
  5. Look for the sslProtocol for the 8446 port.

    You will find sslProtocol="TLS".

    Change it to: sslProtocols="TLSv1, TLSv1.1, TLSv1.2"

    Make sure that there is an "s" at the end of sslProtocols.

  6. Restart EUQUI using the command "S99EUQ restart".

Postfix

  1. Open the /opt/trend/imss/postfix/etc/postfix/main.cf file using a text editor.
  2. Look for the following keys:

    smtpd_tls_protocols = !SSLv2, !SSLv3
    smtp_tls_protocols = !SSLv2, !SSLv3
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtp_tls_mandatory_protocols = !SSLv2, !SSLv3

  3. Save and close the file.
  4. Restart postfix using the command "postfix restart".
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1105509
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.
Related Articles