Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

[CVE-2014-3566] POODLE vulnerability attack prevention for InterScan Messaging Security Suite (IMSS)

    • Updated:
    • 18 Feb 2015
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • Platform:
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - SuSE 10
    • Linux - SuSE 9.0
    • Windows 2000 Advanced Server
    • Windows 2000 Server
    • Windows 2003 Enterprise
    • Windows 2003 Server R2
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2012 Server Essentials
Summary

This article explains what the POODLE vulnerability [CVE-2014-3566] is and how to prepare IMSS to prevent attacks from this vulnerability.

Details
Public

SSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346], and TLS 1.2 [RFC5246], many TLS implementations remain backwardscompatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience.

The protocol handshake provides for authenticated version negotiation, so the latest protocol version common to the client and the server will be used.

However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around server-side interoperability bugs.

To avert POODLE vulnerability  attacks, you need to disable SSL 3.0.

Administration web console

  1. Open the ${install_dir} / imss/UI/adminUI/conf/server.xml file using a text editor.
  2. Look for the sslProtocol for the 8445 port.

    You will find sslProtocol="TLS"

    Change it to: sslProtocols="TLSv1, TLSv1.1, TLSv1.2"

    Make sure that there is an "s" at the end of sslProtocols.

  3. Save and close the file.
  4. Restart the admin console using the command "${install_dir} /imss/script/S99ADMINUI restart".

EUQ web console

  1. Open the ${install_dir} /imss/UI/euqUI/conf/EUQ.conf file using a text editor.
  2. Look for the "SSLProtocol" key.

    Change it to: SSLProtocol All -SSLv2 -SSLv3

    If the key does not exist, add it at the end of the file.

  3. Save and close the file.
  4. Open the ${install_dir}/ imss/UI/euqUI/conf/server.xml file using a text editor.
  5. Find the sslProtocol for the 8446 port.

    You will find sslProtocol="TLS".

    Change it to: sslProtocols="TLSv1, TLSv1.1, TLSv1.2"

    Make sure that there is an "s" at the end of sslProtocols.

  6. Restart the EUQ console using the command "${install_dir} /imss/script/S99EUQ restart".

Administration web console

  1. Open the ${install_dir} / imss/UI/adminUI/conf/server.xml file using a text editor.
  2. Look for the sslProtocol for the 8445 port.

    You will find sslProtocol="TLS"

    Change it to: sslProtocols="TLSv1, TLSv1.1, TLSv1.2"

    Make sure that there is an "s" at the end of sslProtocols.

  3. Save and close the file.
  4. Restart the Trend Micro IMSS web console service.

EUQ web console

  1. Open the ${install_dir} /imss/UI/euqUI/conf/EUQ.conf file using a text editor.
  2. Look for the SSLProtocol key.

    Change it to:

    SSLProtocol All -SSLv2 -SSLv3

  3. Save and close the file.
  4. Open the ${install_dir}/ imss/UI/euqUI/conf/server.xml file using a text editor.
  5. Look for the sslProtocol for the 8446 port.

    You will find sslProtocol="TLS".

    Change it to: sslProtocols="TLSv1, TLSv1.1, TLSv1.2"

    Make sure that there is an "s" at the end of sslProtocols.

  6. Restart Trend Micro IMSS EUQ Load Balancer and rend Micro IMSS End User Quarantine Console services.

IMSS MTA

If you enabled SMTP TLS via Administration > TLS Settings > IP Address/Domain List, you need to add a protocol to the setting in the database.

  1. Connect to database.
  2. Open the tb_mta_config table.
  3. Find TLS.Server.Policyx in the SmtpServer section.

    Where x is the number of lists configured in the UI.

  4. Modify the value by appending ";Protocol=TLSv1”.

    For example, you want to configure two items in the UI.

    In the database we will see:

    Append “;Protocol=TLSv1” to the policy value. After modifying the value, it will look like this:

  5. Append the “;Protocol=TLSv1” to the policy value of TLS.Client.Policyx in the SmtpClient section. Follow the same procedures as the previous step.
  6. Restart the Trend Micro IMSS SMTP service.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1105511
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.