fighting for truth, justice, and a kick-butt lotus notes experience.

 
alt

Detlev Poettgen

 

New Interim Fix regarding POODLE for IBM Domino available

 19 Dezember 2014 23:14:03
IBM released today a new Interim Fix for IBM Domino. It is important to install this new IF, if you are using SSL/TLS to be safe regarding the latest POODLE variation:

IBM Domino could allow a remote attacker to obtain sensitive information, caused by the failure to check the contents of the padding bytes when using CBC cipher suites of some TLS implementations. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack to decrypt sensitive information and calculate the plaintext of secure connections.

The IF is availbale for:

9.0.1 Fix Pack 2 Interim Fix 3
9.0 Interim Fix 7
8.5.3 Fix Pack 6 Interim Fix 6
8.5.2 Fix Pack 4 Interim Fix 3
8.5.1 Fix Pack 5 Interim Fix 3

Goto Fix Central to get it: http://www.ibm.com/support/docview.wss?uid=swg21657963

Archive