Follow

How to mitigate the POODLE vulnerability on a Resource Manager 4.x Host

Applies To

  • Zenoss Resource Manager 4.x
  • Cisco UCS Performance Manager 1.x

Summary

Recently, a vulnerability named POODLE (Padding Oracle On Downgraded Legacy Encryption) has been found in OpenSSL, a popular crypotography library. The vulnerability is described here: https://www.openssl.org/~bodo/ssl-poodle.pdf.

If configured to use SSL, Resource Manager and UCS Performance Manager use OpenSSL. As such, the OpenSSL vulnerability would affect any such deployments. 

Procedure

SSL is not configured by default in either Resource Manager or UCS Performance Manager. However, if SSL has been configured, the system administrator can follow the procedures detailed by their operating system distribution to mitigate the vulnerability. The Centos and Red Hat procedures for doing so can be found at the following sites:

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk