Knowledgebase:
POODLE Security Vulnerability
Posted by , Last modified by on 16 October 2014 02:11 PM

A major vulnerability named POODLE has been discovered in the open-source OpenSSL library, a common workaround used in many current internet browsers. When there's a connection error during SSL session the browser falls back to one of the old versions of the SSL protocol. The old protocol might be even the ancient SSL 3.0. The problem may arise when attacker intentionally kills SSL sessions  to make it lead to the connection error. After this the browser does a fallback. Actually the fallback is not the root of the problem: the real cause is SSL 3.0 which is not safe enough.

You can find more detailed information here: http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed 

IceWarp Server 11.0.1 and older (both Windows and Linux) are affected by this vulnerability. The fixed SSL libraries are attached to this article (all of them should be copied to the IceWarp root folder to replace the old vulnerable files)

 

Here is the proper procedure:

1. Stop all IceWarp services

2. Replace the files

3. Start the services

 

For IceWarp Server Windows version 11.0 and 10.4 - please download http://esupport.icewarp.com/KBimages/openssl11-poodle.zip 

For IceWarp Server Windows version 10.3 and older - please download http://esupport.icewarp.com/KBimages/openssl10-poodle.zip

For IceWarp Server Linux (any version and distribution) - please update the openSSL libraries in your system

(3 vote(s))
Helpful
Not helpful

Comments (0)