| Asset ID: |
1-79-1946122.1 |
| Update Date: | 2016-09-07 |
| Keywords: | |
Solution Type
Predictive Self-Healing Sure
Solution
1946122.1
:
CVE-2014-3566 - Fix Availability Document for Oracle Communications Policy Management - 10900
| Related Items |
- Oracle Communications Policy Management
|
| Related Categories |
- PLA-Support>Sun Systems>CommsGBU>Broadband Network Solutions>SN-SND: Tekelec Policy
|
In this Document
Applies to:
Oracle Communications Policy Management
Tekelec
Purpose
This document provides details on the configuration changes necessary to mitigate the security vulnerability referenced by CVE-2014-3566.
Scope
Oracle Communications Policy Management (OCPM) Version 9.1 to 11.1.
Details
A standard OCPM deployment may include a combination of physical Policy Management application servers, Tekelec Virtual Operating Environment (TVOE) host servers, and Platform Management & Configuration (PM&C) servers. Policy Management applications servers may include a combination of CMP, MPE, and MRA servers. Policy Management deployments may include SDS servers.
The following table lists the server types and which procedure(s) are applicable:
|
Server Type
|
SSL Server
|
Procedure
|
|
CMP
|
Tomcat
|
Procedure 1
|
|
MPE
|
Tomcat
|
Procedure 1
|
|
MRA
|
Tomcat
|
Procedure 1
|
|
PM&C
*if included in deployment
|
Apache (httpd)
|
Procedure 2
|
Notes about custom certificates on servers:
- In order to be able to perform these steps on the PM&C, custom Certificates must not have ever been added using the Administration->Access Control->Certificate Management feature on the PM&C.
- After performing these steps on the PM&C, custom certificates can also not be added using the Administration->Access Control->Certificate Management feature on the PM&C.
Procedure 1
|
Step #
|
Steps
|
|
1.
|
Log in as root on the source server.
login: root
Password: <current root password>
|
|
2.
|
Backup the server.xml file.
# cd /opt/camiant/tomcat/conf/
# cp server.xml server.xml.save
|
|
3.
|
Edit the server.xml file
# rcstool co /opt/camiant/tomcat/conf/server.xml
# vi server.xml
Locate all instances in the file which contain the following attribute:
sslProtocol="TLS"
Edit the section(s) to remove sslProtocol and replace it with the following:
sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
Save the file and exit vi.
|
|
4.
|
Restart tomcat to activate changes
# service qp_procmgr restart
You should get the message “Stopping qp_procmgr [OK]
…Starting qp_procmgr[OK]”
|
|
5.
|
Check the file into rcstool to save changes across upgrades
# rcstool ci /opt/camiant/tomcat/conf/server.xml
|
Procedure 2
|
Step #
|
Steps
|
|
1.
|
Log in as root on the server console
login: root
Password: <current root password>
|
|
2.
|
Check out configuration file /etc/http/conf.d/ssl.conf from revision control:
# rcstool co /etc/http/conf.d/ssl.conf
|
|
3.
|
Edit configuration file /etc/http/conf.d/ssl.conf using a text editor:
# vi /etc/http/conf.d/ssl.conf
Find and edit the following line:
SSLProtocol all -SSLv2
To this:
SSLProtocol all -SSLv2 -SSLv3
Save and exit the vi session.
|
|
4.
|
Restart the httpd service
service httpd restart
|
|
5.
|
Check the file into rcs to preserve changes during upgrades
# rcstool ci /etc/http/conf.d/ssl.conf
|
Attachments
This solution has no attachment
