I keep checking to see if Dell KACE has a patch for POODLE, but haven't seen one.  Anyone else wondering how to change their K1000 and K2000 from accepting SSLv3?  I tested both of our appliances with: http://www.bolet.org/TestSSLServer/   and yes SSLv3 is accepted on both.  
Answer Summary:
Cancel
1 Comment   [ + ] Show Comment

Comments

  • Thanks for the answers, I'm aware of how to change this on the browser, but how do we patch or turn off SSLv3 on the KACE appliances themselves?
    • you need to wait for Kace to issue a patch or call support to see if they can go in on the backend and disable it. This is a os/web server level change
Please log in to comment

Answers

1
Version 6.4 has disabled SSLv3.

If you check the release notes it mentions that SSLv3 is disabled.

https://support.software.dell.com/download/downloads?id=6060035

POODLE is no longer an issue according to them.
Answered 10/20/2015 by: Drave
Orange Belt

Please log in to comment
1
A public response to this vulnerability has been posted at http://www.kace.com/support/resources/kb/solutiondetail?sol=136510
Answered 11/12/2014 by: bkelly
Red Belt

Please log in to comment
1
If you change the settings on your browsers to use TLS that will fix it.  both ends need to be running ssl for the MTM to work plus since it is a MTM attack they have to be on your network.

to change your browsers:

for chrome on x86

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
@="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --ssl-version-min=tls1 -- \"%1\""

for chrome on x64

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
@="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --ssl-version-min=tls1 -- \"%1\""

for ie

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"SecureProtocols"=dword:00000a80

For Firefox we run a kscript batch file as user

cd /D "%APPDATA%\Mozilla\Firefox\Profiles\*.default"
echo user_pref("security.tls.version.min", 1);>>prefs.js

these all require a restart to take effect.  our machines are shutdown at night so within a day the fix was in place.  We made this a low-med priority since it requires a MTM.



Answered 10/24/2014 by: SMal.tmcc
Red Belt

  • to test client browsers go to
    www.poodletest.com
Please log in to comment
1
oh also to disable ssl on windows machines

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001
Answered 10/24/2014 by: SMal.tmcc
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity

Share