Blade ZipKit – Poodle SSLv3
Blade ZipKit Package Info
Name: Poodle SSLv3 Check
BSA Compatible Version: 8.5.x
Created by: Bill Robinson
Tested version on: 8.5.01.231
Tested against host running: Windows, RedHat
This Component Template checks for running services advertising SSLv3. Also for Linux there is a check for the updated version of the openssl rpm and on Windows for the registry key described here: https://technet.microsoft.com/en-us/library/security/3009008.aspx
Instructions for importing the Component Template
- Download the attached zip
- Extract the zip file.
- Import the ‘Poodle - SSLv3.zip’ using the Version Neutral Content Import
- Copy the ‘poodle.zip’ and ‘poodle.nsh’ to the ‘extended_objects’ folder on your BSA File Server
- Edit the Component Template and replace blfileserver and associated path in the Extended Object definition with the path to the zip and nsh script in your environment.
- Create and run a Component Discovery Job for the template.
- Create Compliance Job for the template, check the ‘Continue on Compliance Errors’ option.
The check works by listing all open ports on the system and checking each with the openssl client to see if SSLv3 is advertised. On Linux openssl should be on the system, for Windows an openssl binary is copied to the target and then removed after the check is complete.
Remediation can be associated with the Windows Registry Check by creating a blpackage out of The following MSI: http://go.microsoft.com/?linkid=9863266, however remediation for any other detected services it is unlikely remediation can be automated as each application will have different instructions on how to remediate. This check will list the path to the vulnerable binary for easier identification of what needs to be remediated.