Need Help? We got you covered.
Is SBAdmin affected by CVE-2014-3566 (POODLE)?
Rather than attempt to explain CVE-2014-3566 here, we recommend reviewing articles available online that provide expert details about security advisory CVE-2014-3566 (otherwise known as POODLE). We recommend this article published by Google who originally discovered the issue.
From our research into this published vunerability, we only see one area of the software that is affected. The SBAdmin web-based interface uses the lighttpd web server which does support SSLv3.0. We have two recommendations at this time to limit your exposure to this security threat; disable SSLv3.0 in the webserver configuration or disable the web interface entirely.
Update the sthttpd.conf file to disallow SSLv3.0
Add the following line after the ssl.engine = “enable” directive in your storix/config/sthttpd.conf file.
ssl.use-sslv3 = “disable”
Once you have saved your changes to the configuration file, restart the web service.
To restart the web interface
Linux & Solaris (Sys-V init)
# /etc/init.d/sthttpd restart
# systemctl stop sthttpd
# systemctl start sthttpd
# kill -2 $(cat /storix/temp/sthttpd.pid)
# /usr/lpp/storix/bin/lighttpd -f /storix/config/sthttpd.conf
Disabling the web interface
If you are unable to edit this file or are not using the web interface, we recommend you unconfigure the web interface.
# stconfigweb -R