As you may be aware, another security exploit has been discovered that may affect HTTPS access to websites (AKA the “Poodle” bug):
For more information from US CERT, please see the following link:
Briefly, if a browser initiates an HTTPS session with a website and the browser indicates that it is not capable of communicating with secure TLS 1.2 or TLS 1.1 protocols, the HTTPS session can degrade to utilize the SSL 3.0 protocol. An exploit has been identified in the SSL 3.0 protocol that could allow a 3rd party to intercept the traffic and possibly obtain login credentials to that website.
Riverbed
Riverbed products affected by OpenSSL Security Advisory CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, & CVE-2014-3568 (POODLE and other vulnerabilities)
Categories: Product, SecuritySolution Number: S25160
Issue
The National Institutes of Standards and Technology has issued multiple CVE notices for vulnerabilities found OpenSSL. OpenSSL is a common component of most Linux distributions and is thus included in several Riverbed products. For more information, please refer to the following.
SRTP memory leak. A flaw in the DTLS SRTP extension package allows an attacker to cause a denial of service attack via a carefully-crafted handshake message.
POODLE attack. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses non-deterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack.
Session ticket memory leak. A flaw in the session ticket integrity check mechanism allows an attacker to cause a denial of service attack by sending a large number of invalid session tickets.
Incomplete no-ssl3 build option. When OpenSSL is configured with "no-ssl3" as a build option, the option was effectively ignored, and SSL 3.0 was still allowed.
Solution
Riverbed is actively working on identifying affected products and providing resolution for any products determined to be affected. As each product is updated, tested, and released, we will update this knowledge base article. Check back periodically to learn when updates to the products you use become available.
SteelHead | SteelApp | SteelCentral | SteelFusion | SteelStore | Riverbed Open Source
In the lists below, products are grouped together when the same information applies to all products in the group. For example, in the SteelHead section, the bulleted statements apply to all of the product names listed above the statements.
SteelHead CX (appliance, virtual, and cloud)
SteelHead DX
SteelHead EX
SteelHead Interceptor
SteelCentral Controller for SteelHead
SteelCentral Controller for SteelHead Mobile
Riverbed Services Platform
- SRTP memory leak: not vulnerable. Neither the management console nor the optimization engine use DTLS.
- “Poodle” attack: the various elements of SteelHead are individually considered below.
- Management interface: not vulnerable in the default configuration. SSL 3.0 is no longer the default protocol for the management interface on current software versions. To verify your setting, open the CLI, run “show web”, and look for “SSLv3 enabled: no”. You can disable it on current and prior versions with the command “no web ssl protocol sslv3”.
- Inner channel: not vulnerable. Secure peering uses TLSv1 which is immune to Poodle. A downgrade isn’t possible because the software never attempts retries with lower TLS/SSL versions. The inner channel negotiation is always independent of whatever a client may attempt.
- Client connections: vulnerable. An attacker may force a client to downgrade from any TLS version to SSL 3.0. Note that this is confined to attackers on the LAN (internal) side of the SteelHead; attacks over the WAN aren’t possible. A fix for the vulnerable version of OpenSSL will be included in the next scheduled software release; this fix implements TLS_FALLBACK_SCSV to prevent downgrade attacks. Please check the download page for availability.
- Session ticket memory leak and Incomplete no-ssl3 build option: vulnerable. A fix will be included in the next scheduled software release.
- SteelHead 8.6.2
- SteelHead 8.5.3c
SteelApp Traffic Manager
SteelApp Web App Firewall
SteelApp Web Accelerator
- SRTP memory leak: not vulnerable. No SteelApp product uses DTLS in OpenSSL.
- "Poodle" attack: not vulnerable in the default configuration. SSL 3.0 is disabled by default for the management server. The Traffic Manager will use SSL 3.0 if a node in a pool does; we recommend disabling SSL 3.0 on web servers whenever possible. When acting as a client, the Traffic Manager will not attempt to make reconnections and is thus not vulnerable to attack.
- Session ticket memory leak and Incomplete no-ssl3 build option: vulnerable. A fix will be included in the next scheduled software release. Please check the download page for availability.
NetShark
- SRTP memory leak: vulnerable. NetShark does not use DTLS, but the version of OpenSSL shipping with NetShark is compiled with support for SRTP, so the memory leak is still possible. A fix will be included in the next scheduled software release. Please check the download page for availability.
- "Poodle" attack: vulnerable. The current workaround is to switch the software to FIPS mode, in which SSL 3.0 is not available. If the "NetProfiler Export" feature is enabled, ensure that all NetProfilers receiving the export reports also have been switched to FIPS mode. Riverbed is still investigating whether to completely disable SSL 3.0 in a future fix or turn it off in the default configuration but still permit customers to enable it if necessary.
- Session ticket memory leak: vulnerable. A fix will be included in the next scheduled software release. Please check the download page for availability.
- Incomplete no-ssl3 build option: vulnerable. The current workaround is to switch the software to FIPS mode, in which SSL 3.0 is not available. If the "NetProfiler Export" feature is enabled, ensure that all NetProfilers receiving the export reports also have been switched to FIPS mode. A fix will be included in the next scheduled software release. Please check the download page for availability.
Other products are currently under investigation.
SteelHead EX
Granite Core (physical and virtual)
- SRTP memory leak: not vulnerable. Neither the management console nor the optimization engine use DTLS.
- "Poodle" attack: not vulnerable in the default configuration. SSL 3.0 is no longer the default protocol for the management interface beginning with SteelFusion software version 2.0.1. To verify your setting, open the CLI, run "show web", and look for "SSLv3 enabled: no". You can disable it on current and prior versions with the command "no web ssl protocol sslv3".
- Session ticket memory leak and Incomplete no-ssl3 build option: vulnerable. A fix will be included in the next scheduled software release. Please check the download page for availability.
- SRTP memory leak: not vulnerable. Neither the management console nor the optimization engine use DTLS.
- "Poodle" attack: not vulnerable in the default configuration. SSL 3.0 is no longer the default protocol for the management interface beginning with SteelStore software version 3.0. To verify your setting, open the CLI, run "show web", and look for "SSLv3 enabled: no". You can disable it on current and prior versions with the command "no web ssl protocol sslv3".
- Session ticket memory leak and Incomplete no-ssl3 build option: vulnerable. A fix will be included in the next scheduled software release. Please check the download page for availability.
Currently under investigation.
Allot
Teneo is waiting for the vendor’s confirmation if CVE-2014-3566 affects any of their products.
Castle Rock
Teneo is waiting for the vendor’s confirmation if CVE-2014-3566 affects any of their products.
Talari
Talari Networks have sent an email out to their customers advising which appliances and software versions are affected. If you have not received this email from Talari, please contact us and we can pass the information on.
This notice is to inform you of the impact to Talari's APN solution and what Talari's plans are going forward.
What is vulnerable:
All modern browsers supported by the Talari APN solution utilize the TLS 1.2 protocol by default. Under normal circumstances, HTTPS sessions will not utilize the SSL 3.0 protocol to access the Talari management web console.
It is possible for HTTPS sessions to utilize the SSL 3.0 protocol to access the Talari management web console if an administrator has disabled support for TLS 1.2 and TLS 1.1 in the web browser. To avoid this, administrators should enable support for TLS 1.2 and TLS 1.1 in all web browsers.
It is possible for HTTPS sessions to utilize the SSL 3.0 protocol to access the Talari management web console under certain attack scenarios. To avoid this, administrators should disable support for SSL 3.0 in all web browsers.
It is possible for alert emails sent from an APN Appliance or APN Aware to a mail server to use the SSL 3.0 protocol under certain attack scenarios if the mail server requested STARTTLS. To avoid this, administrators should disable support for SSL 3.0 in all mail servers.
What is not vulnerable:
This issue has no impact on the APN secure encrypted TRP protocol used for in band Site-to-Site communication. It also has no impact on communication between APN Appliances and APN Aware, as this communication channel is configured to only use the TLSv1 protocols.
Platforms Impacted:
T510, T730, T750, T860, T3000, T3010, T5000, APN Aware
Software Versions Impacted:
APN Software R4.0P5H1 and below
Aware R1.0P5 and below
Corrective Action:
Talari will be addressing this issue starting with the following releases:
APN Software R4.0P6
APN Software R4.1
Aware R1.0P6
Aware R1.1
Note to Administrators: As a part of Talari's planned corrective action, Talari will only permit HTTPS TLS 1.2 or better. Administrators should plan accordingly to utilize supported web browsers with proper security settings enabled. Older browsers that do not support HTTPS TLS 1.2 or better will not be supported with the Talari management web console.
Talari will send a follow up Flash Notification once the above releases are available for download through their Customer Support Portal.
Infoblox
Teneo is waiting for the vendor’s confirmation if CVE-2014-3566 affects any of their products.
Update 23/10/2014
#3311: NIOS and all Network Automation products vulnerable to CVE 2014-3566
Overview
Regarding the recently announced vulnerability to POODLE - SSL 3.0 (CVE-2014-3566):
This vulnerability is a "man-in-the-middle" attack and the vulnerability could result in clear text being disclosed from the "secure" communication. However, to expose of the communication between client and server to the vulnerability would require the attacker to be on the same physical network as the client and server and have some control over the network connectivity that would allow to force the server and client communication to switch to SSL 3.0.
Recommendation
Disabling SSL 3.0 on the client browser would prevent the server from being even remotely exposed to the vulnerability.
For details how to disable SSL 3.0 on the client browser, please follow the link:
https://zmap.io/sslv3/browsers.html
Next Steps
The Infoblox DDI product family running NIOS and all versions of its Network Automation products NetMRI, Automation Change Manager, and Switch Port Manager are vulnerable to this exploit as SSL 3.0 is enabled in the current versions of the products.
Furthermore, Infoblox will be providing updates to all current NIOS products to disable SSL 3.0 so that the server will not fallback to this encryption mechanism after several failed negotiations. All variants of Infoblox Network Automation products [NetMRI, Automation Change Manager, and Switch Port Manager] will be updated as part of the next shipping release v 6.9.1, and will receive a hotfix against v 6.8.7.
Palo Alto Networks
Palo Alto Networks is aware of the SSL 3.0 vulnerability. We are reviewing this at this time and will update you as to our coverage plans. Microsoft includes guidance on their website "Considering the attack scenario, this vulnerability is not considered high risk to customers."
For more information on the SSL 3.0 vulnerability, see https://technet.microsoft.com/library/security/3009008 and http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
The Poodle bug is not considered high risk as less than 1% of browsers are affected.
We will keep you updated on this as and when Palo release coverage plans
Keep up to date with the latest news
The Teneo Technical Support Team will be keeping up to date with all of the latest information and updates, so please get in touch with any questions or concerns at support@teneo.net
To keep up to date with what we know, follow us on Twitter
Comments
0 comments
Article is closed for comments.