Saturday, December 16, 2017

TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack

Original release date: October 17, 2014Systems Affected All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios. Overview US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. The POODLE attack demonstrates how an attacker can exploit this vulnerability to decrypt and extract information from inside an encrypted transaction. Description The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session. The decryption is done byte by byte and will generate a large number of connections between the client and server.While SSL 3.0 is an old encryption standard and has generally been replaced by Transport Layer Security (TLS) (which is not vulnerable in this way), most SSL/TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. Even if a client and server both support a version of TLS the SSL/TLS protocol suite allows for protocol version negotiation (being referred to as the “downgrade dance” in other reporting). The POODLE attack leverages the fact that when a secure connection attempt fails, servers will fall back to older protocols such as SSL 3.0. An attacker who can trigger a connection failure can then force the use of SSL 3.0 and attempt the new attack. [1]Two other conditions must be met to successfully execute the POODLE attack: 1) the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) and 2) the attacker must have visibility of the resulting ciphertext. The most common way to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a whole separate form of attack to establish that level of access.These conditions make successful exploitation somewhat difficult. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges. Impact The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website (impersonating that user, accessing database content, etc.). Solution There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol; however, disabling SSL 3.0 support in system/application configurations is the most viable solution currently available.Some of the same researchers that discovered the vulnerability also developed a fix for one of the prerequisite conditions; TLS_FALLBACK_SCSV is a protocol extension that prevents MITM attackers from being able to force a protocol downgrade. OpenSSL has added support for TLS_FALLBACK_SCSV to their latest versions and recommend the following upgrades: [2]OpenSSL 1.0.1 users should upgrade to 1.0.1j.OpenSSL 1.0.0 users should upgrade to 1.0.0o.OpenSSL 0.9.8 users should upgrade to 0.9.8zc.Both clients and servers need to support TLS_FALLBACK_SCSV to prevent downgrade attacks.Other SSL 3.0 implementations are most likely also affected by POODLE. Contact your vendor for details. Additional vendor information may be available in the National Vulnerability Database (NVD) entry for CVE-2014-3566. [3] References [1] This Poodle Bites: Exploiting The SSL Fallback [2] OpenSSL Security Advisory [15 Oct 2014] [3] Vulnerability Summary for CVE-2014-3566 Revision History October 17, 2014 Initial Release This product is provided subject to this Notification and this Privacy & Use policy.

Security Update 2014-001 (Mountain Lion)

Security Update 2014-001 is recommended for all users and improves the security of OS X For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222 SHA1=227ca2e0060e40835dcc29bfd37cb0e0364912f4 ...

Aperture 3.4.5

What's New in Version 3.4.5 Addresses an issue that could cause Aperture to quit unexpectedly when deleting items from a camera or memory card after import Memory cards are now ejected correctly when using the Delete Items ...

Cris Thomas on Cyberwar Rhetoric

Cris Thomas of Tenable Networks, aka Space Rogue of the L0pht, talks to Mike Mimoso during RSA Conference about the rhetoric and hype surrounding cyberwar, as well as a quick trip down memory lane with the L0pht and its famous 1998 testimony before Con...

Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote...

Revision Note: V2.0 (March 30, 2010): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-018 to addre...

Gestetner Printer Drivers v3.0 for OS X

This update installs the latest software for your Gestetner printer or scanner for OS X Yosemite, OS X Mavericks, OS X Mountain Lion, and OS X Lion.

OS X NTP-säkerhetsuppdatering: OS X Mavericks

Den här uppdateringen löser ett viktigt säkerhetsproblem med programvaran som tillhandahåller tjänsten Network Time Protocol i OS X och rekommenderas för alla användare.

Drupal Closes Access Bypass Vulnerability in Core Engine

Drupal released a point update for its core engine to patch a critical access bypass vulnerability.

Deep-Learning PassGAN Tool Improve Password Guessing

A deep-learning network known as a GAN has been applied to passwords, and a tool called PassGAN significantly improves the ability to guess user passwords over tools such as Hashcat or John the Ripper.

VU#577140: BIOS implementations fail to properly set UEFI write protections after...

Multiple BIOS implementations fail to properly set write protections after waking from sleep,leading to the possibility of an arbitrary BIOS image reflash.

RHBA-2016:1816-1: iscsi-initiator-utils bug fix update

Updated iscsi-initiator-utils packages that fix one bug are now available forRed Hat Enterprise Linux 6.7 Extended Update Support. The iscsi-initiator-utils packages provide the server daemon for the InternetSmall Computer System Interface (iSCSI) protocol, as well as the utilityprograms used to manage it. The iSCSI protocol is a protocol for distributeddisk access using SCSI commands sent over Internet Protocol (IP) networks.This update fixes the following bug:* Discovery of iSCSI storage targets using the Internet Storage Name Service(iSNS) protocol did not properly bind the discovered target portal to offloadingiSCSI Host Bus Adapter (HBA) interfaces. As a consequence, iSNS discovery failedwhen performed by offloading iSCSI HBAs. With this update, iSNS binds the targetportal as expected, and thus ensures that offloading iSCSI HBAs enables iSNSdiscovery. (BZ#1365614)Users of iscsi-initiator-utils are advised to upgrade to these updated packages,which fix this bug. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Server EUS (v. 6.7.z) SRPMS: iscsi-initiator-utils-6.2.0.873-14.el6_7.1.src.rpm     MD5: fa605573205ad37a9500183dc597dec3SHA-256: d7412251b51bbb4f1e22331ea5dcc4204111998be0b38840f3d25e1138c1676b   IA-32: iscsi-initiator-utils-6.2.0.873-14.el6_7.1.i686.rpm     MD5: c9a8135a37ee54d41169bea2550d209cSHA-256: 30d9a60e385e9a781e27e01b9dc0a7c1536de224355565397723cc38b25c668d iscsi-initiator-utils-debuginfo-6.2.0.873-14.el6_7.1.i686.rpm     MD5: a5493c97bbb171bcd0cdd4ce3e100514SHA-256: d197fc87d128d9c42df19611795058a6534442f11fab13e4ea59ad2c2591fba2 iscsi-initiator-utils-devel-6.2.0.873-14.el6_7.1.i686.rpm     MD5: 0181e1c9a93787c1254792579e4bd982SHA-256: f009b56e5888c19fbbb2d71099425b2e62931541c84f6d04e5649ca51f42f80a   PPC: iscsi-initiator-utils-6.2.0.873-14.el6_7.1.ppc64.rpm     MD5: 9734f4e02efcf0556667865bd0935d47SHA-256: e4845f7efb976600246a9a3b9003c615800b251e779c38098b196196177764b8 iscsi-initiator-utils-debuginfo-6.2.0.873-14.el6_7.1.ppc64.rpm     MD5: f09aee62ab1edcb31df1181aad9fa848SHA-256: fe4bf8bb51e4429466261618883fb1e93cb413b438af91129fa8666004bb3faf iscsi-initiator-utils-devel-6.2.0.873-14.el6_7.1.ppc64.rpm     MD5: a52ce03bb7ab856b32b19e748f0988d6SHA-256: ae7fb9055d8098bfdb2f8c15faa9b432641b1c4934aec66f2ec9e58afe3b9668   s390x: iscsi-initiator-utils-6.2.0.873-14.el6_7.1.s390x.rpm     MD5: 5cf1cd219f260cac64ed39395a3f70feSHA-256: eef365eb9749ccb7ff54767194d47f1093e62767302d39329787aa498a7bf6ea iscsi-initiator-utils-debuginfo-6.2.0.873-14.el6_7.1.s390x.rpm     MD5: cc57de59e0c2606a01bf75fa1bbd30c1SHA-256: 251720cdd81ab85f49108a6d26e5da9d1f06c0f06ddfb0331620ebcc49fe48c0 iscsi-initiator-utils-devel-6.2.0.873-14.el6_7.1.s390x.rpm     MD5: 83a29d35cf396f9dd051254c04a072e0SHA-256: cd6cb27937d981494e1de05f99d6e083ebf707f5f5677214762ad1efd4a1688d   x86_64: iscsi-initiator-utils-6.2.0.873-14.el6_7.1.x86_64.rpm     MD5: cd50035a8994a7a7e7b64c9d3cd3c81fSHA-256: 04bf048cf04ab43947e6126ae67cbb8a843ed20733f3cf4189211cd697e3fefc iscsi-initiator-utils-debuginfo-6.2.0.873-14.el6_7.1.x86_64.rpm     MD5: 2e56b9be2c794f354ce0ca2ea779f39eSHA-256: 8bfc97aa8d5671488e3eeac349639088f435a39969a9c8a71fa8545a6ee0138f iscsi-initiator-utils-devel-6.2.0.873-14.el6_7.1.x86_64.rpm     MD5: ff12edbab5331e3dce74bbbb3e761ea1SHA-256: 52ce9be9aae1ea0a4c5ce0aafab59071fa28427a8c29eb52e44c042392d0cbd8   (The unlinked packages above are only available from the Red Hat Network) 1365614 - iSNS discovery support through offloaded ifaces These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Buggy Domain Validation Forces GoDaddy to Revoke Certs

GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process. The bug was introduced July 29 and impacted fewer than two percent of the certificates GoDaddy issued from that date through yesterday, said vice president and general manager of security products Wayne Thayer. “GoDaddy inadvertently introduced the bug during a routine code change intended to improve our certificate issuance process,” Thayer said in a statement. “The bug caused the domain validation process to fail in certain circumstances.” Part of the validation process involves registrar’s sending customers via email a validation code that the customer drops onto their site. Thayer explained that the system searches a particular spot for the code in order to complete validation. “When the bug was introduced, certain web server configurations caused the system to provide a positive result to the search, even if the code was not found,” Thayer explained, adding that GoDaddy was not aware of any compromises related to the bug. The issue did expose sites running SSL certs from GoDaddy to spoofing where a hacker could gain access to certificates and pose as a legitimate site in order to spread malware or steal personal information such as banking credentials. GoDaddy has already submitted new certificate requests for affected customers. Customers will need to take action and log in to their accounts and initiate the certificate process in the SSL Panel, Thayer said. “This process will be identical to the process they followed when their previous certificates were issued. (If a customer has more than one revoked certificate associated with their customer account, they will be able to initiate the certificate process for each domain within the SSL Panel.),” Thayer said. “The SSL Panel provides helpful information and instructions that should allow customers to easily process the certificate online.” Affected websites will still resolve, GoDaddy said, but customers may see untrusted-site error warnings. Experts, meanwhile, caution that as more Certificate Authorities come online such as Let’s Encrypt, which provides free certs in an automated fashion, that more errors like this one could crop up. “I only see more of them happening,” said Kevin Bocek, vice president of security strategy at Venafi. “We’re seeing faster and faster certification validation with organizations like Let’s Encrypt turning up the competition [among CAs]. And things like DevOps driving faster certificate issuance. And with organizations moving to the cloud, you’re going to have more machines doing these types of requests for new certificates. “It’s all software,” Bocek said. “It could all have bugs. In the past year, we’ve seen more and more of these reports and the trend is going to continue.” Let’s Encrypt has taken great strides toward fulfilling its promise of bringing free encryption and SSL to the web by simplifying and automating the process. Let’s Encrypt isn’t alone; Amazon, Cloudflare and others also offer free SSL certs in one form or another. Let’s Encrypt uses ACME (Automated Certificate Management Environment), an open API, to automate certificate requests and issuance. And it’s working; in October, Mozilla telemetry that was made public showed that for the first time, more than half of all traffic in transit is encrypted. “There are going to be more demands on CAs and more and more machines doing requests,” Bocek said, adding that while ACME is great for efficiency, it is taking people out of the process. He recommends that organizations familiarize themselves with NIST guidance on preparing for and responding to CA compromises. “Everyone,” Bocek said, “needs to have a plan and an automated way to get around this.”