IBM6BA7119E438195193182006EE07A8361B9555CA549522A22F76B70DEC940EE67Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
Question
Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities
Answer
IN THIS ARTICLE
- Abstract
- Vulnerability Details
- Affected products and versions
- Remediation
- apache 2.2
- Nginx
- asperanoded asperahttpd
- Cygwin-SSH server
Abstract
OpenSSL vulnerabilities are disclosed by the OpenSSL Project and affect the products listed below. This includes the Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). This also includes the alternate chains certificate forgery vulnerability (CVE-2015-1793). The affected products have addressed the applicable CVEs.
TLS connections using the Diffie-Hellman key exchange protocol were found to be vulnerable to a man-in-the-middle type attack. An attacker could potentially downgrade vulnerable TLS connections to be 512-bit export-grade cryptography. The apache and nginx web servers and OpenSSL use Diffie-Hellman Export ciphers and as such can become vulnerable to this attack by using pre-computed 512-bit primes.
Vulnerability Details
CVEID: CVE-2016-2183
DESCRIPTION: The DES and Triple DES ciphers as used in the TLS SSH and IPSec protocols and other protocols and products have a birthday bound of approximately four billion blocks which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session as demonstrated by an HTTPS session using Triple DES in CBC mode aka a “Sweet32” attack.
- CVSS v3 Base Score: 5.3 Medium
- Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Impact Score: 1.4
- Exploitability Score: 3.9
CVEID: CVE-2016-2017
DESCRIPTION:OpenSSL before 1.0.1t and and before 1.0.2h have been found to be vulnerable to a padding-oracle attack on CBC mode decryption. This allows for the potential of attackers to decrypt client data sent to the server.
- CVSS v3 Base Score: 8.1 High
- Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Impact Score: 5.2
- Exploitability Score: 2.8
CVEID: CVE-2015-1793
DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions caused by an implementation error of the alternative certificate chain logic. An attacker could exploit this vulnerability to bypass the CA flag and other specific checks on untrusted certificates and issue an invalid certificate.
- CVSS Base Score: 7.5
- CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104500> for the current score
- CVSS Environmental Score*: Undefined
- CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2015-4000
DESCRIPTION: TLS version 1.2 and earlier when a DHE_EXPORT ciphersuite is enabled on a server but not on a client does not properly convey a DHE_EXPORT choice which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE aka the “Logjam” issue.
- CVSS Base Score: 4.3
- Impact Subscore: 2.9
- Exploitability Subscore: 8.6
- CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected products and versions
- IBM Aspera Faspex Application 3.9.2 and earlier
- IBM Aspera Shares 1.9.3 and earlier
- IBM Aspera Proxy 1.2.2 and earlier
- IBM Aspera Enterprise Server Client 3.5.5 and earlier
- IBM Aspera Point to Point 3.5.5 and earlier
- IBM Aspera Enterprise Server 3.5.5 and earlier
- IBM Aspera OnDemand 3.5.4 and earlier
- IBM Aspera Orchestrator 2.3.0 and earlier
- IBM Aspera Console 3.0.1 and earlier
Remediation
Use the Elliptical Diffie-Hellman ciphers and disable weak Diffie-Hellman export ciphers in all SSH apache and nginx servers used by the IBM Aspera Server products.
The next major release to all IBM Aspera Server products will default to this configuration. Until that time you can protect your servers by using the following as a reference of which ciphers to use for each affected product.
apache 2.2 (Faspex Console Orchestrator)
1. Configuration
The file to modify is found at the following:
- Linux:
/opt/aspera/common/apache/conf/extra/httpd-ssl.conf - Windows:
C:\Program Files (x86)\Common Files\Aspera\Common\apache\conf\extra\httpd-ssl.conf
Add the following configurations to the file:
**SSLProtocol** all -SSLv2 -SSLv3
**SSLCipherSuite** ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
**SSLHonorCipherOrder** on
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
2. Add entropy
Add entropy for stronger Diffie-Hellman randomness by running the following commands:
# openssl dhparam -out dhparams.pem 2048
# cat dhparams.pem >> /opt/aspera/common/apache/conf/server.crt
_(or wherever SSLCertificateFile is pointing)_
Nginx (Shares)
1. Add entropy
Add entropy for stronger Diffie-Hellman randomness by running the following commands:
# cd /opt/aspera/shares/etc/nginx
# /opt/aspera/shares/bin/openssl dhparam -out dhparams.pem 2048
2. Configuration
The file to modify is found at the following:
- Linux:
/opt/aspera/shares/etc/nginx/nginx.conf - Windows:
C:\Shares\nginx\conf\nginx.conf
Add the following configurations to the file:
**ssl_protocols** TLSv1 TLSv1.1 TLSv1.2;
**ssl_ciphers** ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
**ssl_prefer_server_ciphers** on;
**add_header** Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
**ssl_dhparam** _dhparams.pem_
If you are on Shares 1.9.3 or earlier you are vulnerable to a padding-oracle attack on CBC mode decryption (CVE 2016-2017 above). Shares 1.9.4 and above uses an upgraded version of OpenSSL and is not exposed to this vulnerability.
If you can’t upgrade Shares immediately TLS 1.2 does not make use of vulnerable AES-CBC cipher modes.
You can modify Shares to use TLS 1.2 exclusively by modifying the nginx.conf file:
- Linux:
/opt/aspera/shares/etc/nginx/nginx.conf - Windows:
C:\Shares\nginx\conf\nginx.conf
NOTE: If you have Shares users on old browsers they may not be able to connect if you use TLS 1.2 exclusively. You can check TLS 1.2 support here.
Modify the ssl_protocols line so it only defines TLSv1.2:
**ssl_protocols** TLSv1.2;
asperanoded asperahttpd
1. Configuration
The file to modify is found at the following:
- Linux:
/opt/aspera/etc/aspera.conf - Windows:
C:\Program Files (x86)/Aspera/_product_name_\etc\aspera.conf - Mac:
/Library/Aspera/etc/aspera.conf
This is the default in aspera.conf:
<ssl_protocol>tlsv1</ssl_protocol>
<ssl_ciphers>ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS</ssl_ciphers>
2. Add entropy
Add entropy for stronger Diffie-Hellman randomness by running the following commands:
# openssl dhparam -out dhparams.pem 2048
# cat dhparams.pem >> /opt/aspera/etc/aspera_server_cert.pem
Cygwin-SSH server (Windows Enterprise Server or Point to Point 3.5/3.5.6)
1. Configuration
The file to modify is found at the following:
- C:\Program Files (x86)\Aspera<Enterprise Server or Point to Point>\etc\sshd_config
Locate the following in the file:
KexAlgorithms diffie-hellman-group1-sha1
and change it to the following:
KexAlgorithms diffie-hellman-group-exchange-sha1diffie-hellman-group14-sha1
2. Remove insecure primes
Remove all DH Group Exchange primes of less than 2000 bits from the following file:
C:\Program Files (x86)\Aspera\<Enterprise Server or Point to Point>\etc\moduli
Appendix
References
Related Information
Change History
23 June 2015: Original Copy Published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST) the Common Vulnerability Scoring System (CVSS) is an ‘industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.’ IBM PROVIDES THE CVSS SCORES ‘AS IS’ WITHOUT WARRANTY OF ANY KIND INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
[{“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Product”:{“code”:“SS8NDZ”,“label”:“IBM Aspera”},“Component”:“”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“All Versions”,“Edition”:“”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm aspera | eq | any |
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N