Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)

Summary

IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library.

Vulnerability Details

CVEID:CVE-2023-33850
**DESCRIPTION:**IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

10.5.0.x

|

Client and Server

IBM® Db2®|

11.1.4.x

|

Client and Server

IBM® Db2®|

11.5.x

|

Client and Server

All platforms are affected.
Earlier releases (10.1, 9.7 etc.) may also be affected, but they are no longer supported.

Remediation/Fixes

Customers running any vulnerable fixpack level of an affected Program, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V10.5 FP11, V11.1.4 FP7, and V11.5.8. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.

AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER™ big endian
Linux 64-bit, POWER™ little endian
Linux 64-bit, System z®, System z9® or zSeries®
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
Windows 32-bit, x86
Windows 64-bit, x86

V11.1| TBD| DT223175| Special Build for V11.1.4 FP7:

AIX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER™ little endian
Linux 64-bit, System z®, System z9® or zSeries®
Solaris 64-bit, SPARC
Windows 32-bit, x86
Windows 64-bit, x86

V11.5| TBD| DT223175|

Special Build for V11.5.0:

AIX 64-bit (for OS7.1)

Special Build for V11.5.7:

AIX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER™ little endian
Linux 64-bit, System z®, System z9® or zSeries®
Windows 32-bit, x86
Windows 64-bit, x86

Special Build for V11.5.8:

AIX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER™ little endian
Linux 64-bit, System z®, System z9® or zSeries®
Windows 32-bit, x86
Windows 64-bit, x86

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

Important:
Db2 releases with KI DT223175 will use the non-FIPS ICC for TLS ciphers that use RSA key exchange, as the FIPS certified ICC is vulnerable to CVE-2023-32342.

Customers with a requirement to use only FIPS 140 certified cryptographic modules must enable Strict FIPS mode. In strict FIPS mode, Db2 releases with KI DT223175 will disable all TLS ciphers and versions that are vulnerable to CVE-2023-32342 and will use only FIPS certified cryptographic modules.

The following restrictions will apply to TLS when strict mode is enabled:

• TLS 1.0 and 1.1 will be disabled in strict mode, as TLS 1.1 and prior only support ciphers that use RSA key exchange. If TLS 1.0 or 1.1 is the only TLS version enabled for client/server SSL, TLS 1.2 will be enabled in its place. The LDAP plugins will automatically use TLS 1.2 in strict FIPS mode.
• TLS 1.2 ciphers that use RSA key exchange (TLS_RSA_*) will be disabled. If there are no remaining ciphers in the SSL_CIPHERSPECS DBM CFG parameter, all supported ECDHE ciphers will be enabled. For instances using RSA certificates, Db2 will automatically prefer TLS_ECDHE_RSA ciphers for TLS 1.2 and no certificate change is required.
• TLS 1.3 is unaffected by CVE-2023-32342

To enable strict FIPS mode, set the DB2AUTH registry variable to STRICT_FIPS. If the DB2AUTH registry variable is already set, multiple options can be separated by commas.

db2set DB2AUTH=STRICT_FIPS

In an environment without a Db2 registry, such as the Data Server Driver, the DB2AUTH registry variable can be set in the environment.

Unix/Linux: export DB2AUTH=STRICT_FIPS

Windows: setx DB2AUTH STRICT_FIPS /m

If the LDAP authentication plugins are in use, the FIPS_MODE parameter can be set to STRICT in the IBMLDAPSecurity.ini

FIPS_MODE=STRICT

Db2 must be restarted(db2stop/db2start) for the changes to the DB2AUTH registry variable or IBMLDAPSecurity.ini to take effect.

Note: Customers using an IBM LDAP sever such as IBM Security Verify Directory 10.0, IBM Security Directory Suite 8.0, or IBM Security Directory Server 6.4 must explicitly enable TLS_ECDHE_RSA_WITH_AES_* ciphers if using an RSA certificate, or TLS_ECDHE_ECDSA_WITH_AES_* ciphers if using an ECDSA certificate before upgrading Db2 to a release with a fix for CVE-2023-32342. TLS 1.2 cipher settings can be found in the web administration tool under Server Administration > Manage Security Properties > Encryption.

Warning: Starting with KI DT223175, SERVER_ENCRYPT is deprecated. SERVER_ENCRYPT_AES is not compliant with the FIPS 140-3 standard, and will not work in strict FIPS mode when FIPS 140-3 certified cryptographic modules are introduced in a future version of Db2. SERVER_ENCRYPT without AES will continue to work in strict FIPS mode when FIPS 140-3 certified cryptographic modules are introduced in a future version of Db2.

Customers requiring encryption of sensitive credentials should disable SERVER_ENCRYPT_AES and switch to TLS 1.2 or TLS 1.3. TLS provides more secure protection of credentials and data compared to SERVER_ENCRYPT or SERVER_ENCRYPT_AES

To enable TLS, refer to TLS Configuration of Db2

Once TLS is enabled in the Db2 server and on all clients, to migrate clients to SERVER or SERVER_ENCRYPT authentication instead of SERVER_ENCRYPT_AES:

• On client that use the database catalogs, uncatalog the database and re-catalog without the AUTHENTICATION keyword
• On clients that use the db2cli.ini, db2dsdriver.cfg, or a connection string, ensure the Authentication keyword is removed.

Removing the Authentication keyword will allow the client to negotiate SERVER, SERVER_ENCRYPT, or SERVER_ENCRYPT_AES based on what is offered by the Db2 server. Once the authentication keyword has been removed from the configuration of all clients, the following steps can be used to ensure the server does not request SERVER_ENCRYPT_AES.

• Set the ALTERNATE_AUTH_ENC database manager configuration parameter to NULL.
• If the AUTHENTICATION or SRVCON_AUTH database manager configuration parameters are set to SERVER_ENCRYPT, set them to SERVER instead to reduce overhead. TLS is encrypting the entire data stream, so it is not necessary to re-encrypt credentials with SERVER_ENCRYPT
• If the AUTHENTICATION or SRVCON_AUTH database manager configuration parameters are set to one of the following combination types, no action needs to be taken at this time.
  • KRB_SERVER_ENCRYPT
  • GSS_SERVER_ENCRYPT
  • SERVER_ENCRYPT_TOKEN
  • KRB_SVR_ENC_TOKEN
  • GSS_SVR_ENC_TOKEN

Warning: If Db2 is configured to use SERVER authentication, and TLS is not configured, credentials will be exposed over the wire. Ensure TLS is configured before enabling SERVER authentication.

Note: Db2 must be restarted (db2stop/db2start) for these changes to take effect.

Workarounds and Mitigations

If a fix for DT223175 is not installed, to work around CVE-2023-32342 ciphers that use RSA key exchange must be disabled. Becase TLS 1.0 and 1.1 only support ciphers that use RSA key exchange, TLS 1.0 and 1.1 must also be disabled.

**
Client/Server SSL**

Enable TLS 1.2 and/or TLS 1.3. Note: TLS 1.3 is available starting with Db2 11.5.8

• db2 update dbm cfg using SSL_VERSIONS TLSV12
• db2 update dbm cfg using SSL_VERSIONS TLSV13
• db2 update dbm cfg using SSL_VERSIONS TLSV12,TLSV13

If TLS 1.2 is enabled, set SSL_CIPHERSPECS such that only TLS_ECDHE_RSA_* or TLS_ECDHE_ECDSA_* ciphers are enabled. Refer to the following document for a list of supported cipher suites: <https://www.ibm.com/docs/en/db2/11.5?topic=parameters-ssl-cipherspecs-supported-cipher-specifications-server&gt;

KMIP

In the KMIP server, ensure that all TLS_RSA_* ciphersuites are disabled and only TLS_ECDHE_RSA_* or TLS_ECDHE_ECDSA_* ciphersuites are enabled. Refer to the KMIP server’s documentation on how to disable TLS ciphers. On Db2 11.5.8 or later, TLS 1.3 can be enforced as a workaround to CVE-2023-32342. Set the TLSVersion keyword to TLSV13 in the KMIP configuration file.

LDAP Plugins

Enable TLS 1.2 by setting the SECURITY_PROTOCOL keyword to TLSV12 in the IBMLDAPSecurity.ini

In the LDAP server, ensure that all TLS_RSA_* ciphersuites are disabled and only TLS_ECDHE_RSA_* or TLS_ECDHE_ECDSA_* ciphersuites are enabled for incoming connections. Refer to the LDAP server’s documentation on how to disable TLS ciphers.