Security Bulletin: Vulnerability in GSKit affects Tivoli Access Manager for e-business and Security Access Manager for Web (CVE-2015-0138)

Summary

GSKit is an IBM component that is used by IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web. The GSKit that is shipped with IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2015-0138

DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.

This vulnerability is also known as the FREAK attack.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

• IBM Tivoli Access Manager for e-business versions 6.0, 6.1, 6.1.1
• IBM Security Access Manager for Web version 7.0 software
• IBM Security Access Manager for Web version 7.0 appliance, all firmware versions
• IBM Security Access Manager for Web version 8.0 appliance, all firmware versions

Remediation/Fixes

None

Workarounds and Mitigations

The following steps describe how to mitigate this vulnerability for the affected releases.

1) Apply security patch

Security patches have been provided for all versions of IBM Tivoli Access Manager for e-business (TAMeb) and IBM Security Manager for Web (ISAM for Web). The mitigations for the GSKit FREAK vulnerability require that these patches be installed first. Please read the security bulletins provided in the table below for your product version for instructions on obtaining and applying the necessary security patches.

Important – these patchesmust be applied before moving onto step two “Applying mitigation” following.

2) Apply mitigation

_Mitigation for all TAMeb versions and ISAM for Web 7.0 software version _

1). Download the latest version of GSKit, 7.0.5.5 or 8.0.50.41, for your currently installed TAMeb or ISAM version -

• IBM Security Access Manager for Web 7.0.0****
• Tivoli Access Manager for e-business 6.1.1
• Tivoli Access Manager for e-business 6.1.0****
• Tivoli Access Manager for e-business 6.0.0****

2). Shutdown all running instances of WebSEAL on the machine for which these instructions are to be followed.

3). For all ISAM and TAMeb versions. For all machines hosting WebSEAL if the following environment variables have been set –

GSK_V2_CIPHER_SPECS
GSK_V3_CIPHER_SPECS

remove all references of the following cipher numbers –

03 06 62 64

4). For ISAM 7.0 only. For each instance of WebSEAL, under the [ssl] stanza remove all references to the following RSA_EXPORT ciphers from both the gsk_attr_name and the jct_gsk_attr_name attributes -

Long Name
-----------------------------------
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

Note - any instance of the long names for the above ciphers should be removed.

5). For all TAMeb and ISAM versions. For all instances of WebSEAL, if the GSKit environment variables have been correctly configured as outlined in step two above and the value of the ssl-qop-mgmt within the WebSEAL configuration file is currently set to “No” or “False” then no additional actions are required., Skip to step six following.

For all instances of WebSEAL, if the ssl-qop-mgmt attribute is set to “Yes” or “True” and the default attribute is set to “ALL” then redefine the default attribute values to include a subset of ciphers ensuring that the following are not present -

default = RC4-40
default = RC2-40
default = DES-56
default = DES-56-62
default = RC4-56

Finally, for all instances of WebSEAL with alternative ssl-qop-mgmt configurations ensure that all references to the following ciphers are removed -

default = RC4-40

default = RC2-40
default = DES-56
default = DES-56-62
default = RC4-56

6). For all instances of WebSEAL, if not already done, set the following environment variable during WebSEALs start up process -

GSK_STRICTCHECK_CBCPADBYTES = GSK_FALSE

Important - If this environment variable is already set then it can remain in place. It should not have any effect on this mitigation plan.

7). Upgrade to GSKit, 7.0.5.5 or 8.0.50.41, using the instructions provided in the readme of their respective releases.

8). Restart all instances of WebSEAL.

_Mitigation for all ISAM for Web 7.0 and 8.0 appliance versions _

1). Download the GSKit 8.0.50.41 appliance fix packs for the product version -

• IBM Security Access Manager for Web 8.0.1.0 IF0002
• IBM Security Access Manager for Mobile 8.0.1.0 IF0002
• IBM Security Access Manager for Web (WGA) 7.0.0 IF0011
• IBM Single Sign On for Bluemix v2 Identity Bridge 8.0.1.0 IF0002****

2). Shut down all instances of the Reverse Proxy hosted by the appliance where these instructions are to be followed.

3). For each of the instance of Reverse Proxy open its configuration file using the following instructions -

1. Select ‘Secure Web Settings -> Reverse Proxy’ from the menu bar;
2. Select the Reverse Proxy instance;
3. Select ‘Manage -> Configuration -> Edit Configuration File’ from the menu

4). For each instance of Reverse Proxy, under the [ssl] stanza remove all references to the following RSA_EXPORT ciphers from both the gsk_attr_name and the jct_gsk_attr_name attributes -

Long Name
-----------------------------------
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

Note - any instance of the long names for the above ciphers should be removed.

5). For all instances of the Reverse Proxy, if the ssl-qop-mgmt attribute is set to “Yes” or “True” and the default attribute is set to “ALL” then redefine the default attribute values to include a subset of ciphers ensuring that the following are not present -
default = RC4-40
default = RC2-40
default = DES-56
default = DES-56-62
default = RC4-56

Finally, for all instances of the Reverse Proxy with alternative ssl-qop-mgmt configurations ensure that all references to the following ciphers are removed -

default = RC4-40

default = RC2-40
default = DES-56
default = DES-56-62
default = RC4-56

6). For each instance of Reverse Proxy if not already set, set the following attribute and value under the [ssl] stanza -

gsk-attr-name = enum:471:0
jct-gsk-attr-name = enum:471:0

Note - If this attribute is already set to then this can remain in place. It should not have any affect for the mitigation plan.

7). For each instance of Reverse Proxy save and deploy the changes.

8). Upgrade GSKit 8.0.50.41 by applying the appliance fix pack using the following instructions -

1). Click Manage, and then click Fix Packs.
2). In the Fix Packs pane, click New.
3). In the Add Fix Pack window, click Browse to locate the fix pack file, and then click Open.
4). Click Submit to install the fix pack.

9). Once the appliance has restarted, verify that all Reverse Proxy servers are restarted successfully.