[NEWS] Vulnerable SSL Implementation in iCDN
From: support@securiteam.comDate: 09/19/01
- Previous message: support@securiteam.com: "[NT] Outlook Express 6 Security Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NEWS] Vulnerable SSL Implementation in iCDN Message-Id: <20010919210110.478B5138C1@mail.der-keiler.de> Date: Wed, 19 Sep 2001 23:01:10 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Vulnerable SSL Implementation in iCDN
------------------------------------------------------------------------
SUMMARY
A security vulnerability has been discovered in version 3.x of the RSA
BSAFE SSL-J Software Developer Kit made by RSA Security. This
vulnerability enables an attacker to establish a Secure Socket Layer (SSL)
session with the server, bypassing the client authentication with a bogus
client certificate. The server must have been developed using a vulnerable
RSA BSAFE SSL-J Software Development Kit (SDK). Servers based on other
libraries are not known to be vulnerable to this issue. For further
details regarding this vulnerability, see
<http://www.securiteam.com/securitynews/5VP0B1F5FE.html> Security Patch
Released for RSA BSAFE SSL-J 3.x.
Cisco Internet Content Distribution Network (iCDN) is affected by the
vulnerable library. The only vulnerable version is iCDN 2.0. This
vulnerability has been fixed in version 2.0.1.
No other Cisco product is vulnerable.
There is no workaround for this vulnerability.
DETAILS
Affected products:
The only product affected is iCDN 2.0. iCDN 1.0 is not vulnerable because
it does not contain the RSA BSAFE SSL-J library.
This vulnerability has been fixed in release 2.0.1
No other Cisco products are affected.
Details:
SSL as a protocol has the notion of a "session", which can be loosely
described as a set of security parameters (such as the "master secret")
which is shared between a client and server (See RFC2246). The creation of
a session incurs the greatest penalty in terms of cryptographic
operations, so the obvious optimization is to cache the session
parameters.
The problem is as follows: If an error occurs during the client-server
handshake, the server might, under certain conditions, store the session's
ID in the cache rather than discarding it. If the same client then
attempts a second connection, the server cache will already contain the
session ID and the shorter version of the SSL handshake will be performed.
Consequently, the server will skip the client authentication phase and the
connection will proceed as if the client had successfully authenticated.
For further details regarding this vulnerability see
<http://www.securiteam.com/securitynews/5VP0B1F5FE.html>
http://www.securiteam.com/securitynews/5VP0B1F5FE.html.
This vulnerability is documented as Cisco Bug ID CSCdu68211.
Impact:
An attacker can gain the access to the server over an SSL connection. Once
logged into the server, an attacker can access and change every accessible
parameter of the system.
Software versions and fixes:
The iCDN 1.0 is not vulnerable since it does not contain the vulnerable
library.
iCDN 2.0.1 has fixed this vulnerability. It is based on a patched RSA
BSAFE SSL-J SDK provided by RSA Security.
Obtaining fixed software:
Cisco is offering free software upgrades to eliminate this vulnerability
for all affected customers.
Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained through the Software Center on
Cisco's Worldwide Web site at <http://www.cisco.com>
http://www.cisco.com.
Customers whose Cisco products are provided or maintained through prior or
existing agreement with third-party support organizations such as Cisco
Partners, authorized resellers, or service providers should contact that
support organization for assistance with the upgrade, which should be free
of charge.
Workarounds:
There is no workaround.
ADDITIONAL INFORMATION
The information has been provided by <mailto:psirt@cisco.com> Cisco
Systems Product Security Incident Response Team.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Outlook Express 6 Security Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
