[NEWS] Host-side Attackers can Access Secret Data

From: SecuriTeam (support_at_securiteam.com)
Date: 02/26/04

  • Next message: SecuriTeam: "[NEWS] Oracle Database 9ir2 Interval Conversion Buffer Overflow" 
    To: list@securiteam.com
Date: 26 Feb 2004 14:49:48 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Host-side Attackers can Access Secret Data
    ------------------------------------------------------------------------

    SUMMARY

    On certain models and firmware combinations, an attacker who is able to
    issue commands to an HSM (eg, by having use or control of the host to
    which it is connected) may be able to access secret data stored in the
    module, including critical application keys.

    Modules with vulnerable firmware versions should be upgraded.

    DETAILS

    Who Is Affected:
    Summary table - PCI and SCSI HSMs:
     Firmware version Hardware version Product Status
      any any any AO[1] Not Relevant
      any nCxxx1x (1st gen) any KM Not Vulnerable
      1.66.x or earlier nCxxx2x (2nd gen) any KM Not Vulnerable
      1.67.x - 1.99.x nCxxx2x (2nd gen) any KM Vulnerable
      2.0.0 or later nCxxx2x (2nd gen) any KM See subsection
      2.0.x - 2.11.x nCxxx3x (3rd gen) any KM Not Vulnerable
      2.12.0 or later nCxxx3x (3rd gen) any KM See subsection

    Summary table - network-attached HSMs:
     Image version Hardware version and product Status
      2.0.x or earlier any ethernet-attached HSM Contact nCipher Support
      2.1.x or later any ethernet-attached HSM Not Vulnerable

    You are *not* affected if:
     - You are using acceleration-only nCipher modules (ie, modules without
    key storage facilities) [1]; or
     - You are using first-generation nCipher modules, hardware model numbers
    nCxxx1S and nCxxx1P;
     - You are using very old firmware (versions prior to 1.67.0);
     - You are using third-generation nCipher modules (hardware model numbers
    nCxxx3S and nCxxx3P) with firmware 2.11.x or earlier.
     - You have installed firmware introduced by nCipher to address this
    vulnerability (see `Remedy', below, for version numbers).

    You *are* affected if:
     - You have any second-generation module (nCxxx2W or nCxxx2P) with
    firmware later than or equal to version 1.67.0 and earlier than 2.0.0; or
     - You have a second-generation module (nCxxx2W or nCxxx2P) with firmware
    2.0.0 or later, and GeneralSEE is or could be enabled.
     - You have a third-generation modules (nCxxx3S and nCxxx3P) with firmware
    2.12.0 or later and GeneralSEE is or could be enabled.

    See subsection "nShield firmware later than 2.0.0/2.12.0, and GeneralSEE"
    below regarding the interaction of this vulnerability with the GeneralSEE
    feature set in firmware versions 2.0.0/2.12.0 and later.

    You are not presently affected, but we recommend that you upgrade, if:
     - You are using a module, with firmware 2.0.0 or later (nCxxx2x), or
    2.12.0 or later (nCxxx3x), and which has never had GeneralSEE enabled via
    an nCipher Feature Enable certificate.

    [1] nFast 800, and previous nFast products which provide only acceleration
    (`AO modules') and do not support key management are NOT affected. (Note
    that the name `nFast' has been used in the past to refer to key management
    products.) Only modules capable of key management (`KM modules') are
    affected.

    Technical Details:
    Due to an implementation error in certain versions of nCipher's HSM
    firmware, certain carefully constructed sequences of commands can yield
    access to secrets stored in the module's run-time memory. These secrets
    include infrastructure keys used for nCipher's Security World key
    management framework as well as application keys.

    Not all versions of nCipher's HSM firmware implement all the commands
    which are needed to exploit this vulnerability. Several necessary
    commands were originally made available on nCipher's `nForce' series of
    key-management HSMs, but were later bundled only with the CodeSafe (SEE)
    capability of the `nShield' series of HSMs.

    Impact:
    An attacker who can issue commands to the HSM, and is fully aware of the
    nature of the vulnerability, can acquire important secrets including the
    values of application keys.

    Typically, on a host-connected HSM, this would include any attacker who
    can run programs on the host either because they are an authorised user,
    or because they have successfully attacked the underlying host operating
    system or an exposed network application.

    How To Tell If You Are Affected:
    PCI and SCSI HSMs:
    Ensure all modules are in operational mode. Run the enquiry program
    (C:\nfast\bin\enquiry, or /opt/nfast/bin/enquiry) and examine the output.
    For each module, make the following checks:

    1. Ensure the `mode' field reads `operational'. If you are unsure how to
    place a module into Operational mode, contact nCipher Support.

    2. Examine the `version' field, which will be of the form A.B.C, where A,
    B and C are numbers. If the A field is 1, and the B field is a number
    less than or equal to 66, that module is *NOT* affected.

    3. Refer to the table in subsection 3, `Who Is Affected', above.

    Network-attached HSMs:
    Look at the LCD screen, which should be at the front page displaying
    `Operational mode' and `Image version: A.B.C' where A, B and C are
    numbers. If it displays something different, contact nCipher Support.

    If the image version is 2.1.x or later (A is 3 or more, or A is equal to 2
    and B is 1 or more), the module is *NOT* affected.

    If the image version is 2.0.x or earler (A is 1 or less, or A is equal to
    2 and B is 0), the module may be affected depending on other details of
    the installation - contact nCipher Support.

    nShield firmware later than 2.0.0/2.12.0, and GeneralSEE
    nCipher strongly recommends upgrades for nShield modules in the following
    regions: European Union, Australia, Canada, Czech Republic, Hungary,
    Japan, New Zealand, Norway, Poland, Switzerland, United States.

    nCipher strongly recommends upgrades for any other modules which have had
    or may have the GeneralSEE feature set enabled.

    nCipher advises precautionary upgrades for all modules with firmware
    versions listed as `See subsection' in the table, above.

    Discussion:
    From version 2.0.0 (2nd-generation nCipher modules, nCxxx2x) or 2.12.0
    (3rd generation, nCxxx3x), certain commands necessary to exploit the
    vulnerability were unbundled from nForce modules, and instead bundled with
    the CodeSafe (SEE) capability of nShield HSMs. In these later versions
    the vulnerability is present if the GeneralSEE feature set has been
    enabled.

    I.e., if the Status from the table in subsection 3, above, is `See
    subsection', then your HSM is vulnerable if it has had the GeneralSEE
    feature set enabled, as - in those firmware versions - vulnerable commands
    were bundled with GeneralSEE.

    GeneralSEE *is* authorised for your module if you have a Feature Enable
    smartcard from nCipher with the words `SEE Activation (EU+10)' printed
    under the `Features Enabled' heading.

    It is possible to determine from the enquiry results whether this feature
    set is currently installed in your HSM: check the `features
    enabled' field in the enquiry output. If this field contains `GeneralSEE'
    anywhere in the list, the module *is* affected. If (for a relevant
    firmware version) the `features enabled' field does not appear, or
    contains numeric flag values, contact nCipher support for assistance.

    However, it may be the case that GeneralSEE was authorised by nCipher but
    has not been installed in your module. In this case the attacker could
    enable the features first, using the nCipher Feature Enable Certificate,
    before carrying out the attack. Even if the Feature Enable Certificate
    was supplied by nCipher on a Feature Enable Smartcard, an attacker who
    obtains the card or a copy of its contents could install the feature set
    without physical access to the HSM and without interrupting operation.

    GeneralSEE is not made available for use except in a limited list of
    countries, for export control reasons. The HSM destination regions for
    which it may have been enabled are those listed in the Recommendation
    above. Likewise, the GeneralSEE feature set is rarely sold by nCipher for
    use on PayShield and nForce modules. It is routinely offered for use with
    nShield modules.

    Therefore, all nShield users in the regions listed should upgrade the
    firmware. Any HSM which has had GeneralSEE made available must be
    upgraded.

    Other users are advised to upgrade the firmware as a precautionary
    measure, even if the GeneralSEE flag is not currently set in their HSM and
    it is believed that the feature set has not been requested from or
    supplied by nCipher.

    Remedy:
    The only effective remedy for a vulnerable module is to upgrade the
    firmware to a version which contains a fix for the bug. A choice of
    upgrade versions is available, as follows:

      Vulnerable firmware versions Fixed firmware version(s)
      ---------------------------- -------------------------
      1.71.11, 1.71.15, 1.71.90 1.71.91

      1.75.15, 1.77.9, 1.77.93, 1.77.97 1.77.98

      1.79.12, 1.79.80, 1.79.81,
      2.0.0 to 2.0.4 2.0.5

      2.12.0, 2.12.2 2.12.6 (nCxxx2x modules)
                                          2.12.8 (nCxxx3x modules)

    Note that the upgrade files are configured so that once a module has been
    upgraded to a fixed version, it cannot be reverted to older vulnerable
    versions. Upgrading therefore permanently fixes the vulnerability.

    Each new version is functionally equivalent to its immediately preceding
    version (e.g. 1.77.98 is equivalent to 1.77.97), and contains only the
    required fixes for this vulnerability.

    After the firmware is upgraded, the HSM will need to be reindoctrinated
    into the appropriate Security World using the Security World Administrator
    Cards. The firmware upgrade and world programming can be performed using
    any host platform. Full details regarding upgrading firmware and
    programming modules is in the user documentation.

    ADDITIONAL INFORMATION

    The information has been provided by
    <mailto:technotifications@us.ncipher.com> nCipher Support.

    The original article can be found at:
    <http://www.ncipher.com/support/advisories/advisory9.htm>
    http://www.ncipher.com/support/advisories/advisory9.htm.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Oracle Database 9ir2 Interval Conversion Buffer Overflow"

    Relevant Pages