AOH :: HP Unsorted S :: B06-4724.HTM

SIP over TLS: X.509 peer authentication vulnerability in Ingate products



SIP over TLS: X.509 peer authentication vulnerability in Ingate products
SIP over TLS: X.509 peer authentication vulnerability in Ingate products



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SIP over TLS: X.509 peer authentication vulnerability in Ingate products
=======================================================================
Product: Ingate Firewall and Ingate SIParator
Versions: all current versions
Tracking ID: 2829

Summary
======
The OpenSSL project has released an advisory titled "RSA Signature
Forgery (CVE-2006-4339)".  This advisory possibly affects some
installations of Ingate Firewall and Ingate SIParator.

To be affected, you have to use an external CA and SIP over TLS.  See
below for details.

The IPsec implementation is not affected by this issue.

Impact
=====
It may be possible for an attacker to connect using SIP over TLS even
if an X.509 client certificate is required.  It may be possible for an
attacker to intercept connections to TLS-secured servers that the
Ingate product initiates.

Affected versions
================
All current versions of Ingate Firewall and Ingate SIParator are
affected.

Details
======
The vulnerability is only exploitable if an X.509 certificate uses an
RSA key with exponent 3.  The Ingate product never creates such keys
by itself, but if an external CA is used, and if that CA uses exponent
3, the configuration may be vulnerable.  Most CAs uses exponent 65537,
and certificates issued by them are not vulnerable.

SIP installations are vulnerable if any of the certificates in the
"TLS CA Certificates" table on the "Signaling Encryption" tab uses
exponent 3.

How to determine if an X.509 certificate uses exponent 3
=======================================================
If you have the OpenSSL package installed, you can examine a
certificate with a command such as this (assuming that the X.509
certificate is stored in PEM format in the file named "cert.cer").

    openssl x509 -inform pem -in cert.cer -text

Among the lines printed, there will be a line such as:

                Exponent: 65537 (0x10001)

If it says 3 instead of 65537 the certificate is vulnerable.

Workarounds
==========
Switch to a CA that don't use exponent 3.  If that is not possible,
turn off the SIP module.

Fix
==
Since Ingate believes that few of our customers use an external CA
that uses exponent 3, we plan to resolve this issue in the next
regular release. Contact  to obtain a patch that 
fixes this problem if you are affected.

Background
=========
The OpenSSL advisory is available here:

http://www.openssl.org/news/secadv_20060905.txt 

Further questions regarding this issue can be directed to
support@ingate.com. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFFCRhgTl5zjNKUYI4RAncPAJ0YvMYY9M9elI7Wtt5djt0ZzUg2TQCeKBe8
Gro5v7fwPMRlCU4Kxzj+M7A=iTB4
-----END PGP SIGNATURE-----

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.