-----BEGIN PGP SIGNED MESSAGE-----
SIP over TLS: X.509 peer authentication vulnerability in Ingate products
Product: Ingate Firewall and Ingate SIParator
Versions: all current versions
Tracking ID: 2829
The OpenSSL project has released an advisory titled "RSA Signature
Forgery (CVE-2006-4339)". This advisory possibly affects some
installations of Ingate Firewall and Ingate SIParator.
To be affected, you have to use an external CA and SIP over TLS. See
below for details.
The IPsec implementation is not affected by this issue.
It may be possible for an attacker to connect using SIP over TLS even
if an X.509 client certificate is required. It may be possible for an
attacker to intercept connections to TLS-secured servers that the
Ingate product initiates.
All current versions of Ingate Firewall and Ingate SIParator are
The vulnerability is only exploitable if an X.509 certificate uses an
RSA key with exponent 3. The Ingate product never creates such keys
by itself, but if an external CA is used, and if that CA uses exponent
3, the configuration may be vulnerable. Most CAs uses exponent 65537,
and certificates issued by them are not vulnerable.
SIP installations are vulnerable if any of the certificates in the
"TLS CA Certificates" table on the "Signaling Encryption" tab uses
How to determine if an X.509 certificate uses exponent 3
If you have the OpenSSL package installed, you can examine a
certificate with a command such as this (assuming that the X.509
certificate is stored in PEM format in the file named "cert.cer").
openssl x509 -inform pem -in cert.cer -text
Among the lines printed, there will be a line such as:
Exponent: 65537 (0x10001)
If it says 3 instead of 65537 the certificate is vulnerable.
Switch to a CA that don't use exponent 3. If that is not possible,
turn off the SIP module.
Since Ingate believes that few of our customers use an external CA
that uses exponent 3, we plan to resolve this issue in the next
regular release. Contact