Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: ciacl141.txt

RSA BSAFE SSL-J 3 x Vulnerability




             __________________________________________________________

                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                       RSA BSAFE SSL-J 3.x Vulnerability
                    [RSA Security Bulletin, September 2001]

September 12, 2001 23:00 GMT                                      Number L-141
______________________________________________________________________________
PROBLEM:       A vulnerability exists in the RSA BSAFE SSL-J 3.x Software 
               Development Kit that allows SSL sessions to open without 
               authentication of the remote user. Any software that uses this 
               library to create encrypted SSL sessions with remote users is 
               vulnerable. Unauthenticated users may get access to these 
               systems. 
PLATFORM:      Any software package that was developed with the RSA BSAFE 
               SSL-J Software Development Kit libraries versions 3.0, 3.0.1, 
               and 3.1.
               Programs developed with these libraries:
                 Cisco: iCDN 2.0 (Internet Content Distribution Network) 
DAMAGE:        Remote users could get unauthenticated access to a system 
               through the encrypted SSL link. 
SOLUTION:      Developers using RSA BSAFE SSL_J 3.x libraries should apply the 
               patches or upgrade to version 3.1.1 of the library. Users of 
               CISCO iCDN 2.0 should upgrade to version 2.0.1 
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. Unauthenticated users may gain access to a 
ASSESSMENT:    system. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/l-141.shtml
 ORIGINAL BULLETIN:  RSA: http://www.rsasecurity.com/products/bsafe/
                          bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
                     CISCO: http://www.cisco.com/warp/public/707/
                          SSL-J-pub.html
 PATCHES:            RSA BSAFE SSL-J 3.x Patches and Updates
                       Guide to Updating RSA BSAFE SSL-J 3.x Toolkits
                         http://www.rsasecurity.com/products/bsafe/bulletins
                           /Guide_to_Updating_SSL-J_3.x_Toolkits.pdf
                       Binary and Source Code Security Patches for RSA
                         BSAFE SSL-J 3.1
                         https://www.rsasecurity.com.au/download
                           /sslj-patch/3.1/index.html
                       Binary Security Patch for RSA BSAFE SSL-J 3.0.1
                         http://www.rsasecurity.com/products/bsafe/bulletins
                           /patches/sslj301pat.zip
                       Source Code Security Patch for RSA BSAFE SSL-J 3.0.1
                         http://www.rsasecurity.com/products/bsafe/bulletins
                           /patches/sslj301patsrc.zip
                       RSA BSAFE SSL-J 3.0.1 Binary Release
                           http://www.rsasecurity.com/products/bsafe/bulletins
                             /patches/Sslj301.zip
                     CISCO iCDN: 
                       http://www.cisco.com/warp/public/707/SSL-J-pub.html
______________________________________________________________________________

[***** Start RSA Security Bulletin, September 2001 *****]

RSA Security Bulletin

Subject: Security Patch Released for RSA BSAFE SSL-J 3.x
Posted: September 2001

Summary 
=======

The problem affects server-side SSL in client authentication mode only when
using RSA BSAFE SSL-J versions 3.0, 3.0.1 or 3.1. The problem does not affect
clients. The problem does not impact servers that do not use client
authentication.

The SSL protocol provides for caching of SSL sessions between subsequent
connections by the same user. Due to a bug in the SSL session caching feature
implemented in RSA BSAFE SSL-J versions 3.x, unauthorized clients may be able
to impersonate authorized clients, thus potentially gaining access to data
intended only for authorized users. The vulnerability does not give the
attacker super-user or "root" privileges on the server.

RSA Security has provided an easy migration path and downloadable patches for
customers who are at risk. This bulletin describes the immediate steps you
should take to ensure that your applications remain protected from malicious
attackers.

Problem Description
===================

What is SSL session caching?
----------------------------

The SSL protocol contains provisions to perform fast reconnections once
an initial connection has been performed. The SSL protocol does this
be creating an SSL session, identified by a session ID. This permits
client applications to reconnect to the server by specifying the same
session ID used in earlier transactions. When a client presents a valid
session ID, a much shorter SSL connection setup is performed. This results
in faster connection times and a reduction in processing overhead for
server applications.

How does RSA BSAFE SSL-J handle SSL sessions?
---------------------------------------------

As part of its implementation of the server-side of the SSL protocol,
RSA BSAFE SSL-J maintains a cache of sessions established previously
with client applications. The sessions eventually time out and are 
removed from the cache. A client attempting to reconnect after its 
session has timed out must renegotiate a full SSL handshake. This 
behavior is expected under the SSL specifications.

What is client authentication mode?
-----------------------------------

When the SSL protocol is in client authentication mode, the client 
must present a valid certificate during the connection setup to prove 
its identity to the server. This authentication is skipped if the 
client presents a valid session ID (see above), since the client must 
have already been authenticated during the first connection that 
initiated the session.

The caching problem
-------------------

This problem occurs only in RSA BSAFE SSL-J 3.x when using server-side 
SSL in client authentication mode.

If an error occurs while the handshake is being performed, the 
session's ID might, under certain conditions, be stored in the cache 
rather than being discarded. If the same client then attempts a second 
connection, the session ID will already be in the server cache and the 
shorter version of the SSL handshake will be performed. Consequently, the 
client authentication phase will be skipped and the connection will proceed 
as if the client has been successfully authenticated.

The consequences of the vulnerability
-------------------------------------

This security vulnerability could allow an attacker to circumvent the 
SSL client authentication mechanism on servers using RSA BSAFE SSL-J 
3.x. The attacker might then subsequently gain unauthorized access to 
data that otherwise would have been secured by the RSA BSAFE SSL-J 
for the server application.

When does the problem occur?
----------------------------

Only versions 3.0, 3.0.1, or 3.1 of RSA BSAFE SSL-J used for 
client-authenticated server SSL applications are affected.

When does the problem not occur?
--------------------------------

The following users are not affected by the problem:
Users of RSA BSAFE SSL-J 1.x and 2.x.
Users of RSA BSAFE SSL-J 3.1.1 or 4.0 beta 2 or higher.
Client applications built with RSA BSAFE SSL-J, irrespective of the RSA 
BSAFE SSL-J version number, including all versions of RSA BSAFE 
SSL-J 3.x.  Server applications built with SSL-J not utilizing client 
authentication, irrespective of the RSA BSAFE SSL-J version number, 
including all versions of RSA BSAFE SSL-J 3.x.

Solution
========

Customers with active maintenance agreements and who currently use an 
affected version of RSA BSAFE SSL-J are recommended to upgrade to the 
latest release version of RSA BSAFE SSL-J. The current release version 
is RSABSAFE SSL-J 3.1.1.

Customers not currently on active maintenance contracts and who 
currently use an affected version are recommended to do the following:

Customers using RSA BSAFE SSL-J 3.0
-----------------------------------
Download and install the no-cost RSA BSAFE SSL-J 3.0.1 upgrade.
Download and apply RSA BSAFE SSL-J 3.0.1 Patch 1 to the RSA BSAFE 
SSL-J 3.0.1 distribution.

Customers using RSA BSAFE SSL-J 3.0.1
-------------------------------------

Download and apply RSA BSAFE SSL-J 3.0.1 Patch 1 to the RSA BSAFE 
SSL-J 3.0.1 distribution.

Customers using RSA BSAFE SSL-J 3.1
-----------------------------------

Either:

Download and apply RSA BSAFE SSL-J 3.1 Patch 11 to a clean installation 
of RSA BSAFESSL-J 3.1. If the customer has already applied patches to 
the RSA BSAFE SSL-J 3.1, please reinstall a RSA BSAFE SSL-J 3.1 from 
the distribution medium prior to installing Patch 11.

If the customer has a current maintenance contract, the customer can 
request a copy of the current RSA BSAFE SSL-J 3.1.1 release through 
their account manager. RSA BSAFE SSL-J 3.1.1 does not have this bug.

Download
========

The above patches can be downloaded from: 
http://www.rsasecurity.com/support/bsafe/index.html

The patches are encrypted. Decryption passwords will be provided to you 
by your RSA Account Manager. Please call RSA Security at 650-295-7600 
and ask for the sales department if you have not yet received the 
passwords. 

RSA Security encourages customers to install the respective patch to 
proactively prevent security problems. RSA Security continues to make 
all possible efforts to ensure our products meet the highest levels 
quality and standards our customers expect.

Getting Support and Services
============================

General Technical Support Information: 
http://www.rsasecurity.com/support
SecurCareŽ Online: http://www.rsasecurity.com/support/securcare
Technical Support Telephone Numbers: 
http://www.rsasecurity.com/support/news/tollfree.html 

Credits
=======
RSA Security's customer Cisco Systems detected the bug during internal 
testing. RSA is not aware of any security breaches resulting from this 
bug. 

RSA BSAFE SSL-J 3.x Patches and Updates
=======================================

Guide to Updating RSA BSAFE SSL-J 3.x Toolkits
http://www.rsasecurity.com/products/bsafe/bulletins/
  Guide_to_Updating_SSL-J_3.x_Toolkits.pdf

Binary and Source Code Security Patches for RSA BSAFE SSL-J 3.1
https://www.rsasecurity.com.au/download/sslj-patch/3.1/index.html

Binary Security Patch for RSA BSAFE SSL-J 3.0.1
http://www.rsasecurity.com/products/bsafe/bulletins/patches
       /sslj301pat.zip

Source Code Security Patch for RSA BSAFE SSL-J 3.0.1
http://www.rsasecurity.com/products/bsafe/bulletins/patches
       /sslj301patsrc.zip

RSA BSAFE SSL-J 3.0.1 Binary Release
http://www.rsasecurity.com/products/bsafe/bulletins/patches
       /Sslj301.zip

[***** End RSA Security Bulletin, September 2001 *****]

_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of RSA Security and CISCO for the 
information contained in this bulletin.
_______________________________________________________________________________


CIAC, the Computer Incident Advisory Center, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

L-131: IBM AIX telnetd Buffer Overflow
L-132: Microsoft Cumulative Patch for IIS
L-133: Sendmail Debugger Arbitrary Code Execution Vulnerability
L-134: HP  Security Vulnerability in rlpdaemon
L-135: SGI File Globbing Vulnerability in ftpd
L-136: HP-UX Security Vulnerability in PRM
L-137: FreeBSD lpd Remote Root Vulnerability
L-138: Gauntlet Firewall CSMAP and smap/smapd Buffer Overflow Vulnerability
L-139: Microsoft IIS "%u encoding IDS bypass vulnerability" 
L-140: Gauntlet Firewall CSMAP and smap/smapd Buffer Overflow Vulnerability



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH