__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Center
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
RSA BSAFE SSL-J 3.x Vulnerability
[RSA Security Bulletin, September 2001]
September 12, 2001 23:00 GMT Number L-141
______________________________________________________________________________
PROBLEM: A vulnerability exists in the RSA BSAFE SSL-J 3.x Software
Development Kit that allows SSL sessions to open without
authentication of the remote user. Any software that uses this
library to create encrypted SSL sessions with remote users is
vulnerable. Unauthenticated users may get access to these
systems.
PLATFORM: Any software package that was developed with the RSA BSAFE
SSL-J Software Development Kit libraries versions 3.0, 3.0.1,
and 3.1.
Programs developed with these libraries:
Cisco: iCDN 2.0 (Internet Content Distribution Network)
DAMAGE: Remote users could get unauthenticated access to a system
through the encrypted SSL link.
SOLUTION: Developers using RSA BSAFE SSL_J 3.x libraries should apply the
patches or upgrade to version 3.1.1 of the library. Users of
CISCO iCDN 2.0 should upgrade to version 2.0.1
______________________________________________________________________________
VULNERABILITY The risk is HIGH. Unauthenticated users may gain access to a
ASSESSMENT: system.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/l-141.shtml
ORIGINAL BULLETIN: RSA: http://www.rsasecurity.com/products/bsafe/
bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
CISCO: http://www.cisco.com/warp/public/707/
SSL-J-pub.html
PATCHES: RSA BSAFE SSL-J 3.x Patches and Updates
Guide to Updating RSA BSAFE SSL-J 3.x Toolkits
http://www.rsasecurity.com/products/bsafe/bulletins
/Guide_to_Updating_SSL-J_3.x_Toolkits.pdf
Binary and Source Code Security Patches for RSA
BSAFE SSL-J 3.1
https://www.rsasecurity.com.au/download
/sslj-patch/3.1/index.html
Binary Security Patch for RSA BSAFE SSL-J 3.0.1
http://www.rsasecurity.com/products/bsafe/bulletins
/patches/sslj301pat.zip
Source Code Security Patch for RSA BSAFE SSL-J 3.0.1
http://www.rsasecurity.com/products/bsafe/bulletins
/patches/sslj301patsrc.zip
RSA BSAFE SSL-J 3.0.1 Binary Release
http://www.rsasecurity.com/products/bsafe/bulletins
/patches/Sslj301.zip
CISCO iCDN:
http://www.cisco.com/warp/public/707/SSL-J-pub.html
______________________________________________________________________________
[***** Start RSA Security Bulletin, September 2001 *****]
RSA Security Bulletin
Subject: Security Patch Released for RSA BSAFE SSL-J 3.x
Posted: September 2001
Summary
=======
The problem affects server-side SSL in client authentication mode only when
using RSA BSAFE SSL-J versions 3.0, 3.0.1 or 3.1. The problem does not affect
clients. The problem does not impact servers that do not use client
authentication.
The SSL protocol provides for caching of SSL sessions between subsequent
connections by the same user. Due to a bug in the SSL session caching feature
implemented in RSA BSAFE SSL-J versions 3.x, unauthorized clients may be able
to impersonate authorized clients, thus potentially gaining access to data
intended only for authorized users. The vulnerability does not give the
attacker super-user or "root" privileges on the server.
RSA Security has provided an easy migration path and downloadable patches for
customers who are at risk. This bulletin describes the immediate steps you
should take to ensure that your applications remain protected from malicious
attackers.
Problem Description
===================
What is SSL session caching?
----------------------------
The SSL protocol contains provisions to perform fast reconnections once
an initial connection has been performed. The SSL protocol does this
be creating an SSL session, identified by a session ID. This permits
client applications to reconnect to the server by specifying the same
session ID used in earlier transactions. When a client presents a valid
session ID, a much shorter SSL connection setup is performed. This results
in faster connection times and a reduction in processing overhead for
server applications.
How does RSA BSAFE SSL-J handle SSL sessions?
---------------------------------------------
As part of its implementation of the server-side of the SSL protocol,
RSA BSAFE SSL-J maintains a cache of sessions established previously
with client applications. The sessions eventually time out and are
removed from the cache. A client attempting to reconnect after its
session has timed out must renegotiate a full SSL handshake. This
behavior is expected under the SSL specifications.
What is client authentication mode?
-----------------------------------
When the SSL protocol is in client authentication mode, the client
must present a valid certificate during the connection setup to prove
its identity to the server. This authentication is skipped if the
client presents a valid session ID (see above), since the client must
have already been authenticated during the first connection that
initiated the session.
The caching problem
-------------------
This problem occurs only in RSA BSAFE SSL-J 3.x when using server-side
SSL in client authentication mode.
If an error occurs while the handshake is being performed, the
session's ID might, under certain conditions, be stored in the cache
rather than being discarded. If the same client then attempts a second
connection, the session ID will already be in the server cache and the
shorter version of the SSL handshake will be performed. Consequently, the
client authentication phase will be skipped and the connection will proceed
as if the client has been successfully authenticated.
The consequences of the vulnerability
-------------------------------------
This security vulnerability could allow an attacker to circumvent the
SSL client authentication mechanism on servers using RSA BSAFE SSL-J
3.x. The attacker might then subsequently gain unauthorized access to
data that otherwise would have been secured by the RSA BSAFE SSL-J
for the server application.
When does the problem occur?
----------------------------
Only versions 3.0, 3.0.1, or 3.1 of RSA BSAFE SSL-J used for
client-authenticated server SSL applications are affected.
When does the problem not occur?
--------------------------------
The following users are not affected by the problem:
Users of RSA BSAFE SSL-J 1.x and 2.x.
Users of RSA BSAFE SSL-J 3.1.1 or 4.0 beta 2 or higher.
Client applications built with RSA BSAFE SSL-J, irrespective of the RSA
BSAFE SSL-J version number, including all versions of RSA BSAFE
SSL-J 3.x. Server applications built with SSL-J not utilizing client
authentication, irrespective of the RSA BSAFE SSL-J version number,
including all versions of RSA BSAFE SSL-J 3.x.
Solution
========
Customers with active maintenance agreements and who currently use an
affected version of RSA BSAFE SSL-J are recommended to upgrade to the
latest release version of RSA BSAFE SSL-J. The current release version
is RSABSAFE SSL-J 3.1.1.
Customers not currently on active maintenance contracts and who
currently use an affected version are recommended to do the following:
Customers using RSA BSAFE SSL-J 3.0
-----------------------------------
Download and install the no-cost RSA BSAFE SSL-J 3.0.1 upgrade.
Download and apply RSA BSAFE SSL-J 3.0.1 Patch 1 to the RSA BSAFE
SSL-J 3.0.1 distribution.
Customers using RSA BSAFE SSL-J 3.0.1
-------------------------------------
Download and apply RSA BSAFE SSL-J 3.0.1 Patch 1 to the RSA BSAFE
SSL-J 3.0.1 distribution.
Customers using RSA BSAFE SSL-J 3.1
-----------------------------------
Either:
Download and apply RSA BSAFE SSL-J 3.1 Patch 11 to a clean installation
of RSA BSAFESSL-J 3.1. If the customer has already applied patches to
the RSA BSAFE SSL-J 3.1, please reinstall a RSA BSAFE SSL-J 3.1 from
the distribution medium prior to installing Patch 11.
If the customer has a current maintenance contract, the customer can
request a copy of the current RSA BSAFE SSL-J 3.1.1 release through
their account manager. RSA BSAFE SSL-J 3.1.1 does not have this bug.
Download
========
The above patches can be downloaded from:
http://www.rsasecurity.com/support/bsafe/index.html
The patches are encrypted. Decryption passwords will be provided to you
by your RSA Account Manager. Please call RSA Security at 650-295-7600
and ask for the sales department if you have not yet received the
passwords.
RSA Security encourages customers to install the respective patch to
proactively prevent security problems. RSA Security continues to make
all possible efforts to ensure our products meet the highest levels
quality and standards our customers expect.
Getting Support and Services
============================
General Technical Support Information:
http://www.rsasecurity.com/support
SecurCareŽ Online: http://www.rsasecurity.com/support/securcare
Technical Support Telephone Numbers:
http://www.rsasecurity.com/support/news/tollfree.html
Credits
=======
RSA Security's customer Cisco Systems detected the bug during internal
testing. RSA is not aware of any security breaches resulting from this
bug.
RSA BSAFE SSL-J 3.x Patches and Updates
=======================================
Guide to Updating RSA BSAFE SSL-J 3.x Toolkits
http://www.rsasecurity.com/products/bsafe/bulletins/
Guide_to_Updating_SSL-J_3.x_Toolkits.pdf
Binary and Source Code Security Patches for RSA BSAFE SSL-J 3.1
https://www.rsasecurity.com.au/download/sslj-patch/3.1/index.html
Binary Security Patch for RSA BSAFE SSL-J 3.0.1
http://www.rsasecurity.com/products/bsafe/bulletins/patches
/sslj301pat.zip
Source Code Security Patch for RSA BSAFE SSL-J 3.0.1
http://www.rsasecurity.com/products/bsafe/bulletins/patches
/sslj301patsrc.zip
RSA BSAFE SSL-J 3.0.1 Binary Release
http://www.rsasecurity.com/products/bsafe/bulletins/patches
/Sslj301.zip
[***** End RSA Security Bulletin, September 2001 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of RSA Security and CISCO for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Center, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
L-131: IBM AIX telnetd Buffer Overflow
L-132: Microsoft Cumulative Patch for IIS
L-133: Sendmail Debugger Arbitrary Code Execution Vulnerability
L-134: HP Security Vulnerability in rlpdaemon
L-135: SGI File Globbing Vulnerability in ftpd
L-136: HP-UX Security Vulnerability in PRM
L-137: FreeBSD lpd Remote Root Vulnerability
L-138: Gauntlet Firewall CSMAP and smap/smapd Buffer Overflow Vulnerability
L-139: Microsoft IIS "%u encoding IDS bypass vulnerability"
L-140: Gauntlet Firewall CSMAP and smap/smapd Buffer Overflow Vulnerability
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
