SA74 : OpenSSL and NSS Client Renegotiation DDOS (CVE-2011-1473, CVE-2011-5094)
SUMMARY
Both OpenSSL and NSS do not restrict client-initiated renegotiation within the SSL and TLS protocols, making it easier for remote attackers to cause a denial of service by performing many renegotiations within a single connection. Blue Coat products that use OpenSSL or NSS and do not limit client-initiated renegotiation are vulnerable to denial-of-service (DOS) attacks.
AFFECTED PRODUCTS
The following products are vulnerable:
BCAAA
All versions of BCAAA include a vulnerable version of OpenSSL from the Novell SSO SDK. BCAAA 6.1 and prior versions do not use OpenSSL to act as an SSL/TLS server, so they are not vulnerable to known vectors of attack.
Content Analysis System
All versions of CAS prior to 1.3.7.1 are vulnerable through the ICAP interface. The management interface provided using Tomcat has renegotiation disabled and hence is not vulnerable. CAS 2.1 and later releases are not vulnerable.
Director
All versions prior to 6.1.13.1 are vulnerable.
IntelligenceCenter
All versions of IntelligenceCenter are vulnerable to CVE-2011-1473.
Malware Analysis Appliance
All versions of MAA allow client renegotiation. However, the number of renegotiation attempts are limited to three times every 10 minutes, and are therefore not vulnerable to a DDOS attack.
Malware Analyzer G2
All versions of MAG2 allow client renegotiation. However, the number of renegotiation attempts are limited to three times every 10 minutes, and are therefore not vulnerable to a DDOS attack.
Management Center
All versions of MC include vulnerable versions of OpenSSL and NSS. MC 1.7, 1.8, 1.9, 1.10 and 1.11 are vulnerable to CVE-2011-1473. MC 1.6 and prior versions do not use OpenSSL and NSS to act as an SSL/TLS server, so they are not vulnerable to known vectors of attack. MC 2.0 and later releases are not vulnerable.
Norman Shark Industrial Control System Protection
All versions of ICSP are vulnerable through the administrative interface.
Norman Shark Network Protection
All versions of NNP are vulnerable through the administrative interface.
Norman Shark SCADA Protection
All versions of NSP are vulnerable through the administrative interface.
PacketShaper
All versions of PacketShaper are vulnerable to CVE-2011-1473.
PacketShaper S-Series
PacketShaper S-Series 11.2 and later releases are vulnerable to CVE-2011-1473.
PolicyCenter
All versions of PolicyCenter are vulnerable to CVE-2011-1473.
PolicyCenter S-Series
PolicyCenter S-Series 1.1 is vulnerable to CVE-2011-1473.
ProxyAV
All versions of ProxyAV are vulnerable through the ICAP interface and the management interface.
ProxySG
SGOS 5.5, 6.1, 6.2 prior to 6.2.14.1, 6.4 prior to 6.4.5.1, and 6.5 prior to 6.5.2.1 allow a limited number of client renegotiation for forward proxy, reverse proxy, and management connections. No version of SGOS is vulnerable to a traditional DoS attack. SGOS enabling forward proxy is vulnerable to a non-traditional DoS attack. SGOS 6.6 and 6.7 are not vulnerable.
Reporter
All versions of Reporter prior to 10.3.1.1 are vulnerable to CVE-2011-1473.
X-Series XOS
All versions of XOS include vulnerable versions of OpenSSL and NSS.
Patches
BCAAA
A fix will not be provided. An updated Novell SSO SDK is no longer available. Please contact Novell for more information.
Content Analysis System
CAS 1.3 - a fix is available in 1.3.7.1.
CAS 1.2 - a fix will not be provided. Please upgrade to a later version with the vulnerability fix.
CAS 1.1 - a fix will not be provided. Please upgrade to a later version with the vulnerability fix.
Director
Director 6.1 - a fix is available in 6.1.13.1.
Directory 5.x - a fix will not be provided. Please upgrade to a later version with the vulnerability fix.
IntelligenceCenter
IC 3.x - a fix will not be provided. NetDialog NetX is a replacement product for IntelligenceCenter. Please switch to a version of NetX with the vulnerability fixes.
Management Center
MC 2.0 - a fix is available in 2.0.1.1.
MC 1.11 - a fix will not be provided. Please upgrade to a later version with the vulnerability fix.
MC 1.10 - a fix will not be provided. Please upgrade to a later version with the vulnerability fix.
MC 1.9 - a fix will not be provided. Please upgrade to a later version with the vulnerability fix.
MC 1.8 - a fix will not be provided. Please upgrade to a later version with the vulnerability fix.
MC 1.7 - a fix will not be provided. Please upgrade to a later version with the vulnerability fix.
MC 1.6 and prior - a fix will not be provided. MC 1.6 and prior versions do not use OpenSSL and NSS to act as an SSL/TLS server, so they are not vulnerable to known vectors of attack.
Norman Shark Industrial Control System Protection
A patch will not be provided. Restrict access to the administrative interface as described in the Workarounds section.
Norman Shark Network Protection
A patch will not be provided. Restrict access to the administrative interface as described in the Workarounds section.
Norman Shark SCADA Protection
A patch will not be provided. Restrict access to the administrative interface as described in the Workarounds section.
PacketShaper
All versions - a fix will not be provided. Allot Secure Service Gateway (SSG) is a replacement product for PacketShaper. Please switch to a version of SSG with the vulnerability fix.
PacketShaper S-Series
All versions - a fix will not be provided. Allot Secure Service Gateway (SSG) is a replacement product for PacketShaper S-Series. Please switch to a version of SSG with the vulnerability fix.
PolicyCenter
All versions - a fix will not be provided. Allot NetXplorer is a replacement product for PolicyCenter. Please switch to a version of NetXplorer with the vulnerability fix.
PolicyCenter S-Series
All versions - a fix will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Please switch to a version of NetXplorer with the vulnerability fix.
ProxyAV
ProxyAV 3.5 - a fix will not be provided. Restrict access to the administrative interface as described in the Workarounds section, or upgrade to a version of Content Analysis System with the vulnerability fix.
ProxyAV 3.4 - a fix will not be provided. Restrict access to the administrative interface as described in the Workarounds section, or upgrade to a version of Content Analysis System with the vulnerability fix.
ProxySG
The following versions completely disable client renegotiation.
SGOS 6.5 - a fix is available in 6.5.2.1 and later versions.
SGOS 6.4 - a fix is available in 6.4.5.1 and later versions.
SGOS 6.3 - please upgrade to a later release with the vulnerability fix.
SGOS 6.2 - a fix is available in 6.2.14.1 and later versions.
SGOS 6.1 - please upgrade to a later release with the vulnerability fix.
SGOS 5.5 - please upgrade to a later release with the vulnerability fix.
Reporter
Reporter 10.3 - a fix is available in 10.3.1.1.
Reporter 10.2 - please upgrade to a later release with the vulnerability fix.
Reporter 10.1 - please upgrade to a later release with the vulnerability fix.
Reporter 9.5 and earlier - please upgrade to a later release with the vulnerability fix.
X-Series XOS
A fix will not be provided. Restrict access to the administrative interface as described in the Workarounds section.
Fixes for products are available to customers with a valid Blue Touch Online login.
ADDITIONAL PRODUCT INFORMATION
The following products are not vulnerable:
Advanced Secure Gateway
Android Mobile Agent
AuthConnector
CacheFlow
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
K9
Mail Threat Defense
ProxyAV ConLog and ConLogXP
ProxyClient
Security Analytics
SSL Visibility
Unified Agent
Web Isolation
Blue Coat no longer provides vulnerability information for the following products:
DLP
Please contact Digital Guardian technical support regarding vulnerability information for DLP.
ISSUES
OpenSSL allows clients and servers to renegotiate the cipher suite and keys used for the SSL/TLS connection. The ability to renegotiate cipher suites allows a client and server to upgrade or downgrade the algorithms used, and to periodically change the keys being used to encrypt the connection. A client can over-use the renegotiation capability to cause a denial of service attack. Client-initiated renegotiation can be limited by the application using OpenSSL, or can be disabled completely.
CVE-2011-5094 documents the same vulnerability in Mozilla Network Security Services (NSS).
ProxyAV is vulnerable to denial of service attacks through ICAP and the management interface. Blue Coat recommends that ProxyAV be deployed such that the administrative interface is limited to internal, trusted networks. These limitations reduce the CVSS v2 base score to 3.3 (AV:A/AC:L/Au:N/C:P/I:P/A:P).
All versions of SGOS limit the number of renegotiation attempts made by the client and are not vulnerable to a traditional denial of service attack where a client completes the SSL/TLS handshake and then continuously renegotiates during the session. The session is terminated after the third client initiated renegotiation. Forward proxy is vulnerable to a non-traditional DoS attack where the client completes the SSL/TLS handshake, performs an operation, and then initiates a renegotiation. In this scenario, SGOS is vulnerable to a denial of service attack.
MITIGATION
For Norman Shark NNP and ICSP, limit access to the administrative interfaces to trusted clients on internal IP addresses.
Restrict access to the ProxySG Management Console to authorized systems using access control lists (ACLs). For instructions, refer to “Restricting Management Console Access through the Console Access Control List” in the SGOS Administration Guide for your version of SGOS.
Restrict access to CAS and ProxyAV administration capabilities to known, authorized systems.
REFERENCES
CVE-2011-1473 – https://nvd.nist.gov/vuln/detail/CVE-2011-1473
REVISION
2020-04-03 A fix for IntelligenceCenter will not be provided. NetDialog NetX is a replacement product for IntelligenceCenter. Please switch to a version of NetX with the vulnerability fix. Fixes for PacketShaper and PacketShaper S-Series will not be provided. Allot Secure Service Gateway (SSG) is a replacement product for PacketShaper. Please switch to a version of SSG with the vulnerability fix. Fixes for PolicyCenter and PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter. Please switch to a version of NetXplorer with the vulnerability fix. Advisory status moved to Closed.
2020-01-15 A fix for ProxyAV will not be provided. Please upgrade to a version of Content Analysis System with the vulnerability fixes.
2019-10-10 A fix for PacketShaper 9.2 will not be provided. Please upgrade to a version of PacketShaper S-Series with the vulnerabiilty fixes. A fix for PolicyCenter 9.2 will not be provided. Please upgrade to a version of PolicyCenter S-Series with the vulnerabiilty fixes.
2019-10-07 Web Isolation is not vulnerable.
2019-08-07 A fix for Reporter 10.1 and 10.2 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2019-08-06 A fix for Reporter 9.5 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2019-01-14 MC 2.1 is not vulnerable. A fix will not be provided for MC 1.11. Please upgrade to a later version with the vulnerability fixes. Reporter 10.3 is not vulnerable because a fix is available in 10.3.1.1.
2018-07-24 MC 2.0 is not vulnerable because a fix is available in 2.0.1.1.
2018-04-22 PS S-Series 11.10 is vulnerable to CVE-2011-1473.
2017-11-16 A fix for PS S-Series 11.7 and 11.8 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2017-11-07 MC 1.11 is vulnerable to CVE-2011-1473. A fix for CVE-2011-1473 in MC 1.10 will not be provided. Please upgrade to a later version with the vulnerability fix.
2017-07-24 PacketShaper S-Series 11.9 is vulnerable to CVE-2011-1473. A fix is not available at this time.
2017-07-20 MC 1.10 is vulnerable to CVE-2011-1473. A fix for CVE-2011-1473 in MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fix.
2017-06-05 PacketShaper S-Series 11.7 and 11.8 are vulnerable to CVE-2011-1473. A fix is not available at this time.
2017-05-16 CAS 2.1 is not vulnerable.
2017-03-06 ProxySG 6.7 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-09-15 Advanced Secure Gateway is not vulnerable.
2016-08-17 ProxySG 6.6 is not vulnerable. Security Analytics is not vulnerable.
2016-08-12 A fix for CAS 1.3 is available in 1.3.7.1.
2016-07-15 Previously it was reported that SSLV is vulnerable to CVE-2011-1473. Further investigation has shown that SSLV is not vulnerable because it disables client-initiated SSL renegotiation.
2016-06-30 PacketShaper S-Series 11.6 is vulnerable to CVE-2011-1473. A fix is not available at this time. A fix for PacketShaper S-Series 11.5 will not be provided.
2016-06-26 Clarified that PacketShaper S-Series 11.2, 11.3, 11.4, and 11.5 are vulnerable to CVE-2011-1473. Fixes will not be provided for 11.2, 11.3, and 11.4. A fix for 11.5 is not available at this time.
2016-06-16 PolicyCenter S-Series is vulnerable to CVE-2011-1473. A fix is not available at this time.
2016-06-06 All versions of BCAAA include a vulnerable version of OpenSSL from the Novell SSO SDK. BCAAA 6.1 and prior versions do not use OpenSSL to act as an SSL/TLS server, so they are not vulnerable to known vectors of attack. A fix will not be provided. An updated Novell SSO SDK is no longer available. Please contact Novell for more information.
2016-06-01 Previously it was reported that a fix for MC is available in 1.3.2.1. Further investigation has shown that all versions of MC have vulnerable versions of OpenSSL and NSS. However, MC 1.3.6.1 and prior versions do not use OpenSSL or NSS to act as an SSL/TLS server and thus are not vulnerable to known vectors of attack. A patch for MC will not be provided.
2016-05-23 Android Mobile Agent, Client Connector, ProxyClient and Unified Agent are not vulnerable.
2016-05-22 AuthConnector and General Auth Connector Login Application are not vulnerable.
2016-05-21 K9 is not vulnerable.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-05-06 Mail Threat Defense is not vulnerable.
2016-03-09 ProxyAV ConLog and ConLogXP are not vulnerable.
2016-01-19 CacheFlow is not vulnerable. It was previously reported as vulnerable, but further investigation found that it is not vulnerable.
2015-10-02 ProxyAV management interface is vulnerable
2015-10-01 Clarified ProxySG behavior and the fixes provided
2015-09-30 ProxyAV and CAS are vulnerable through the ICAP interface
2015-07-02 Fix will not be provided for X-Series XOS. Red Hat lists this as disputed and indicates no plans to fix.
2015-06-08 Fix for Director is available
2015-03-12 Fix for MC is available
2015-03-11 Fix will not be provided for SGOS 5.5; CacheFlow is vulnerable
2015-03-04 PacketShaper, IntelligenceCenter, and PolicyCenter are vulnerable
2014-02-24 Reporter is vulnerable
2014-02-24 CAS and ProxyAV are only vulnerable through the management interface, a workaround is provided and not fixes will be provided
2014-02-19 Updated to reflect SGOS vulnerability in forward proxy and fixes available; PS 11.x is vulnerable.
2015-01-26 Fix for CAS will come in 1.2 version only. Fix for ProxyAV will come in the 3.5 version only.
2015-01-21 CAS and ProxyAV are vulnerable
2014-12-22 Included NSS CVE with OpenSSL CVE, MC is vulnerable, XOS contains vulnerable versions of OpenSSL and NSS, SA is not vulnerable, MAA and MAG2 are not vulnerable, added NSP as remediated
2014-12-22 no further fixes are needed for SGOS as SGOS limits client-initiated renegotiations to prevent against a successful DDOS attacks
2014-12-03 MAA and MAG2 not vulnerable, Director is vulnerable, NNP and ICSP are vulnerable
2014-11-17 Updated to correctly state behavior of SGOS, clarified the vulnerability
2013-11-29 Updated release information for 6.4.x.
2013-11-19 Updated patch information for 6.4.x.
2013-09-09 Initial advisory release