SA53 : OpenSSL Ciphersuite Downgrade Attack (CVE-2010-4180)
SUMMARY
A flaw in OpenSSL exists that allows an attacker to decrease the cryptographic strength of an SSL/TLS session. An attacker can use this flaw to view unencrypted SSL/TLS session data including administrative authentication credentials.
AFFECTED PRODUCTS
The following products are vulnerable.
CacheFlow
All versions prior to 2.1.4.7 are vulnerable. Only SSL/TLS connections used for management are vulnerable to this attack.
CacheFlow 2.1 - a fix is available in 2.1.4.7.
Director
All versions of Director prior to 5.5.1.2 are vulnerable.
Director 5.5 - an interim fix is available in 5.5.1.2. Customers are urged to upgrade to the next maintenance release that includes this fix. This Security Advisory will be updated when the maintenance release is available.
Director 5.4 and earlier - please upgrade to a later version.
PacketShaper/PolicyCenter
All versions of PacketShaper and PolicyCenter prior to 8.7.1 are vulnerable. Only SSL/TLS connections used for management are vulnerable to this attack. Due to the manner in which authentication is performed, authentication credentials cannot be obtained by an attacker. Thus the severity is MEDIUM with a CVSS v2 base score of 4.3 (AV:A/AC:M/Au:N/C:P/I:P/A:N).
PacketShaper and Policy Center 8.7 - a fix is available in 8.7.1.
PacketShaper and Policy Center 8.6 - please upgrade to a later version.
PacketShaper and Policy Center 8.5 - a fix is available in 8.5.6.
PacketShaper and Policy Center 8.4 and earlier - please upgrade to a later version.
ProxyAV
All versions of ProxyAV prior to 3.3.1.9 are vulnerable. SSL/TLS connections used for management and for secure ICAP with ProxySG are vulnerable to this attack.
ProxyAV 3.4 - a fix is available in 3.4.1.1.
ProxyAV 3.3 and earlier - please upgrade to a later version.
All versions of ProxyOne are vulnerable. Only SSL/TLS connections used for management are vulnerable to this attack.
No fix will be provided.
ProxySG
All versions of ProxySG prior to 6.1.2.1 are vulnerable. SSL/TLS connections where ProxySG is acting as a server are vulnerable to attack. This includes connections used for forward proxy, reverse proxy, and management.
ProxySG 6.1 - a fix is available in 6.1.2.1.
ProxySG 5.5 - a fix is available in 5.5.4.1.
ProxySG 5.4 - a fix is available in 5.4.6.1.
ProxySG 5.3 - please upgrade to a later release.
ProxySG 4.3 - an interim fix is available in SGOS 4.3.4.2 patch release.
Reporter
All versions of Reporter for Windows prior to 9.4 are vulnerable. All versions of Virtualized Reporter are vulnerable. Reporter for Linux is not vulnerable as it uses the OpenSSL provided by the customer installed Linux distribution. All SSL/TLS connections are vulnerable.
Reporter 9.3 for Windows - a fix is available in 9.3.3.2.
Virtual Reporter 9.4 - a fix will not be provided.
Virtual Reporter 9.3 - a fix will not be provided.
ADDITIONAL PRODUCT INFORMATION
The following products are not vulnerable.
IntelligenceCenter
IntelligenceCenter does not use OpenSSL.
K9
K9 uses the on-platform SSL/TLS libraries provided by Microsoft.
ProxyClient
While ProxyClient does use OpenSSL, it does not act as a server in SSL/TLS connections.
ISSUES
SSL/TLS sessions are established with a cipher suite that is negotiated based on the supported algorithms of the client and server. Once established, a session that becomes idle can be resumed for a pre-configured amount of time to eliminate the high cost of session instantiation. At any point, the cipher suite can be renegotiated by either the client or server.
The flaw in OpenSSL allows an attacker to force a change in the cipher suite when the client resumes a session if the server is vulnerable. The attacker must choose a cipher suite that the client supports. Another flaw in OpenSSL versions prior to 0.9.8j allows an attacker to change the cipher suite to any cipher suite supported by OpenSSL even if the server was configured not to use it. In the worst case scenario, the cipher suite chosen by the attacker is limited only by the security employed on the client.
CVE-2010-4180 - CVSS v2 base score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Clients and browsers that support weak ciphersuites are at most risk for ciphersuite downgrade. In such cases, the ciphersuite can be changed to use weak algorithms that can be easily compromised by an attacker allowing the connection data to be decrypted more easily by the attacker.
Vulnerable Blue Coat products acting as a server in an SSL/TLS connection are at risk. Products acting as a client are not at risk. The most vulnerable connections are those used for managing Blue Coat products. These connections may contain an administrator's authentication data that can be used to gain complete control over the vulnerable Blue Coat product. Other connections may also contain sensitive information.
MITIGATION
Customers are encouraged to upgrade and apply all current patches to clients and browsers that connect to vulnerable Blue Coat products over SSL/TLS. This ensures that the ciphersuites that an attacker can use are limited to those that are more difficult to compromise.
REFERENCES
National Vulnerability Database information: https://nvd.nist.gov/vuln/detail/CVE-2010-4180
OpenSSL Security Advisory: https://www.openssl.org/news/secadv/20101202.txt
REVISION
2015-01-20 Virtual Reporter versions were not fixed; marked as final.
2012-12-11 Reporter for Windows and Virtual Reporter have been found vulnerable. Notification of fixes are added for Reporter.
2012-04-12 Notification of a fix in PacketShaper/PolicyCenter 8.5.6.
2012-01-17 Notification that no fixes will be provided for ProxyOne or ProxySG 5.3.
2011-12-02 Notification of a fix for ProxyAV 3.4. ProxyAV 3.3 interim fix removed from patch list.
2011-11-04 Notification of an interim fix for ProxyAV 3.3.
2011-10-19 Noted that Reporter is not vulnerable.
2011-10-07 Clarification of the versions that are vulnerable based on fixes released. Notification of a fix in PolicyCenter 8.7.
2011-08-31 Notification of a fix in PacketShaper 8.7.
2011-06-29 Notification of an interim fix in patch release of Director 5.5.
2011-05-25 Notification of fix in a patch release of ProxySG version 4.3.4.2.
2011-02-03 Reduced PacketShaper/PolicyCenter severity and CVSS score.
2011-02-02 Added PacketShpaer/PolicyCenter as a vulnerable product.
2011-02-02 Added Reporter as a vulnerable product. Added a patch for ProxySG 5.5. Provided clarification about which connections are vulnerable for ProxyAV.
2011-02-01 Initial public release