|
Brought to you by:
Suppliers of:
|
|
|
| |
The SSL protocol provides for caching of SSL sessions between subsequent connections by the same user. Due to a bug in the SSL session caching feature implemented in RSA BSAFE SSL-J versions 3.x, unauthorized clients may be able to impersonate authorized clients, thus potentially gaining access to data intended only for authorized users. The vulnerability does not give the attacker super-user or "root" privileges on the server.
The problem affects server-side SSL in client authentication mode only when using RSA BSAFE SSL-J versions 3.0, 3.0.1 or 3.1. The problem does not affect clients. The problem does not affect servers that do not use client authentication.
RSA Security has provided an easy migration path and downloadable patches for customers who are at risk. This bulletin describes the immediate steps you should take to ensure that your applications remain protected from malicious attackers. |
| |
Credit:
RSA Security's customer Cisco Systems detected the bug during internal testing. RSA is not aware of any security breaches resulting from this bug.
The information has been provided by RSA Security.
|
| |
Vulnerable systems:
Versions 3.0, 3.0.1, or 3.1 of RSA BSAFE SSL-J
Immune systems:
RSA BSAFE SSL-J 1.x and 2.x.
RSA BSAFE SSL-J 3.1.1 or 4.0 beta 2 or higher.
Client applications built with RSA BSAFE SSL-J, irrespective of the RSA BSAFE SSL-J version number, including all versions of RSA BSAFE SSL-J 3.x.
Server applications built with SSL-J not utilizing client authentication, irrespective of the RSA BSAFE SSL-J version number, including all versions of RSA BSAFE SSL-J 3.x.
What is SSL session caching?
The SSL protocol contains provisions to perform fast reconnections once an initial connection has been performed. The SSL protocol does this be creating an SSL session, identified by a session ID. This permits client applications to reconnect to the server by specifying the same session ID used in earlier transactions. When a client presents a valid session ID, a much shorter SSL connection setup is performed. This results in faster connection times and a reduction in processing overhead for server applications.
How does RSA BSAFE SSL-J handle SSL sessions?
As part of its implementation of the server-side of the SSL protocol, RSA BSAFE SSL-J maintains a cache of sessions established previously with client applications. The sessions eventually time out and are removed from the cache. A client attempting to reconnect after its session has timed out must renegotiate a full SSL handshake. This behavior is expected under the SSL specifications.
What is client authentication mode?
When the SSL protocol is in client authentication mode, the client must present a valid certificate during the connection setup to prove its identity to the server. This authentication is skipped if the client presents a valid session ID (see above), since the client must have already been authenticated during the first connection that initiated the session.
The caching problem
This problem occurs only in RSA BSAFE SSL-J 3.x when using server-side SSL in client authentication mode.
If an error occurs while the handshake is being performed, the session's ID might, under certain conditions, be stored in the cache rather than being discarded. If the same client then attempts a second connection, the session ID will already be in the server cache and the shorter version of the SSL handshake will be performed. Consequently, the client authentication phase will be skipped and the connection will proceed as if the client has been successfully authenticated.
The consequences of the vulnerability
This security vulnerability could allow an attacker to circumvent the SSL client authentication mechanism on servers using RSA BSAFE SSL-J 3.x. The attacker might then subsequently gain unauthorized access to data that otherwise would have been secured by the RSA BSAFE SSL-J for the server application.
When does the problem occur?
Only versions 3.0, 3.0.1, or 3.1 of RSA BSAFE SSL-J used for client-authenticated server SSL applications are affected.
When does the problem not occur?
The following users are not affected by the problem:
* Users of RSA BSAFE SSL-J 1.x and 2.x.
* Users of RSA BSAFE SSL-J 3.1.1 or 4.0 beta 2 or higher.
* Client applications built with RSA BSAFE SSL-J, irrespective of the RSA BSAFE SSL-J version number, including all versions of RSA BSAFE SSL-J 3.x.
* Server applications built with SSL-J not utilizing client authentication, irrespective of the RSA BSAFE SSL-J version number, including all versions of RSA BSAFE SSL-J 3.x.
Solution
Customers with active maintenance agreements and who currently use an affected version of RSA BSAFE SSL-J are recommended to upgrade to the latest release version of RSA BSAFE SSL-J. The current release version is RSABSAFE SSL-J 3.1.1.
Customers not currently on active maintenance contracts and who currently use an affected version are recommended to do the following:
Customers using RSA BSAFE SSL-J 3.0
Download and install the no-cost RSA BSAFE SSL-J 3.0.1 upgrade.
Download and apply RSA BSAFE SSL-J 3.0.1 Patch 1 to the RSA BSAFE SSL-J 3.0.1 distribution.
Customers using RSA BSAFE SSL-J 3.0.1
Download and apply RSA BSAFE SSL-J 3.0.1 Patch 1 to the RSA BSAFE SSL-J 3.0.1 distribution.
Customers using RSA BSAFE SSL-J 3.1
Either:
1) Download and apply RSA BSAFE SSL-J 3.1 Patch 11 to a clean installation of RSA BSAFESSL-J 3.1. If the customer has already applied patches to the RSA BSAFE SSL-J 3.1, please reinstall a RSA BSAFE SSL-J 3.1 from the distribution medium prior to installing Patch 11.
2) If the customer has a current maintenance contract, the customer can request a copy of the current RSA BSAFE SSL-J 3.1.1 release through their account manager. RSA BSAFE SSL-J 3.1.1 does not have this bug.
Download
The above patches can be downloaded from: http://www.rsasecurity.com/support/bsafe/index.html
The patches are encrypted. Decryption passwords will be provided to you by your RSA Account Manager. Please call RSA Security at 650-295-7600 and ask for the sales department if you have not yet received the passwords.
RSA Security encourages customers to install the respective patch to proactively prevent security problems. RSA Security continues to make all possible efforts to ensure our products meet the highest levels quality and standards our customers expect.
Getting Support and Services
General Technical Support Information: http://www.rsasecurity.com/support
SecurCare Online: http://www.rsasecurity.com/support/securcare
Technical Support Telephone Numbers: http://www.rsasecurity.com/support/news/tollfree.html
|
|
|
|
|
