PQ71637: SSL BLOCK CIPHER VULNERABILITY (CAN-2003-0078)

APAR status
Closed as program error.

Error description
It has been determined through IHS Development investigation
that the "security libraries" used by the IBM HTTP Server are
vulnerable to the same SSL Block Cipher exposure reported in the
following URL.
-

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078
Local fix
Since the vulnerability exists only with block ciphers, you can
use the SSLCipherSpec directive to configure IHS to only use
ciphers  which are not block ciphers and this will close this
exposure.
-
The ciphers which are NOT vulnerable to this type
of attack are: 21, 22, 33, 34, 35, 30, 31, 32, 62.
-
SSLCipherSpec 21
SSLCipherSpec 22
SSLCipherSpec 33
SSLCipherSpec 34
SSLCipherSpec 35
SSLCipherSpec 30
SSLCipherSpec 31
SSLCipherSpec 32
SSLCipherSpec 62
Problem summary
The decryption process currently verifies the
padding characters/length first and then verifies the MAC. If
an error is detected for the padding then the process terminates
and an error is returned to the client. This process causes a
time difference between a message with a padding error and a
MAC error. and this time difference can be exploited to launch a
cryptography attack on the server.
Problem conclusion
The decryption process has been changed to
verify both the padding and MAC before returning an error. This
will eliminate the possibility of a user discriminating between
this types of errors based on the timing of the response.
The following COMPID's are affected by these changes:
5648B7800 IHS for AIX
5648B7801 IHS for Sun
5648B7802 IHS for WinNT and Win2K
5648B7803 IHS for HP
5648B7804 IHS for Linux
The fix will be available in the next service refreshes for IHS,
currently planned as IHS 1.3.12.8, IHS 1.3.19.6, IHS 1.3.26.1,
and IHS 2.0.42.1.
The code changes are stored in CMVC under defect PQ71637 and
84548.
Temporary fix
Disable use of the CBC ciphers via the
SSLCipherSpec directive.
Comments
APAR information
APAR number PQ71637
Reported component name APACHE HTTP SVR
Reported component ID 5648B7800
Reported release 312
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-03-04
Closed date 2003-05-07
Last modified date 2003-05-07

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
GSKIT          

Publications Referenced

Fix information
Fixed component name APACHE HTTP SVR
Fixed component ID 5648B7800

Applicable component levels
R312 PSN    UP
R319 PSN    UP
R326 PSN    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > IBM HTTP Server > Runtime
Operating system(s):
Software version: 312
Software edition:
Reference #: PQ71637
IBM Group: Software Group
Modified date: May 7, 2003