PQ71637: SSL BLOCK CIPHER VULNERABILITY (CAN-2003-0078) | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description It has been determined through IHS Development investigation that the "security libraries" used by the IBM HTTP Server are vulnerable to the same SSL Block Cipher exposure reported in the following URL. - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078Local fix Since the vulnerability exists only with block ciphers, you can use the SSLCipherSpec directive to configure IHS to only use ciphers which are not block ciphers and this will close this exposure. - The ciphers which are NOT vulnerable to this type of attack are: 21, 22, 33, 34, 35, 30, 31, 32, 62. - SSLCipherSpec 21 SSLCipherSpec 22 SSLCipherSpec 33 SSLCipherSpec 34 SSLCipherSpec 35 SSLCipherSpec 30 SSLCipherSpec 31 SSLCipherSpec 32 SSLCipherSpec 62Problem summary The decryption process currently verifies the padding characters/length first and then verifies the MAC. If an error is detected for the padding then the process terminates and an error is returned to the client. This process causes a time difference between a message with a padding error and a MAC error. and this time difference can be exploited to launch a cryptography attack on the server.Problem conclusion The decryption process has been changed to verify both the padding and MAC before returning an error. This will eliminate the possibility of a user discriminating between this types of errors based on the timing of the response. The following COMPID's are affected by these changes: 5648B7800 IHS for AIX 5648B7801 IHS for Sun 5648B7802 IHS for WinNT and Win2K 5648B7803 IHS for HP 5648B7804 IHS for Linux The fix will be available in the next service refreshes for IHS, currently planned as IHS 1.3.12.8, IHS 1.3.19.6, IHS 1.3.26.1, and IHS 2.0.42.1. The code changes are stored in CMVC under defect PQ71637 and 84548.Temporary fix Disable use of the CBC ciphers via the SSLCipherSpec directive.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > IBM HTTP Server >
Runtime
Operating system(s):
Software version: 312
Software edition:
Reference #: PQ71637
IBM Group: Software Group
Modified date: May 7, 2003
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.