Security Advisories

February 23, 2010 - TLS/SSLv3 renegotiation (CVE-2009-3555)

Security Advisories ID:    SA44
Version:    19.0
Status:    Published
Published date:    02/23/2010
Updated:    12/20/2012
 

Advisory Status

Interim

Advisory Severity

Medium, CVSS v2 base score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)

Summary

TLS and SSLv3 are vulnerable to a man-in-the-middle attack. This vulnerability is due to a design flaw in the cipher suite renegotiation capability of the protocol, not to a particular implementation defect. The vulnerability allows an attacker to insert his own traffic into the beginning of the client’s application protocol stream. 

In order to fully protect against this threat, clients as well as origin content servers must be updated to support secure TLS renegotiation as defined in RFC 5746.

Blue Coat Systems is fixing this vulnerability across all currently supported product lines by implementing RFC 5746 to allow, but not require, secure renegotiation.

Affected Products

The following products are vulnerable.

Director

All versions of Director prior to 5.5.2.3 are vulnerable.

IntelligenceCenter

All versions of Intelligence Center prior to 3.1.1.1 are vulnerable.

PacketShaper

All versions of PacketShaper prior to 8.5.5 are vulnerable.  All versions of PacketShaper 8.6 are vulnerable.  All versions of 8.7 are not vulnerable.

Management connections to PacketShaper and connections from PacketShaper to LDAP configuration servers are vulnerable to an attack.

Traffic passing through PacketShaper for classification and shaping cannot be affected since PacketShaper does not serve as a TLS/SSL endpoint. Compression and acceleration tunnels do not use SSL so are not affected.

ProxyAV

All versions of ProxyAV prior to 3.4.1.1 are vulnerable.

ProxySG

All versions of ProxySG prior to 6.1 are vulnerable.

ProxySG uses TLS/SSL to accelerate and control traffic, for management and configuration operations, to interact with other Blue Coat products, and to interact with third party and other Blue Coat servers. All TLS/SSL connections are vulnerable to an attack. ProxySG cannot protect against an attack.

Reporter

All versions of Reporter prior to 9.2.4.1 are vulnerable. 

Blue Coat recommends that Reporter be deployed behind the firewall.  Given this typical deployment, the CVSS v2 base score is 4.8 (AV:A/AC:L/Au:N/C:N/I:P/A:P). 

 

The following products are not vulnerable to attack because they use SSL/TLS libraries that are provided by the platform.  Blue Coat recommends that customers update the underlying operating systems for these products. 

ProxyClient

The Proxy Client uses the on-platform TLS/SSL libraries provided by Microsoft. It only establishes a TLS/SSL connection to ProxySG to download new files and configuration and to upload monitoring information. If the connection to ProxySG is targeted, the attacker is limited to injecting malformed or misleading monitoring information.

K9

K9 uses the on-platform TLS/SSL libraries provided by Microsoft.

Details

The TLS protocol and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection. This allows an attacker to insert content of his choice at the beginning of the client’s interaction with the server. The attacker will not be able to read the traffic between the client and server.

Initial exploits of this vulnerability have focused on the HTTP protocol. Other protocols that use TLS/SSLv3 are vulnerable as well.

The IETF TLS working group has published RFC 5746 that specifies enhancements to the protocol to support secure renegotiation.  Blue Coat Systems is implementing the RFC across affected product lines. 

By default, products will support secure renegotiation, but will not require it.  This allows Blue Coat products to preserve backwards compatibility with servers and clients that do not support secure renegotiation. 

Options are available for each product to require secure renegotiation, thereby providing full protection against attacks that exploit this vulnerability.  However, requiring secure renegotiation will cause SSL/TLS connections to clients and/or servers that do not support secure renegotiation to fail.  

The following Blue Coat services do not support secure renegotiation at the current time:

  • license download
  • secure heartbeat
  • appliance birth certificate issuance

The following Blue Coat services now support secure renegotiation:

  • BCWF download
  • image downloads

Secure connections between Blue Coat products will fail unless both products are updated to support secure renegotiation.  For example, a secure ICAP connection between ProxySG and ProxyAV will fail unless both products are updated.

Secure connections with third party servers will fail unless the third party server has been updated to support secure renegotiation.  For example, uploading access logs via HTTPS to an Apache or IIS server that has not been updated will fail.

Workarounds

No workarounds are available.

Patches

Director

Secure renegotiation support is provided in the following releases.  By default, secure renegotiation is required.  A CLI option to support but not require secure renegotiation is available.  

Director 5.5 - an interim fix is available in 5.5.2.3.  The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/patch/90138905913689859042842687478968.

Director 5.4 and earlier - please upgrade to a later version.

IntelligenceCenter

Secure renegotion support is provided in the following releases.  Clients that support secure renegotiation will be allowed to renegotiate a session key.  Clients that do not support secure renegotiation can establish an SSL/TLS session but cannot perform legacy renegotiations.

IntelligenceCenter 3.1 - a fix is available in 3.1.1.1. The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/33.

IntelligenceCenter 2.1 and earlier - please upgrade to a later version.

PacketShaper/PacketWise/PolicyCenter

Secure renegotiation support is provided in the following releases.  A CLI option to require secure renegotiation is available.  Secure reneogitation is disabled by default. 

PacketWise 8.7 - a fix is available in 8.7.1. The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/32.

PacketWise 8.6 - please upgrade to a later version.

PacketWise 8.5 - a fix is available in 8.5.5. The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/32.

ProxyAV

Secure renegotion support is provided in the following releases.  Clients that support secure renegotiation will be allowed to renegotiate a session key by default.  An option is provided in the Management Console to allow clients that do not support secure renegotiation to access ProxyAV. 

ProxyAV 3.4 - a fix is available in 3.4.1.1. The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/4.

ProxyAV 3.3 - a fix is available in 3.3.1.1.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/4.

ProxyAV 3.2 and earlier - please upgrade to a later version.

ProxySG

Secure renegotiation support is provided in the following releases.  A CLI option to require secure renegotiation is available and is disabled by default.  To enable the option, set the ssl command option force-secure-renegotiation to enable

ProxySG 6.1 - a fix is available in SGOS 6.1.1.1 or later.  The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/5351.

ProxySG 5.5 - a fix is available in SGOS 5.5.4.1.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/41 .

ProxySG 5.4 - a fix is available in SGOS 5.4.5.1 or later.  If you are intercepting SSL, Blue Coat recommends that you upgrade to SGOS 5.4.6.1.  The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/17.

ProxySG 5.3 - please upgrade to a later version.

ProxySG 4.3 - a fix is available in SGOS 4.3.4.1.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/13 .

Reporter

Secure renegotiation support is provided in the following releases.  The 9.2 releases do not provide an option to require secure renegotiation. The 9.3 and later releases provide an option to force secure renegotiation.

Reporter 9.3  - a fix is available in 9.3.1.1 and later.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/8793.

Reporter 9.2 -a fix is available in 9.2.4.1.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/4997 .

Reporter 8.3 and earlier - please upgrade to a later version.

References

Advisory History

2012-12-20 Added fix for ProxyAV 3.3

2012-01-31 Update on PacketWise.

2012-01-18 Update on PacketWise.

2012-01-17 Change to indicate Reporter 9.3.1.1 or later has the option to require secure renegotiation.

2012-01-12 Notificaiton of option in Reporter to force secure renegotiation.  Added additional OS search strings.

2012-01-11 Notification of a fix in ProxyAV.

2012-01-10 Notification of a fix in IntelligenceCenter.

2011-09-13 Notification of a Director 5.5 patch release.  Minor update for Reporter versions that are vulnerable.

2011-02-04 Notification of SGOS fix in SGOS 5.5.4.1 and SGOS 4.3.4.1.  Changed SGOS 5.4.x recommended version fix to SGOS 5.4.6.1.  Notification of Reporter fix in 9.2.4.1.

2010-11-01 Notification of ProxySG fix in 5.5.3.5 patch release.

2010-10-27 Notification of ProxySG version 5.4.5.1 patch release being promoted to GA release.  Notification that the BCWF download and image download services now support secure renegotiation.

2010-10-15 Notification of ProxySG fix in 5.4.5.1 patch release.

2010-10-01 Additional details added.  Notificaiton of ProxySG fix in 6.1.1.1.

2010-05-20  Clarification on the need to patch clients and origin content servers

2010-02-23  Initial public release


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question