4.3 - VU#583776

Executive Summary

Summary
Title	Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack

Informations
Name	VU#583776	First vendor Publication	2016-03-01
Vendor	VU-CERT	Last vendor Modification	2016-03-14
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#583776

Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack

Original Release date: 01 Mar 2016 | Last revised: 14 Mar 2016

Overview

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. This is known as the "DROWN" attack in the media.

Description

According to the researcher, "DROWN" is a new form of cross-protocol Bleichenbacher padding oracle attack. An attacker using "DROWN" may obtain the session key from a vulnerable server supporting SSLv2 and use it to decrypt any traffic encrypted using the shared certificate.

It allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key."

The SSLv2 protocol is the only protocol directly impacted; however, the researcher's website states that many servers may use a shared certificate between the SSLv2 and the newer TLS protocols. If so, if the certificate is decrypted via SSLv2, then the TLS protocol using the shared certificate can be decrypted as well. The attack requires approximately 1000 SSL handshakes to be intercepted for the attack to be effective.

The researchers have also released a DROWN attack check tool and an FAQ that provides more complete information.

Impact

A remote attacker may be able to decrypt individual messages/sessions of a server supporting SSLv2. Servers using TLS protocol with the same shared certificate as is used for SSLv2 may also be vulnerable. According to the DROWN FAQ, the server private key is not obtained from this attack.

Solution

Disable SSLv2

Network administrators should disable SSLv2 support. The researchers have provided more information on how to disable SSLv2 for various server products.

SSLv2 has been deprecated since 2011.

Do not reuse SSL certificates or key material

This issue can be mitigated on TLS connections by using unique SSL keys and certificates. If possible, do not reuse key material or certificates between SSLv2 and TLS support on multiple servers.

Monitor network and use firewall rules

We recommend enabling firewall rules to block SSLv2 traffic. Since the attack requires approximately 1000 SSL handshakes, network administrators may also monitor logs to look for repeated connection attempts. However, this data may also be obtained via man-in-the-middle or other attacks, not solely from direct connections.

Vendor Information (Learn More)

On Linux, nginx may or may be affected depending on what version of OpenSSL nginx was compiled with. See the vendor list below or contact your vendor to determine if your release of nginx is affected.

Vendor	Status	Date Notified	Date Updated
ECSystems.nl	Affected	-	14 Mar 2016
OpenSSL	Affected	-	02 Mar 2016
Apache-SSL	Unknown	-	01 Mar 2016
CentOS	Unknown	-	14 Mar 2016
Debian GNU/Linux	Unknown	-	14 Mar 2016
Microsoft Corporation	Unknown	-	01 Mar 2016
Mozilla	Unknown	-	01 Mar 2016
nginx	Unknown	-	14 Mar 2016
openSUSE project	Unknown	-	14 Mar 2016
Postfix	Unknown	-	01 Mar 2016
Red Hat, Inc.	Unknown	-	14 Mar 2016
SUSE Linux	Unknown	-	14 Mar 2016
Ubuntu	Unknown	-	14 Mar 2016

If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group	Score	Vector
Base	7.1	AV:N/AC:H/Au:N/C:C/I:C/A:N
Temporal	6.1	E:POC/RL:W/RC:C
Environmental	6.5	CDP:ND/TD:H/CR:H/IR:H/AR:ND

References

http://drownattack.com
https://www.openssl.org/news/secadv/20160301.txt
https://tools.ietf.org/html/rfc6176

Credit

Thanks to Nimrod Aviram for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs:CVE-2016-0800
Date Public:01 Mar 2016
Date First Published:01 Mar 2016
Date Last Updated:14 Mar 2016
Document Revision:75

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/583776

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-310	Cryptographic Issues
50 %	CWE-200	Information Exposure

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.2f:::::::* cpe:2.3:a:openssl:openssl:1.0.2e:::::::* cpe:2.3:a:openssl:openssl:1.0.2d:::::::* cpe:2.3:a:openssl:openssl:1.0.2c:::::::* cpe:2.3:a:openssl:openssl:1.0.2b:::::::* cpe:2.3:a:openssl:openssl:1.0.2a:::::::* cpe:2.3:a:openssl:openssl:1.0.2:beta1:::::: cpe:2.3:a:openssl:openssl:1.0.2:-:::::: cpe:2.3:a:openssl:openssl:1.0.2:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.2:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.1r:::::::* cpe:2.3:a:openssl:openssl:1.0.1q:::::::* cpe:2.3:a:openssl:openssl:1.0.1p:::::::* cpe:2.3:a:openssl:openssl:1.0.1o:::::::* cpe:2.3:a:openssl:openssl:1.0.1n:::::::* cpe:2.3:a:openssl:openssl:1.0.1m:::::::* cpe:2.3:a:openssl:openssl:1.0.1l:::::::* cpe:2.3:a:openssl:openssl:1.0.1k:::::::* cpe:2.3:a:openssl:openssl:1.0.1j:::::::* cpe:2.3:a:openssl:openssl:1.0.1i:::::::* cpe:2.3:a:openssl:openssl:1.0.1h:::::::* cpe:2.3:a:openssl:openssl:1.0.1g:::::::* cpe:2.3:a:openssl:openssl:1.0.1f:::::::* cpe:2.3:a:openssl:openssl:1.0.1e:::::::* cpe:2.3:a:openssl:openssl:1.0.1d:::::::* cpe:2.3:a:openssl:openssl:1.0.1c:::::::* cpe:2.3:a:openssl:openssl:1.0.1b:::::::* cpe:2.3:a:openssl:openssl:1.0.1a:::::::* cpe:2.3:a:openssl:openssl:1.0.1:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta1:::::: cpe:2.3:a:openssl:openssl:1.0.1:-::::::	32
Application	Pulsesecure Client cpe:2.3:a:pulsesecure:client:-:::::iphone_os::	1
Application	Pulsesecure Steel Belted Radius cpe:2.3:a:pulsesecure:steel_belted_radius:-:::::::*	1

Snort® IPS/IDS

Date	Description
2016-04-05	SSLv2 Client Hello attempt RuleID : 38060 - Revision : 4 - Type : POLICY-OTHER

Nessus® Vulnerability Scanner

Date	Description
2018-02-28	Name : The version of Arista Networks EOS running on the remote device is affected b... File : arista_eos_sa0018.nasl - Type : ACT_GATHER_INFO
2017-05-16	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL23196136.nasl - Type : ACT_GATHER_INFO
2017-05-01	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1040.nasl - Type : ACT_GATHER_INFO
2017-05-01	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1039.nasl - Type : ACT_GATHER_INFO
2016-11-10	Name : The remote host is affected by multiple vulnerabilities. File : screenos_JSA10759.nasl - Type : ACT_GATHER_INFO
2016-08-12	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7b1a4a27600a11e6a6c314dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-05-12	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-563.nasl - Type : ACT_GATHER_INFO
2016-05-02	Name : The remote host is missing one or more security updates. File : mysql_5_7_12_rpm.nasl - Type : ACT_GATHER_INFO
2016-05-02	Name : The remote host is missing one or more security updates. File : mysql_5_6_30_rpm.nasl - Type : ACT_GATHER_INFO
2016-04-25	Name : The remote web server is running an application that is affected by multiple ... File : splunk_6334.nasl - Type : ACT_GATHER_INFO
2016-04-22	Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_30.nasl - Type : ACT_GATHER_INFO
2016-04-22	Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_7_12.nasl - Type : ACT_GATHER_INFO
2016-04-13	Name : The remote AIX host has a version of OpenSSL installed that is affected by mu... File : aix_openssl_advisory18.nasl - Type : ACT_GATHER_INFO
2016-04-07	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-682.nasl - Type : ACT_GATHER_INFO
2016-03-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201603-15.nasl - Type : ACT_GATHER_INFO
2016-03-16	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL95463126.nasl - Type : ACT_GATHER_INFO
2016-03-14	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-327.nasl - Type : ACT_GATHER_INFO
2016-03-11	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-661.nasl - Type : ACT_GATHER_INFO
2016-03-10	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160309_openssl098e_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-03-10	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2016-0379.nasl - Type : ACT_GATHER_INFO
2016-03-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0372.nasl - Type : ACT_GATHER_INFO
2016-03-09	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2016-0372.nasl - Type : ACT_GATHER_INFO
2016-03-09	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2016-0372.nasl - Type : ACT_GATHER_INFO
2016-03-08	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0678-1.nasl - Type : ACT_GATHER_INFO
2016-03-07	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0631-1.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0641-1.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0624-1.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-03-03	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-292.nasl - Type : ACT_GATHER_INFO
2016-03-03	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-289.nasl - Type : ACT_GATHER_INFO
2016-03-03	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-288.nasl - Type : ACT_GATHER_INFO
2016-03-03	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2016-062-02.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0301.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0302.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3500.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1s.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_2g.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0301.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0302.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0301.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0302.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0303.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0304.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0305.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160301_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160301_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0617-1.nasl - Type : ACT_GATHER_INFO
2016-03-02	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0620-1.nasl - Type : ACT_GATHER_INFO
2016-03-01	Name : The remote host may be affected by a vulnerability that allows a remote attac... File : ssl_drown.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-11-11 13:25:54	Multiple Updates
2016-05-03 13:30:32	Multiple Updates
2016-04-26 13:27:45	Multiple Updates
2016-04-14 13:26:54	Multiple Updates
2016-03-14 17:22:51	Multiple Updates
2016-03-11 21:30:49	Multiple Updates
2016-03-07 17:29:01	Multiple Updates
2016-03-07 17:23:37	Multiple Updates
2016-03-05 00:28:02	Multiple Updates
2016-03-05 00:23:18	Multiple Updates
2016-03-03 17:25:56	Multiple Updates
2016-03-03 17:21:21	Multiple Updates
2016-03-03 13:23:26	Multiple Updates
2016-03-03 00:24:58	Multiple Updates
2016-03-03 00:20:22	Multiple Updates
2016-03-02 13:27:16	Multiple Updates
2016-03-02 05:28:50	Multiple Updates
2016-03-01 21:30:00	Multiple Updates
2016-03-01 21:24:35	First insertion

Global Informations

Type	Count
CWE ID(s)	2
CPE ID(s)	34
Snort® Rule(s)	1
Nessus® Exploit(s)	49

	Related
5.9	CVE-2016-0800
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)