AES-NI encryption vulnerability in OpenSSL [CVE-2016-2107]

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2016-002 CVE-2016-2107 05/03/2016 medium v2

Vulnerability details

A vulnerability has been discovered in OpenSSL AES-NI CBC check.

An attacker can use a padding oracle in a man in the middle attack on SSL or TLS connection if the server supports AES-NI and if the traffic is encrypted with AES CBC mode.

It results in a full access to decrypted traffic.

Impacted products

ProductsSeverityDetail
Stormshield Network Security low SNS uses a vulnerable version of OpenSSL
Stormshield Endpoint Security medium SES uses a vulnerable version of OpenSSL
Netasq low Netasq appliances use a vulnerable version of OpenSSL

Revisions

Version Date Description
v1  05/19/2016 Initial release
v2  05/31/2016 SES updates available
v3  06/03/2016 SDS not impacted

 



Stormshield Network Security

CVSS v2 Overall Score: 3.2      

Analysis

Impacted version

This vulnerability could allow an attacker to read SSL/TLS encrypted network traffic, such as communication between administration console and UTM, or traffic in VPN. Please note that only SNS embedding Intel CPU with AES-NI extensions are impacted. They are: SN510, SN710, SN910, SN2000, SN3000, SN6000

  • SNS 1.0.0 to 1.5.0
  • SNS 2.0.0 to 2.2.5
  • SNS 2.3.0 to 2.4.1
  • SMC 1.1.0

 

Workaround solution

Solution

You can disable crypto hardware extension. Connect to the appliance with ssh, and edit the file ~/System/global. You will find a [crypto] section. Give a 0 value for the Hardware token

Ex:

[Crypto]
Engine=padlock
Hardware=0
NoCryptodev=1

You have to reboot to make this parameter effective.

Please note that this setting can lower the overall performance of your UTM.

  • Upgrade SNS to 2.2.6
  • Upgrade SNS to 2.4.2
  • Upgrade SMC to 1.1.1


Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High None Complete None None
CVSS Base score: 5.4 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Proof of concept code Official fix Confirmed
CVSS Temporal score: 4.2 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:N/A:N/E:POC/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None Medium [26-75%]
CVSS Environmental score: 3.2 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:N/A:N/E:POC/RL:OF/RC:C/CDP:N/TD:M/CR:ND/IR:ND/AR:ND)


Stormshield Endpoint Security

CVSS v2 Overall Score: 6.5      

Analysis

Impacted version

This vulnerability could allow an attacker to read SSL/TLS encrypted network traffic used to communicate between the SES agents and servers.

An attacker could then read the security policy and the generated security logs.

This vulnerability applies to SES servers only if they are running on a computer with an AES-NI capable Intel® processor. You can check if this is the case by checking the “Intel(R) AES New Instructions” value on the “CPU Technologies” tab of the “Intel® Processor Identification Utility” available at https://www.intel.com/content/www/us/en/support/processors/000005651.html.

  • SES 6.0.22
  • SES 7.1.09
  • SES 7.2.07

Workaround solution

Solution

You can disable AES-NI crypto hardware extension by specifying a global environment variable on each SES server that supports the AES-NI instruction set.

  • In the Control Panel, open the System option (alternately, you can right-click on My Computer and select Properties). Select the “Advanced system settings” link.
  • In the System Properties dialog, click “Environment Variables”.
  • In the Environment Variables dialog, click the New button underneath the “System variables” section.
  • Create a variable named OPENSSL_ia32cap with value ~0x200000200000000 (please note the leading tilde – ‘~’ – character) and click OK.
  • You should now see your new variable listed under the “System variables” section. Click OK to apply the changes.
  • Restart the service “Stormshield Endpoint Security Server” to take these changes into account.

Please note that these changes can lower the overall performance of your SES server. It may also affect the performance of other software using the OpenSSL library running on the same computer.

The 6.0.23, 7.1.10 and 7.2.08 updates fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High None Complete None None
CVSS Base score: 5.4 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Proof of concept code Official fix Confirmed
CVSS Temporal score: 4.2 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:N/A:N/E:POC/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
Medium-High High [76-100%]
CVSS Environmental score: 6.5 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:N/A:N/E:POC/RL:OF/RC:C/CDP:MH/TD:H/CR:ND/IR:ND/AR:ND)


Netasq

CVSS v2 Overall Score: 3.5      

Analysis

Impacted version

This vulnerability could allow an attacker to read SSL/TLS encrypted network traffic, such as communication between administration console and UTM, or traffic in VPN. Please note that only Netasq embedding Intel CPU with AES-NI extensions are impacted. They are: NG1K, NG5K

  • Netasq 9.1.0 to 9.1.8

 

Workaround solution

Solution

You can disable crypto hardware extension. Connect to the appliance with ssh, and edit the file ~/System/global. You will find a [crypto] section. Give a 0 value for the Hardware token

Ex:

[Crypto]
Engine=padlock
Hardware=0
NoCryptodev=1

You have to reboot to make this parameter effective.

Please not that this setting can lower the overall performance of your UTM.

The 9.1.9 update will fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High None Complete None None
CVSS Base score: 5.4 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Proof of concept code Workaround Confirmed
CVSS Temporal score: 4.6 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:N/A:N/E:POC/RL:W/RC:C)
Collateral Damage Potential Target Distribution
None Medium [26-75%]
CVSS Environmental score: 3.5 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:N/A:N/E:POC/RL:W/RC:C/CDP:N/TD:M/CR:ND/IR:ND/AR:ND)