000032613 - The impact on RSA Authentication Manager 8.x of vulnerabilities reported in: OpenSSL Security Advisory - Dec 2015 - False Positive

Document created by RSA Customer Support Employee on Jun 14, 2016
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000032613
Applies To
RSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager 
RSA Version/Condition:  8.x
Platform:  SuSE Linux
O/S Version:  11
CVE IDCVE-2015-3193,CVE-2015-3194,CVE-2015-3195CVE-2015-3196,CVE-2015-1794
Article SummaryBased upon the announcement of fixes for OpenSSL, there is an inquiry whether RSA Authentication manager 8.x server is vulnerable to the issues. OpenSSL occasionally announces vulnerabilities in their code. The reported issues from this OpenSSL notice have been reviewed to determine whether any of the problems represent exploitable vulnerabilities in RSA 8.x Authentication Manager.
OpenSSL libraries are only used under optional circumstances. They are used if SSH is enabled or if the Database "Read-Only-Database-User" is enabled. Neither of these are enabled by default or required for system operation. Both of these interfaces utilize SSL. No PKCS-#7 or CMS data is used for these interfaces.
Link to Advisories
Alert ImpactNot Exploitable
Technical DetailsThe flaw exists but it is not exploitable
Technical Details Explanation

Overview:

OpenSSL libraries are only used under optional circumstances. They are used if SSH is enabled or if the Database "Read-Only-Database-User" is enabled. Neither of these are enabled by default or required for system operation. Both of these interfaces utilize SSL. No PKCS-#7 or CMS data is used for these interfaces.
 

Impact:

  • CVE-2015-3193
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) Severity: Moderate  There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC (Elliptic curve) algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH (Diffie Hellman algorithm) are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.  This issue affects OpenSSL version 1.0.2.

Response: The flaw does not exist.

The AM appliance does not use an impacted version

 

  • CVE-2015-3194
Certificate verify crash with missing PSS parameter (CVE-2015-3194) Severity: Moderate  The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.  This issue affects OpenSSL versions 1.0.2 and 1.0.1.

Response: The flaw exists but is not exploitable.

The issue impacts verification of a certificate. AM has no interface which performs this verification with the OpenSSL SSL implementation.

 
  • CVE-2015-3195
X509_ATTRIBUTE memory leak (CVE-2015-3195)Severity: Moderate  When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected.   SSL/TLS is not affected.This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

Response: The flaw exists but is not exploitable.

The issue impacts verification of a certificate but AM has no service using an impacted OpenSSL version which reads PKCS#7 or CMS data.

OpenSSL libraries are only used under optional circumstances. They are used if SSH is enabled or if the Database "Read-Only-Database-User" is enabled. Neither of these are enabled by default or required for system operation. No PKCS-#7 or CMS data is used for these interfaces.
 

  • CVE-2015-3196
Race condition handling PSK identify hint (CVE-2015-3196) Severity: Low  If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data.  This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.

Response: The flaw exists but is not exploitable.

AM does not use the impacted PSK identity hint.

 
  • CVE-2015-1794
Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)Severity: Low  If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack.  This issue affects OpenSSL version 1.0.2.

Response: The flaw does not exist.

The AM appliance does not use an impacted version.
Also, the issue impacts only client users of OpenSSL.
 

 

Disclaimer

Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, EMC Corporation, distributes RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA, its affiliates or suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes