SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Intrusion Detection)  >   Sourcefire Intrusion Sensors Vendors:   Sourcefire
Sourcefire 3D Sensor and Defense Center Use Common Private SSL Keys
SecurityTracker Alert ID:  1024092
SecurityTracker URL:  http://securitytracker.com/id/1024092
CVE Reference:   CVE-2010-2306   (Links to External Site)
Updated:  Jun 18 2010
Original Entry Date:  Jun 11 2010
Impact:   Disclosure of authentication information
Vendor Confirmed:  Yes  
Version(s): 3D Sensor 1000, 3D Sensor 2000, 3D Sensor 9900, Defense Center 1000
Description:   A vulnerability was reported in Sourcefire 3D Sensor and Defense Center products. A user with access to one key can access ostensibly protected communications between other devices.

The products use common private SSL keys across multiple devices and installation. A user with access to one copy of the key can use the key to decrypt SSL communications between other devices.

The vendor was notified on June 2, 2010.

An anonymous researcher reported this vulnerability via TippingPoint.

Impact:   A user with access to one copy of the key can use the key to decrypt SSL communications between other devices.
Solution:   The vendor recommends replacing the static keys with custom keys.

The vendor's advisory is available at:

https://support.sourcefire.com/notices/notice/1437

Vendor URL:  support.sourcefire.com/notices/notice/1437 (Links to External Site)
Cause:   Configuration error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Thu, 10 Jun 2010 17:53:54 -0500
Subject:  [Full-disclosure] ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability

ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-107
June 10, 2010

-- Affected Vendors:
Sourcefire

-- Affected Products:
Sourcefire 3D Sensor 1000
Sourcefire 3D Sensor 2000
Sourcefire 3D Sensor 9900
Sourcefire Defense Center 1000

-- Vulnerability Details:
This vulnerability allows remote attackers to decrypt secure socket
layer (SSL) communications directed to multiple Sourcefire products.

The specific flaw exists within the reuse of private SSL keys for
multiple devices and installations. The keypair is stored in
/etc/ssl/server.crt and /etc/ssl/server.key. Disclosure of the private
key allows an attacker to decrypt and monitor SSL communications with
the target. 

-- Vendor Response:
Sourcefire states:
Mitigation of this problem can be accomplished by replacing the static
keys with custom keys. These instructions can be found in the
installation guide for your product (available on the Sourcefire support
site).

https://support.sourcefire.com/notices/notice/1437

-- Disclosure Timeline:
2010-06-02 - Vulnerability reported to vendor
2010-06-10 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Anonymous

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents 
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

    http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

    http://www.zerodayinitiative.com/advisories/disclosure_policy/

Follow the ZDI on Twitter:

    http://twitter.com/thezdi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC