(Sun Issues Fix for iPlanet Web Server) Re: OpenSSL Flaw in Processing Padding Errors May Let Remote Users Obtain Certain Plaintext Information
SecurityTracker Alert ID: 1007486|
SecurityTracker URL: http://securitytracker.com/id/1007486
(Links to External Site)
Date: Aug 13 2003
Disclosure of authentication information, Disclosure of system information, Disclosure of user information, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 6.0 Service Pack 1 through 5|
A vulnerability was reported in OpenSSL when using CBC encryption. A remote user conducting a timing-based adaptive attack against connections with certain types of plaintext information may be able to determine the plaintext. The Sun ONE/iPlanet Web Server is affected.|
It is reported that a remote user with access to the encrypted traffic stream can substitute specially crafted cipher text blocks for valid cipher text blocks based on a fixed plaintext block (such as a password). The remote user can then measure the time between the injection and an error response. Timing differences between cipher padding errors and message authentication code (MAC) verification errors may yield enough information so that an adaptive attack can successfully obtain the original plain text block.
According to the report, OpenSSL is intended to treat block cipher padding errors in the same manner as MAC verification errors during record decryption. However, in the affected versions, the MAC verification step was skipped if a padding error was detected, permitting the attack to be successful.
The vendor notes that other SSL/TLS implementations may also be affected.
The vendor credits Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) with reporting this flaw.
A remote user with access to the encrypted traffic stream and the encryption endpoint may be able to deterimine certain types of plaintext (repeated, common plain text) by conducting a timing-based adaptive attack.|
Sun has issued a fix in Sun ONE/iPlanet Web Server 6.0 Service Pack 6, available at:|
Vendor URL: sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54147 (Links to External Site)
|Underlying OS: Linux (Red Hat Linux), Linux (Sun), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
54147 Security Vulnerability in SSL/TLS Block Ciphers May Affect Sun ONE/iplanet Web
Server and Application Server 5 Aug 2003
Sun updated Alert 54147 indicating that a fix is now available for Sun ONE Application
Server and Sun ONE/iPlanet Web Server for a previously reported SSL vulnerability.
The following versions are affected:
Sun ONE/iPlanet Web Server 6.0 Service Pack 1 through 5
Sun ONE Application Server 7.0
A workaround is described in the Sun Alert.
A fix is available in:
Sun ONE/iPlanet Web Server 6.0 Service Pack 6 and later
Sun ONE Application Server 7.0 Update Release 1 and later
Sun ONE/iPlanet Web Server 6.0 Service Pack 6
Sun ONE Application Server 7.0 Update Release 1
Standard Edition: http://wwws.sun.com/software/download/products/3ec3e772.html
Platform Edition: http://wwws.sun.com/software/download/products/3ec1008e.html
Sun Alert ID: 54147
Synopsis: Security Vulnerability in SSL/TLS Block Ciphers may affect Sun ONE/iPlanet Web
Server and Application Server
Product: Sun ONE/iPlanet Web Server, Sun ONE Application Server
Avoidance: Workaround, Upgrade
Date Released: 06-May-2003, 08-May-2003, 05-Aug-2003
Date Closed: 05-Aug-2003
Date Modified: 08-May-2003, 05-Aug-2003