IBM Patches More OpenSSL Flaws In IBM i
August 10, 2015 Alex Woodie
IBM last month issued integrity PTFs for IBM i 6.1 through IBM i 7.2 to address eight recently discovered security vulnerabilities in OpenSSL. This includes the so-called Logjam Attack in TLS, which was disclosed by security researchers in May and could allow attackers to read encrypted traffic. The eight vulnerabilities also exist in i5/OS V5R3 and V5R4, but IBM will not fix them, it says.
IBM i shops are encouraged to apply the patches–including SI57527 for IBM i 6.1, SI57473 for IBM i 7.1, and SI57468 for IBM i 7.2–as soon as possible. For organizations running older versions of the operating system, this serves as another wake-up call to upgrade their operating systems to newer versions that are supported by IBM.
In its latest security advisory, IBM disclosed that it patched IBM i to address the following security vulnerabilities, as named by the Common Vulnerabilities and Exposures (CVE) standard: CVE-2015-4000, also known as the Logjam Attack, refers to a vulnerability in TLS version 1.2 and earlier connections that use the Diffie-Hellman (DH) key exchange protocol. Researchers in May described a flaw whereby a remote attacker could force a downgrade to 512-bit export-grade cipher by launching a man-in-the-middle attack that exploits a problem in the handshake between server and client. This could enable the attacker to recover the session key, thereby allowing him to obtain sensitive information and change the contents of the traffic.
The OpenSSL Project, which oversees the OpenSSL protocol, addressed the matter with a fix whereby TLS clients will automatically reject handshakes with DH parameters shorter than 768 bits. The limit will be increased to 1024 bits in a future release, the group says.
In its advisory, IBM tells IBM i shops to be aware of the CPU costs of longer encryption keys. “As the length of the server key size are increased, the amount of CPU required for full TLS/SSL handshake can significantly increase,” IBM says. “Please carefully test and assess the impact to your CPU requirements to ensure sufficient CPU resources, otherwise the system availability may be impacted.” The Logjam Attack carries a CVSS base score of 4.3, which is a moderate threat.
A potentially more dangerous flaw is CVE-2014-8176, which describes a flaw in the handling of cipher messages and could enable an attacker to launch a denial of service attack (DoS) or cause other undisclosed problems. The flaw exists in older versions of OpenSSL (versions 0.9.8, 1.0.0, and 1.0.1) that was fixed in 2014; it doesn’t exist in newer versions. This flaw carries a CVSS Base Score of 6.5, which is moderately critical.
IBM has also patched CVE-2015-1788, a flaw in the way OpenSSL processes certain parameter structures. This flaw could lead to a DoS attack, and exists in older versions of OpenSSL. It carries a CVSS score of 5, making it a moderate threat.
There is also a DoS threat with CVE-2015-1789 refers to a flaw caused by “an out-of-bounds read” involving X509 digital certificates. “An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault,” the CVE says in its description of the flaw. The flaw carries a CVSS base score of 5.
Another moderate threat is found in CVE-2015-1790, which could allow an attacker to launch a DoS attack by using a malformed PKCS#7 digital signature to trigger a NULL pointer deference. This threat also carries a CVSS base score of 5.
Attackers could bring down an OpenSSL-enabled website with CVE-2015-1791, which describes a flaw in the way the protocol handles new tickets and attempted reuse of older tickets. It also carries a CVSS base score of 5.
IBM also addressed CVE-2015-1792. A vulnerability in the way OpenSSL verifies signedData messages could enable an attacker to trigger an infinite loop in the application by introducing an unknown hash function. This vulnerability carries a CVSS base score of 5 also.
Finally, IBM addressed a more severe threat in CVE-2015-1793, which was discovered just a month ago. “This vulnerability could allow a remote attacker to bypass security restrictions, caused by an implementation error of the alternative certificate chain logic,” the OpenSSL project says. An attacker could exploit this vulnerability to issue an invalid X509 security certificate. CVE-2015-1793 carries a CVSS base score of 7.5, and was given a “high” severity rating by the OpenSSL project.
This is the second time this year that IBM has issued PTFs for IBM i 6.1 through 7.2 that patch eight OpenSSL vulnerabilities. In March, the company patched various problems with OpenSSL and BIND.
Just like the older OpenSSL flaws, the current crop of OpenSSL flaws will require a round of patching in a variety of software and hardware products. According to IBM’s Product Security Incident Response (PSIRT) blog, other IBM products susceptible to the problems include the FlashSystem V840, Tivoli Monitoring and Workload Scheduler, Juniper Networks products (which IBM resells), the Security Identity Manager Virtual Appliance, QRadar SIEM, Rational ClearQuest and RequisitePro, MobileFirst Platform Foundation and Worklight, PowerKVM, the Power Hardware Management Console (HMC), InfoSphere BigInsights, PureData System for Operational Analytics, the SDK for Node.js, MQ Lite and MessageSight, Security Network Intrusion Prevention System, Security Access Manager for Web, FileNet Content Manager, and related products.
The security world has become more aware of OpenSSL flaws since last year’s Heartbleed vulnerability, which exposed the passwords used by millions of people. None of the new flaws appear to be as critical or widespread as Heartbleed, which also impacted IBM’s Power Systems platforms.