Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1419 Security Bulletin: IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web software releases are affected by a vulnerability known as the SWEET32 Birthday attack (CVE-2016-2183) 6 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Security Access Manager for Web Publisher: IBM Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-2183 Reference: ASB-2017.0074 ASB-2017.0028 ESB-2016.2239.2 ESB-2016.2238 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22003558 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web software releases are affected by a vulnerability known as the SWEET32 Birthday attack (CVE-2016-2183) Document information More support for: IBM Security Access Manager for Web Software version: 6.1, 6.1.1, 7.0 Operating system(s): Platform Independent Reference #: 2003558 Modified date: 05 June 2017 Security Bulletin Summary The IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web software releases are affected by the SWEET32 Birthday attack vulnerability, which could allow an attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM Tivoli Access Manager for e-business version 6.1 IBM Tivoli Access Manager for e-business version 6.1.1 IBM Security Access Manager for Web version 7 software Remediation/Fixes Product VRMF APAR Remediation IBM Security Access Manager for Web 7.0 (software) IV93303 Apply Interim Fix 30: 7.0.0-ISS-SAM-IF0030 For IBM Tivoli Access Manager version 6.1.1 and 6.1, IBM recommends either upgrading to the fixed IBM Security Access Manager version 7 release above, or refer to the mitigation steps in the following section to protect against this vulnerability. For IBM Security Access Manager 7.0 software environments, you can apply the interim fix above to protect against this vulnerability. Alternatively, you can follow the manual mitigation steps described for ISAM 7 environments in the following section. For IBM Tivoli Access Manager for e-business 6.0, IBM recommends upgrading to a supported release of the product. Workarounds and Mitigations The Sweet32 Birthday vulnerability only affects Triple DES Ciphers. Specifically, it affects the following ciphers: - - TLS_RSA_WITH_3DES_EDE_CBC_SHA - - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA In the reverse proxy configuration file, these ciphers are collectively known as DES-168. The Sweet32 Birthday vulnerability only comes into effect when one of the DES-168 ciphers is used and more than 32G data is sent over a single connection. If single connections are not transferring more than 32G of data (or not using one of above ciphers) then no action is required. Otherwise, DES-168 ciphers need to be disabled to prevent exposure to Sweet32 Birthday attacks. Disabling DES-168 Check whether your Access Manager Runtime configuration includes either of the following settings: - - FIPS mode is enabled (versions 6.1, 6.1.1, 7.0), or - - The SSL compliance setting (ISAM 7 only) is set to either NSA Suite B 128 or NSA Suite B 192 If so, you must check that 'SSL Quality of Protection management' either isn't enabled or doesn't allow DES-168 ciphers in each of the reverse proxy configuration files. The Access Manager Runtime configuration is stored in pd.conf. On Unix/Linux systems, this configuration file is located at /opt/PolicyDirector/etc/pd.conf. On Windows, this configuration file is located at <isam installdir>\PolicyDirector\etc\pd.conf. In TAMeb 6.1 and 6.1.1 environments, you can check the FIPS mode enabled setting, ssl-enable-fips, in the Runtime configuration file: ssl-enable-fips = yes In IBM Security Access Manager 7.0 software environments, you can check whether the ssl-compliance setting has been set to either FIPS, suite-b-128 or suite-b-192: ssl-compliance = fips or ssl-compliance = suite-b-128 or ssl-compliance = suite-b-192 If you have FIPS mode enabled (versions 6.1, 6.1.1 and 7.0) or one of the above ssl-compliance settings in an ISAM 7 software environment, you must ensure that the 'SSL Quality of Protection management' is either disabled or doesn't allow DES-168 ciphers. In all other environments (with FIPS and NSA Suite B disabled), make sure 'SSL Quality of Protection management' is enabled and doesn't enable DES-168 ciphers in each of the reverse proxy configuration files. The 'SSL Quality of Protection management' setting is located in the WebSEAL configuration file (webseald-<instance>.conf). [ssl-qop] ssl-qop-mgmt = yes If ssl-qop-mgmt is enabled (ssl-qop-mgmt = yes) then the allowed ciphers and the order in which the ciphers will be negotiated are specified in the [ssl-qop-mgmt-default] stanza. Make sure that Triple DES (both DES-168 and FIPS-DES-168) are not in the list of allowed ciphers. Note: The order of ciphers in the list is the order in which the ciphers will be negotiated. Remove the *DES* ciphers from the [ssl-qop-mgmt-default] stanza. For example: Before [ssl-qop-mgmt-default] default = AES-128 default = DES-168 default = FIPS-DES-168 default = AES-256 After [ssl-qop-mgmt-default] default = AES-128 default = AES-256 You must also update the [ssl] cipher specs for the Policy Server (in ivmgrd.conf) and Authorization Servers (in <instance>-ivacld.conf) Update the following entries in the [ssl] stanza to include only acceptable ciphers. [ssl] tls-v12-cipher-specs tls-v11-cipher-specs tls-v10-cipher-specs ssl-v3-cipher-specs (if using SSLv3 which is not recommended*) *Note: The use of SSLv3 is not recommended due to known vulnerabilities. See http://www-01.ibm.com/support/docview.wss?uid=swg21691605. TLS v1.2 The SSL TLS v1.2 ciphers affected by the Sweet32 birthday vulnerability are TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA and TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA If ssl-compliance is either NSA Suite B 128 or NSA Suite B 192 then the above ciphers are disabled. Otherwise, you need to ensure that they are not included in the configured list of TLS v1.2 cipher specs. For example, set: tls-v12-cipher-specs = TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Note: The Suite B Allowed TLSV12 CipherSpecs are TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS v1.1 The TLS v1.1 cipher affected by the Sweet32 birthday vulnerability is TLS_RSA_WITH_3DES_EDE_CBC_SHA. To disable this cipher, ensure it does not appear in the configured list of TLS v1.1 cipher specs. For example, set: tls-v11-cipher-specs = TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA TLS v1.0 The TLS v1.0 cipher affected by the Sweet32 birthday vulnerability is TLS_RSA_WITH_3DES_EDE_CBC_SHA. To disable this cipher, ensure it does not appear in the configured list of TLS v1.0 cipher specs. For example, set: tls-v10-cipher-specs = TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA SSLv3 The SSL v3 cipher affected by the Sweet32 birthday vulnerability is TLS_RSA_WITH_3DES_EDE_CBC_SHA To disable this cipher, ensure that it does not appear in the configured list of SSLv3 ciphers, as specified by the ssl-v3-cipher-specs configuration entry. Note however that the use of SSLv3 and the associated ssl-v3-cipher-specs configuration entry is not recommended due to other known vulnerabilities such as POODLE. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 24 May 2017: Original version published. *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWTYJ1Ix+lLeg9Ub1AQhJ7g//XTsLyrHoVu/epDlJTWRgIpLKQrGMZnor hwQF/1p3cLR7wfMwBdVnDlxaYsyevrzNrHKqUeYM9KUjmNCPO72qpKUfIIvfIf/G OTb7lm9klLDeV5fjUOZ/PnZLXs0YWUOO6TjYA6/M611jFstIEz1BQ5kROwRyp/y6 AZXCC5l+rZj7DDNH/N7tNljojQOMqlAHNSDZt49bupqZv3eFI3F2NHm30I2p1mJG 09cusQ3QFdEdGYj9nkLnT4q8Mh8VPfvCu8QN5h12V4+7NJPOA/lg9EED0E9+b0+W C5DND2EqBCIWIc7nWW0jEOIa2k1XvyXAVyaWWRHQ0rKiR5HKIOr4Dg+lcVPwxnPT 0TPNZExYRqyNpAdbN/OU5Ik70+BL1D3agQin6jHb4zLEGCgXQiVJ8StsK1WTFmVJ FJRlA6Q/sqLMqTHkOVna9XA6sm+i57HMb9oetlgRdx2qpePQxD0g/FagroJdQ/rr 32jWEgksr1gksC2B2EQDXE/lDtp5TNrTSIsR+Gu7NNVgAAjEeVAq9bs2zKpSYU0X x/r8872nS5wASuvQPe3g8jl4VzhTGRZo+R73BsWyX4qkJCxm0rUgyqS2weE3eX6X POXCs3oLzoA2TzhvMGStD/27G9CUMLfsP7iL3v/Tuq6g+nMtyuwJOptK5wXT6/Yg LWZpzVUvH/I= =Qn2H -----END PGP SIGNATURE-----