Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.1419
Security Bulletin: IBM Tivoli Access Manager for e-business and IBM
Security Access Manager for Web software releases are affected by a
vulnerability known as the SWEET32 Birthday attack (CVE-2016-2183)
6 June 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Security Access Manager for Web
Publisher: IBM
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-2183
Reference: ASB-2017.0074
ASB-2017.0028
ESB-2016.2239.2
ESB-2016.2238
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg22003558
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM Tivoli Access Manager for e-business and IBM Security
Access Manager for Web software releases are affected by a vulnerability
known as the SWEET32 Birthday attack (CVE-2016-2183)
Document information
More support for: IBM Security Access Manager for Web
Software version: 6.1, 6.1.1, 7.0
Operating system(s): Platform Independent
Reference #: 2003558
Modified date: 05 June 2017
Security Bulletin
Summary
The IBM Tivoli Access Manager for e-business and IBM Security Access Manager
for Web software releases are affected by the SWEET32 Birthday attack
vulnerability, which could allow an attacker to obtain sensitive information.
Vulnerability Details
CVEID: CVE-2016-2183
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by an error in the DES/3DES cipher, used as a part of the
SSL/TLS protocol. By capturing large amounts of encrypted traffic between
the SSL/TLS server and the client, a remote attacker able to conduct a
man-in-the-middle attack could exploit this vulnerability to recover the
plaintext data and obtain sensitive information. This vulnerability is
known as the SWEET32 Birthday attack.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Tivoli Access Manager for e-business version 6.1
IBM Tivoli Access Manager for e-business version 6.1.1
IBM Security Access Manager for Web version 7 software
Remediation/Fixes
Product VRMF APAR Remediation
IBM Security Access Manager for Web 7.0 (software) IV93303 Apply Interim Fix 30:
7.0.0-ISS-SAM-IF0030
For IBM Tivoli Access Manager version 6.1.1 and 6.1, IBM recommends either
upgrading to the fixed IBM Security Access Manager version 7 release above,
or refer to the mitigation steps in the following section to protect
against this vulnerability.
For IBM Security Access Manager 7.0 software environments, you can apply
the interim fix above to protect against this vulnerability. Alternatively,
you can follow the manual mitigation steps described for ISAM 7 environments
in the following section.
For IBM Tivoli Access Manager for e-business 6.0, IBM recommends upgrading
to a supported release of the product.
Workarounds and Mitigations
The Sweet32 Birthday vulnerability only affects Triple DES
Ciphers. Specifically, it affects the following ciphers:
- - TLS_RSA_WITH_3DES_EDE_CBC_SHA
- - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
In the reverse proxy configuration file, these ciphers are collectively
known as DES-168.
The Sweet32 Birthday vulnerability only comes into effect when one of
the DES-168 ciphers is used and more than 32G data is sent over a single
connection. If single connections are not transferring more than 32G of data
(or not using one of above ciphers) then no action is required.
Otherwise, DES-168 ciphers need to be disabled to prevent exposure to
Sweet32 Birthday attacks.
Disabling DES-168
Check whether your Access Manager Runtime configuration includes either
of the following settings:
- - FIPS mode is enabled (versions 6.1, 6.1.1, 7.0), or
- - The SSL compliance setting (ISAM 7 only) is set to either NSA Suite B
128 or NSA Suite B 192
If so, you must check that 'SSL Quality of Protection management' either
isn't enabled or doesn't allow DES-168 ciphers in each of the reverse
proxy configuration files.
The Access Manager Runtime configuration is stored in pd.conf. On
Unix/Linux systems, this configuration file is located at
/opt/PolicyDirector/etc/pd.conf. On Windows, this configuration file is
located at <isam installdir>\PolicyDirector\etc\pd.conf.
In TAMeb 6.1 and 6.1.1 environments, you can check the FIPS mode enabled
setting, ssl-enable-fips, in the Runtime configuration file:
ssl-enable-fips = yes
In IBM Security Access Manager 7.0 software environments, you can check
whether the ssl-compliance setting has been set to either FIPS, suite-b-128
or suite-b-192:
ssl-compliance = fips
or
ssl-compliance = suite-b-128
or
ssl-compliance = suite-b-192
If you have FIPS mode enabled (versions 6.1, 6.1.1 and 7.0) or one of the
above ssl-compliance settings in an ISAM 7 software environment, you must
ensure that the 'SSL Quality of Protection management' is either disabled
or doesn't allow DES-168 ciphers.
In all other environments (with FIPS and NSA Suite B disabled), make sure
'SSL Quality of Protection management' is enabled and doesn't enable
DES-168 ciphers in each of the reverse proxy configuration files.
The 'SSL Quality of Protection management' setting is located in the
WebSEAL configuration file (webseald-<instance>.conf).
[ssl-qop]
ssl-qop-mgmt = yes
If ssl-qop-mgmt is enabled (ssl-qop-mgmt = yes) then the allowed ciphers
and the order in which the ciphers will be negotiated are specified in the
[ssl-qop-mgmt-default] stanza.
Make sure that Triple DES (both DES-168 and FIPS-DES-168) are not in the
list of allowed ciphers.
Note: The order of ciphers in the list is the order in which the ciphers
will be negotiated.
Remove the *DES* ciphers from the [ssl-qop-mgmt-default] stanza.
For example:
Before
[ssl-qop-mgmt-default]
default = AES-128
default = DES-168
default = FIPS-DES-168
default = AES-256
After
[ssl-qop-mgmt-default]
default = AES-128
default = AES-256
You must also update the [ssl] cipher specs for the Policy Server (in
ivmgrd.conf) and Authorization Servers (in <instance>-ivacld.conf)
Update the following entries in the [ssl] stanza to include only acceptable
ciphers.
[ssl]
tls-v12-cipher-specs
tls-v11-cipher-specs
tls-v10-cipher-specs
ssl-v3-cipher-specs (if using SSLv3 which is not recommended*)
*Note: The use of SSLv3 is not recommended due to known vulnerabilities. See
http://www-01.ibm.com/support/docview.wss?uid=swg21691605.
TLS v1.2
The SSL TLS v1.2 ciphers affected by the Sweet32 birthday vulnerability
are TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
and TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
If ssl-compliance is either NSA Suite B 128 or NSA Suite B 192 then the
above ciphers are disabled.
Otherwise, you need to ensure that they are not included in the configured
list of TLS v1.2 cipher specs.
For example, set:
tls-v12-cipher-specs = TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Note: The Suite B Allowed TLSV12 CipherSpecs
are TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS v1.1
The TLS v1.1 cipher affected by the Sweet32 birthday vulnerability is
TLS_RSA_WITH_3DES_EDE_CBC_SHA.
To disable this cipher, ensure it does not appear in the configured list
of TLS v1.1 cipher specs.
For example, set:
tls-v11-cipher-specs =
TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
TLS v1.0
The TLS v1.0 cipher affected by the Sweet32 birthday vulnerability is
TLS_RSA_WITH_3DES_EDE_CBC_SHA.
To disable this cipher, ensure it does not appear in the configured list
of TLS v1.0 cipher specs.
For example, set:
tls-v10-cipher-specs =
TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
SSLv3
The SSL v3 cipher affected by the Sweet32 birthday vulnerability is
TLS_RSA_WITH_3DES_EDE_CBC_SHA
To disable this cipher, ensure that it does not appear in the
configured list of SSLv3 ciphers, as specified by the ssl-v3-cipher-specs
configuration entry. Note however that the use of SSLv3 and the associated
ssl-v3-cipher-specs configuration entry is not recommended due to other
known vulnerabilities such as POODLE.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
24 May 2017: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency
and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT
WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING
THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWTYJ1Ix+lLeg9Ub1AQhJ7g//XTsLyrHoVu/epDlJTWRgIpLKQrGMZnor
hwQF/1p3cLR7wfMwBdVnDlxaYsyevrzNrHKqUeYM9KUjmNCPO72qpKUfIIvfIf/G
OTb7lm9klLDeV5fjUOZ/PnZLXs0YWUOO6TjYA6/M611jFstIEz1BQ5kROwRyp/y6
AZXCC5l+rZj7DDNH/N7tNljojQOMqlAHNSDZt49bupqZv3eFI3F2NHm30I2p1mJG
09cusQ3QFdEdGYj9nkLnT4q8Mh8VPfvCu8QN5h12V4+7NJPOA/lg9EED0E9+b0+W
C5DND2EqBCIWIc7nWW0jEOIa2k1XvyXAVyaWWRHQ0rKiR5HKIOr4Dg+lcVPwxnPT
0TPNZExYRqyNpAdbN/OU5Ik70+BL1D3agQin6jHb4zLEGCgXQiVJ8StsK1WTFmVJ
FJRlA6Q/sqLMqTHkOVna9XA6sm+i57HMb9oetlgRdx2qpePQxD0g/FagroJdQ/rr
32jWEgksr1gksC2B2EQDXE/lDtp5TNrTSIsR+Gu7NNVgAAjEeVAq9bs2zKpSYU0X
x/r8872nS5wASuvQPe3g8jl4VzhTGRZo+R73BsWyX4qkJCxm0rUgyqS2weE3eX6X
POXCs3oLzoA2TzhvMGStD/27G9CUMLfsP7iL3v/Tuq6g+nMtyuwJOptK5wXT6/Yg
LWZpzVUvH/I=
=Qn2H
-----END PGP SIGNATURE-----