POODLE Attack

Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered

this SSL(Secure Socket Layer) vulnerability in September 2014.The POODLE

(Padding Oracle On Downgraded Legacy Encryption) attack are not serious as the

Heartbleed and Shellshock attacks.On December 8, 2014 a variation of the

POODLE vulnerability that impacted TLS was announced.
The CVE ID’s(CVE-2014-3566 and CVE-2014-8730) associated with the original

POODLE attack and F5 Networks’ faulty implementation of TLS that allows

POODLE.

There is currently no fix for the vulnerability SSL 3.0.To mitigate the POODLE

attack,completely disable SSL 3.0 on the Server and client side.But, some old

clients and servers do not support TLS 1.0 and above. Thus,for such clients

browser and server better to implement TLS_FALLBACK_SCSV.

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Browser enabled
===============
Opera 25 has implemented this mitigation in addition to TLS_FALLBACK_SCSV.
Chrome 39,already support TLS_FALLBACK_SCSV.
Mozilla has disabled SSL 3.0 in Firefox 34 and ESR 31.3, which were released

in December 2014, and will add support of TLS_FALLBACK_SCSV in Firefox 35.
Microsoft announced the plan to disable SSL 3.0 by default in their products

and services and a fix for to disable SSL 3.0 in Internet Explorer and Windows

OS.
Apple’s Safari (on OS X 10.8, iOS 8.1 and later) has been mitigated against

POODLE by removing support for all CBC protocols in SSL 3.0.

Service providers status
————————
OpenSSL has added support for TLS_FALLBACK_SCSV to their latest versions and

recommend the following upgrades
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.OpenSSL 0.9.8 users should

upgrade to 0.9.8zc.

Both clients and servers need to support TLS_FALLBACK_SCSV to prevent

downgrade attacks

Akamai, a popular CDN, has accelerated its deprecation of SSL 3.0.
CloudFlare has disabled SSL 3.0 support by default for all customers.
Twitter and Wikimedia have dropped support of SSL 3.0 to prevent the POODLE

attack.

https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-

poodlebleed

How to check your server&client
===============================
Web site test
https://www.ssllabs.com/ssltest/

Client test
https://www.ssllabs.com/ssltest/viewMyClient.html

Resolutions for Server and Clients
==================================

Disable in Microsoft Server
—————————
Microsoft OS registry disable for SSL
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders

\SCHANNEL\Protocols\SSL 3.0\Server
On the Edit menu, click Add Value.
In the Data Type list, click DWORD.
In the Value Name box, type Enabled, and then click OK.
Type 00000000 in Binary Editor to set the value of the new key equal to “0”

and restart.

CVE-2014-3566 – KB3009008
https://technet.microsoft.com/en-us/library/security/3009008.aspx

How to disable SSLv3 in Apache?
——————————-
Include “SSLProtocol all -SSLv2 -SSLv3 ” within every VirtualHost in

httpd.conf of version 2.2.23

<VirtualHost your.website.example.com:443>
DocumentRoot /var/www/directory
ServerName your.website.example.com


SSLEngine on

SSLProtocol all -SSLv2 -SSLv3

</VirtualHost>

Note : if there is separeate ssl configuration like Ubuntu 10.04
/etc/apache2/mods-available/ssl.conf :
SSLProtocol all -SSLv2 -SSLv3

For httpd version 2.2.22 and older, only specify TLSv1. This is treated as a

wildcard for all TLS versions.

SSLProtocol TLSv1

For Apache + mod_nss, edit /etc/httpd/conf.d/nss.conf to allow only TLS 1.0+.

NSSProtocol TLSv1.0,TLSv1.1

Apache Tomcat Web server
————————
Tomcat 5

Configured via $TOMCAT_HOME/conf/server.xml

<Connector
protocol=”org.apache.coyote.http11.Http11AprProtocol”
port=”8443″ maxThreads=”200″
SSLEnabled=”true” scheme=”https” secure=”true”
SSLCertificateFile=”/usr/local/ssl/server.crt”
SSLCertificateKeyFile=”/usr/local/ssl/server.pem”
clientAuth=”false” sslProtocols = “TLSv1,TLSv1.1,TLSv1.2″ />

Tomcat 6,7

<Connector
protocol=”org.apache.coyote.http11.Http11AprProtocol”
port=”8443″ maxThreads=”200″
SSLEnabled=”true” scheme=”https” secure=”true”
SSLCertificateFile=”/usr/local/ssl/server.crt”
SSLCertificateKeyFile=”/usr/local/ssl/server.pem”
clientAuth=”false” sslEnabledProtocols = “TLSv1,TLSv1.1,TLSv1.2” />

Lighthttpd
————
For Lighttpd 1.4.28+, edit /etc/lighttpd/lighttpd.conf

ssl.use-sslv2 = “disable”

ssl.use-sslv3 = “disable”

Postfix SMTP
————-
Modify the smtpd_tls_mandatory_protocols configuration line.

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

Sendmail
———
Modify the LOCAL_CONFIG section of the sendmail.mc file.

CipherList=HIGH

ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3

+SSL_OP_CIPHER_SERVER_PREFERENCE

ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3

Dovecot
——–
For Dovecot 2.1+, edit /etc/dovecot/local.conf to add the below lines and then

restart Dovecot.

ssl_protocols = !SSLv2 !SSLv3

For Dovecot 2, edit /etc/dovecot/conf.d/10-ssl.conf to add the below lines and

then restart Dovecot.

ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL

Courier-imap
————-
For Ubuntu 12.04, edit /etc/courier/imapd-ssl.

IMAPDSSLSTART=NO

IMAPDSTARTTLS=YES

IMAP_TLS_REQUIRED=1

TLS_PROTOCOL=TLS1

TLS_STARTTLS_PROTOCOL=TLS1

HAProxy Server
—————-
Edit the bind line in your /etc/haproxy.cfb file.

bind :443 ssl crt  ciphers  no-sslv3

Nginx
—–
Modify the ssl_protocols directive to only use TLSv1, TLSv1.1, and TLSv1.2. If

you do not have a ssl_protocols directive, add it to the top of your

configuration file.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

389 Directory Server
——————–
Modify cn=encryption,cn=configA and restart the server.

ldapmodify -x -D “cn=Directory Manager” -W <<EOF

dn: cn=encryption,cn=config

changetype: modify

replace: nsSSL3

nsSSL3: off

Enabling on Browser Settings
—————————-
Chrome:
right click on shortcu and go to properties,and go to end “C:\Program Files

\Google\Chrome\Application\chrome.exe” add type ––ssl-version-min=tls1

IE:
Click on the Settings and then Internet options,advanced tab then security

section,un check SSL and check TLS

Firefox:
download and install the SSL Version Control 0.2 add-on from

https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
Alternatively, you can set the value security.tls.version.min = 1 in the

about:config dialog.

Safari:
Apple has released Security Update 2014-005, which disables CBC-mode ciphers

in coordination with SSLv3.

Mac OS Mavericks: http://support.apple.com/kb/DL1772
MAC OS Mountain Lion: http://support.apple.com/kb/DL1771
MAC OS Yosemite: https://support.apple.com/kb/HT6535

Hardware providers
==================
F5 Networks
———–
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html

A10 Networks
————
https://www.a10networks.com/vadc/index.php/cve-2014-3566-from-beast-to-

poodle-or-dancing-with-beast/

Cisco Networks
—————
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-

sa-20141015-poodle
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_Poodle_10152014

.html

Juniper Networks
—————–
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10656&actp=RSS

Note:POODLE attack against TLS
A new variant of the original POODLE attack was announced on December 8, 2014.

This attack exploits implementation flaws of CBC mode ciphers in the TLS 1.0 –

1.2 protocols. Even though TLS specifications require servers to check the

padding, some implementations fail to validate it properly, which makes some

servers vulnerable to POODLE even if they disable SSL 3.0. SSL Pulse showed

“about 10% of the servers are vulnerable to the POODLE attack against TLS”

before this vulnerability is announced. The CVE ID for F5 Networks’

implementation bug is CVE-2014-8730. The entry in NIST’s NVD states that this

CVE ID is to be used only for F5 Networks’ implementation of TLS, and that

other vendors whose products have the same failure to validate the padding

mistake in their implementations like A10 Networks and Cisco Systems need to

issue their own CVE ID’s for their implementation errors because this is not a

flaw in the protocol itself and is a flaw in the protocol’s implementation.

The POODLE attack against TLS was found to be easier to initiate than the

initial POODLE attack against SSL. There is no need to downgrade clients to

SSL 3.0, requiring less real-world scenarios to appear active.

Advertisements

Posted on December 22, 2014, in General, Networking, Web. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: