Riverbed products affected by OpenSSL Security Advisory CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, & CVE-2014-3568 (POODLE and other vulnerabilities)

Categories: Product, Security
Solution Number: S25160

Issue

The National Institutes of Standards and Technology has issued multiple CVE notices for vulnerabilities found OpenSSL. OpenSSL is a common component of most Linux distributions and is thus included in several Riverbed products. For more information, please refer to the following.

SRTP memory leak. A flaw in the DTLS SRTP extension package allows an attacker to cause a denial of service attack via a carefully-crafted handshake message.

POODLE attack. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack.

Session ticket memory leak. A flaw in the session ticket integrity check mechanism allows an attacker to cause a denial of service attack by sending a large number of invalid session tickets.

Incomplete no-ssl3 build option. When OpenSSL is configured with "no-ssl3" as a build option, the option was effectively ignored, and SSL 3.0 was still allowed.

Solution

SteelHead | SteelCentral | SteelFusion | SD-WAN | Websites | Riverbed open source | Xirrus WiFi


SteelHead products 

Product Status Fixed Release (expected release date)
SteelHead CX (appliance, virtual, cloud) 8.6.1a, 8.6.0a, 8.5.2c 8.6.2, 8.5.3c
SteelHead Interceptor 4.5.0b, 4.5.0a 4.5.1a
SteelCentral Controller for SteelHead Not Vulnerable  
SteelCentral Controller for SteelHead Mobile Not Vulnerable  

 

  • SRTP memory leak: not vulnerable. Neither the management console nor the optimization engine use DTLS.
  • “Poodle” attack: the various elements of SteelHead are individually considered below.
    •   Management interface: not vulnerable in the default configuration. SSL 3.0 is no longer the default protocol for the management interface on current software versions. To verify your setting, open the CLI, run “show web”, and look for “SSLv3 enabled: no”. You can disable it on current and prior versions with the command “no web ssl protocol sslv3”.
    • Inner channel: not vulnerable. Secure peering uses TLSv1 which is immune to Poodle. A downgrade isn’t possible because the software never attempts retries with lower TLS/SSL versions. The inner channel negotiation is always independent of whatever a client may attempt.
    • Client connections: vulnerable. An attacker may force a client to downgrade from any TLS version to SSL 3.0. Note that this is confined to attackers on the LAN (internal) side of the SteelHead; attacks over the WAN aren’t possible. A fix for the vulnerable version of OpenSSL will be included in the next scheduled software release; this fix implements TLS_FALLBACK_SCSV to prevent downgrade attacks. Please check the download page for availability.
  • Session ticket memory leak and Incomplete no-ssl3 build option: vulnerable. A fix will be included in the next scheduled software release. Please check the download page for availability.

Back to top


SteelCentral products

Product Status Fixed release (expected release date)
AirPcap driver Pending  
AppCapacity Pending  
AppInternals Pending  
AppMapper Pending  
AppResponse Pending  
AppSQL Pending  
Dashboards Pending  
Flow Gateway Pending  
Modeler Pending  
NetAuditor Pending  
NetCollector Pending  
NetExpress Pending  
NetPlanner Pending  
NetProfiler Pending  
NetSensor Pending  
NetShark Vulnerable  
Packet Analyzer Pending  
Portal Pending  
Report Server Pending  
Transaction Analyzer Pending  
UCExpert Pending  
WebAnalyzer Pending  


NetShark

  • SRTP memory leak: vulnerable. NetShark does not use DTLS, but the version of OpenSSL shipping with NetShark is compiled with support for SRTP, so the memory leak is still possible. A fix will be included in the next scheduled software release. Please check the download page for availability.
  • "Poodle" attack: vulnerable. The current workaround is to switch the software to FIPS mode, in which SSL 3.0 is not available. If the "NetProfiler Export" feature is enabled, ensure that all NetProfilers receiving the export reports also have been switched to FIPS mode. Riverbed is still investigating whether to completely disable SSL 3.0 in a future fix or turn it off in the default configuration but still permit customers to enable it if necessary.
  • Session ticket memory leak: vulnerable. A fix will be included in the next scheduled software release. Please check the download page for availability.
  • Incomplete no-ssl3 build option: vulnerable. The current workaround is to switch the software to FIPS mode, in which SSL 3.0 is not available. If the "NetProfiler Export" feature is enabled, ensure that all NetProfilers receiving the export reports also have been switched to FIPS mode. A fix will be included in the next scheduled software release. Please check the download page for availability.

AppResponse

  • "Poodle" attack: AppResponse does not employ OpenSSL's server interface. However, a newer version without the vulnerability (openssl-1.0.1j) has been incorporated to simplify security audits of ARX devices.

Other products are currently under investigation.

Back to top


SteelFusion products

Product Status Fixed Release (expected release date)
SteelFusionCore (appliance, virtual) Not Vulnerable  
SteelFusion Edge Not Vulnerable  
SteelHead EX  3.5.1a, 3.0.0, 3.1.2 3.1.3a, 3.1.0-mainline, 3.5.3a

 

Back to top


SD-WAN products

Product Status Fixed Release (expected release date)
SteelCloud Manager Not Vulnerable  
Gateway Not Vulnerable  
Access Point Not Vulnerable  
Switch Not Vulnerable  

 

Back to top


Xirrus WiFi

Background
CVE-­2014-­3566 colloquially referred to as the “POODLE attack”, refers to a way to exploit the TLS to SSL fallback mechanism. The US Government National Vulnerability Database has rated the POODLE vulnerability as 4.3/10 for severity and “Medium” in terms of complexity -­‐ meaning it is not very severe and not very easy to exploit.

Transport Layer Security (TLS) and Secure Socket Layer (SSL) are security protocols used in client and server applications for securing communications. SSL 3.0 is an obsolete and relatively insecure protocol that has been replaced by its successors TLS 1.0, TLS 1.1 and TLS 1.2. To ensure smooth user experience and backward compatibility many applications implement a “protocol handshake” that allows the client and server to negotiate on a latest version and security protocol that is supported by both client and server. To work with legacy systems, many TLS clients implement a “downgrade dance” where they first offer the highest protocol version supported by the client and if that fails, retry with earlier protocol versions. This downgrade can also be triggered by network glitches or by active attackers, maliciously causing the client to use SSL 3.0 and thereby exploit the vulnerabilities in it.

Disabling SSL 3.0 in the client or in the server or both can eliminate the POODLE vulnerability. If either side supports only SSL 3.0, then the vulnerability exists. If disabling SSL 3.0 is not practical (in order to work with legacy systems), then the TLS_FALLBACK_SCSV mechanism (as documented in draft‐ietf­‐tls-­downgrade‐scsv-­00) must be implemented.

What must be done to clients (laptops, tablets, phones, etc.) to remediate this issue?
Various browsers, web applications and mobile applications commonly use TLS and SSL. Check with the vendors for specific applications on steps to address this vulnerability.

What server side actions can be taken to remediate this issue?
Most web servers that secure communications support TLS and/or SSL. Please check with your specific web server vendors on steps to address this vulnerability.

Which Xirrus products are affected?
The following table summarizes the Xirrus products affected and the plan to address this vulnerability

Product affected Version this will be addressed in
XR APs 500/600/1K/2K/4K/6K/7K AOS version 7.2 – Dec 2014
XN modular APs AOS version 6.4.8 – Dec 2014
XMS-­Enterprise Version 7.2 – Dec 2014
XMS-­Cloud Version 8.4 – Nov 2014
XMS-­Enterprise in the Cloud Version 7.2 –Dec 2014
Xirrus Wi-­Fi Designer­‐Cloud Version 1.6 – Dec 2014


Xirrus holds the security of our customers in the highest regard.  Should you have any other questions or concerns about this vulnerability, please contact Xirrus Support at support@xirrus.com or via telephone at one the following numbers:

United States and Canada +1.800.947.7871 (US Toll Free) or +1.805.262.1600 (Direct)
Europe, Middle East, and Africa +44.20.3239.8644
Australia 1.300.947.787 (Within Australia)
Asia and Oceania +61.2.8006.0622
Latin, Central, and South America +1.805.262.1600
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Last Modified: 2017-12-04
Can't find an answer? Create a case