Reset Search
 

 

Article

VN 2016 004 DROWN (CVE-2016-0800)

« Go Back

Vulnerability Notice

 
Vulnerability Summary
A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.  Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800).

Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if they have not done so already. Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed.  Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers.

This is explained in the March 1, 2016 Open SSL Security Advisory 

Background (From CVE Project)
CVE-2016-0800
   Release Date: March 1, 2016
   CVSS v2 base score:  4.3  (Medium)

Impact 
Cross-protocol attack that could lead to decryption of TLS sessions
Products Potentially Affected
The following is the vulnerability status of the software products supported by Extreme Networks for this issue:
 
ExtremeXOS (all products)Yes 
A, B, C, D, G, I and 800 Series Fixed SwitchesNo
IDS/IPS No
IdentiFi WirelessFixed
N, K, SSA, and S Modular SwitchesNo
NetSightNo
NAC (IA)No
PurviewNo
Ridgeline Investigating
Security Information & Event ManagerInvestigating 
Summit WM3000 SeriesNo
X-Series Secure Core Router Investigating 
XSR (X-Pedition Security Router)Investigating 
Impact Details
ExtremeXOS (all products)
  • Vulnerable Yes / No: Yes
  • Vulnerable Component: THTTPD / SSL module
  • Describe conditions when component Vulnerability occurs(why/when/how): All SSLv2 ciphers are disabled, but SSLv2 protocol is enabled on EXOS. Since EXOS is vulnerable to CVE-2015-3197, SSLv2 ciphers can still be negotiated, which renders the switch vulnerable.
  • Product version(s) affected: All XOS versions
  • Workaround: XOS is not vulnerable if the switch is not running  SSH.xmod  or if the customer has disabled SSL.
  • Target Fix Release: 22.1.1, 21.1.2,  16.2.1  (fix verified; code releases through YE 2016)
A, B, C, D, G, I and 800 Series Fixed Switches
  • Vulnerable Yes / No: No;  SSL v2 not supported
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
IDS/IPS
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
IdentiFi Wireless​
Extreme Networks Wireless Controllers:
  • Vulnerable Yes / No: No
  • Vulnerable Component:NA
  • Describe conditions when component Vulnerability occurs(why/when/how):  Weak Ciphers must be disabled to avoid this vulnerability. Under the Wireless Controller GUI -> Controller -> Network -> Secure Connections:  ensure the 'Enable Weak Ciphers' checkbox is NOT checked. When this option is unchecked, SSLv2 is disabled.
  • Product version(s) affected: NA
  • Workaround:
  • Target Fix Release: NA
  • Target Month for Fix Release: NA
Extreme Networks Wireless 26xx and 36xx series APs
  • Vulnerable Yes/ No: No
  • Vulnerable Component: NA
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected: NA
  • Workaround:
  • Target Fix Release: NA
Extreme Networks Wireless 37xx, 38xx and 39xx series APs
  • Vulnerable Yes/ No: Yes  -  Fixed
  • Vulnerable Component: openssl
  • Describe conditions when component Vulnerability occurs(why/when/how):  CVE-2016-0800
  • Product version(s) affected: 10.01.01 - 10.01.03
  • Workaround:  none
  • Fixed In:  10.01.04, and 10.11.01
N, K, SSA, and S Modular Switches
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how): Product versions prior to 8.60 do not support SSL / TLS. Starting with release 8.60 the product can act as an SSL / TLS client, but both SSLv2 and SSLv3 are disabled.
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
NetSight
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
NAC
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
Purview
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
Ridgeline
  • Vulnerable Yes / No: Investigating
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
Security Information & Event Manager
  • Vulnerable Yes / No: Investigating
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
  •  
Summit WM3000 Series
  • Vulnerable Yes / No: No
  • Vulnerable Component: none;  sslv2 disabled
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
X-Series Secure Core Router
  • Vulnerable Yes / No: Investigating
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
XSR (X-Pedition Security Router)
  • Vulnerable Yes / No: Investigating
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
Repair Recommendations
The resolution to any threat or issue is dependent upon a number of things, including the setup of the computer network and how the local IT team wants to address the situation. Accordingly, in addition to updating the software as recommended in this document, the local IT team will need to analyze and address the situation in a manner that it determines will best address the set-up of its computer network. Update the software, identified in this Notice, in your Extreme Networks products by replacing it with the latest releases from Extreme Networks including those listed above.

Firmware and software can be downloaded from www.extremenetworks.com/support.
Legal Notice
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255