OpenSSL ciphersuite downgrade attack (CVE-2010-4180)

Back to all Security AdvisoriesSubscribe
Security Advisories ID: 
SA53
Published Date: 
January 31, 2011
Advisory Status: 
Final
Advisory Severity: 
High
CVSS v2 base score 7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C)
CVE Number: 
CVE-2010-4180 - CVSS v2 base score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

A flaw in OpenSSL exists that allows an attacker to decrease the cryptographic strength of an SSL/TLS session. An attacker can use this flaw to view unencrypted SSL/TLS session data including administrative authentication credentials.

Affected Products: 

The following products are vulnerable.

CacheFlow

All versions prior to 2.1.4.7 are vulnerable.

Only SSL/TLS connections used for management are vulnerable to this attack.

Director

All versions of Director prior to 5.5.1.2 are vulnerable.

PacketShaper/PolicyCenter

All versions of PacketShaper and PolicyCenter prior to 8.7.1 are vulnerable.

Only SSL/TLS connections used for management are vulnerable to this attack.  Due to the manner in which authentication is performed, authentication credentials cannot be obtained by an attacker.  Thus the severity is MEDIUM with a CVSS v2 base score of 4.3 (AV:A/AC:M/Au:N/C:P/I:P/A:N).

ProxyAV

All versions of ProxyAV prior to 3.3.1.9 are vulnerable.

SSL/TLS connections used for management and for secure ICAP with ProxySG are vulnerable to this attack.

ProxyOne

All versions of ProxyOne are vulnerable.

Only SSL/TLS connections used for management are vulnerable to this attack.

ProxySG

All versions of ProxySG prior to 6.1.2.1 are vulnerable.

SSL/TLS connections where ProxySG is acting as a server are vulnerable to attack.  This includes connections used for forward proxy, reverse proxy, and management.

Reporter

All versions of Reporter for Windows prior to 9.4 are vulnerable.  All versions of Virtualized Reporter are vulnerable.  Reporter for Linux is not vulnerable as it uses the OpenSSL provided by the customer installed Linux distribution.

All SSL/TLS connections are vulnerable.

The following products are not vulnerable.

IntelligenceCenter

IntelligenceCenter does not use OpenSSL.

K9

K9 uses the on-platform SSL/TLS libraries provided by Microsoft.

ProxyClient

While ProxyClient does use OpenSSL, it does not act as a server in SSL/TLS connections.

Advisory Details: 

SSL/TLS sessions are established with a cipher suite that is negotiated based on the supported algorithms of the client and server.  Once established, a session that becomes idle can be resumed for a pre-configured amount of time to eliminate the high cost of session instantiation.  At any point, the cipher suite can be renegotiated by either the client or server.

The flaw in OpenSSL allows an attacker to force a change in the cipher suite when the client resumes a session if the server is vulnerable.  The attacker must choose a cipher suite that the client supports.  Another flaw in OpenSSL versions prior to 0.9.8j allows an attacker to change the cipher suite to any cipher suite supported by OpenSSL even if the server was configured not to use it.  In the worst case scenario, the cipher suite chosen by the attacker is limited only by the security employed on the client.

Clients and browsers that support weak ciphersuites are at most risk for ciphersuite downgrade.  In such cases, the ciphersuite can be changed to use weak algorithms that can be easily compromised by an attacker allowing the connection data to be decrypted more easily by the attacker.

Vulnerable Blue Coat products acting as a server in an SSL/TLS connection are at risk.  Products acting as a client are not at risk.  The most vulnerable connections are those used for managing Blue Coat products.  These connections may contain an administrator's authentication data that can be used to gain complete control over the vulnerable Blue Coat product.  Other connections may also contain sensitive information.

Workarounds: 

Customers are encouraged to upgrade and apply all current patches to clients and browsers that connect to vulnerable Blue Coat products over SSL/TLS. This ensures that the ciphersuites that an attacker can use are limited to those that are more difficult to compromise.

Patches: 

CacheFlow
CacheFlow 2.1 -  a fix is available in 2.1.4.7.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/3724.

Director
Director 5.5 - an interim fix is available in 5.5.1.2.  The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/patch/80567223776478498077724775698005.  Customers are urged to upgrade to the next maintenance release that includes this fix. This Security Advisory will be updated when the maintenance release is available.

Director 5.4 and earlier - please upgrade to a later version.

PacketShaper/PolicyCenter
PacketShaper and Policy Center 8.7 - a fix is available in 8.7.1.  The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/32.

PacketShaper and Policy Center 8.6 - please upgrade to a later version.

PacketShaper and Policy Center 8.5 - a fix is available in 8.5.6.  The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/32.

PacketShaper and Policy Center 8.4 and earlier - please upgrade to a later version.

ProxyAV
ProxyAV 3.4 - a fix is available in 3.4.1.1.  The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/4.

ProxyAV 3.3 and earlier - please upgrade to a later version.

ProxyOne - no fix will be provided.

ProxySG
ProxySG 6.1 - a fix is available in 6.1.2.1.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/5351.

ProxySG 5.5 - a fix is available in 5.5.4.1.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/41.

ProxySG 5.4 - a fix is available in 5.4.6.1.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/17.

ProxySG 5.3 - please upgrade to a later release.

ProxySG 4.3 - an interim fix is available in SGOS 4.3.4.2 patch release.  The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/patch/77887199809178137864777273807520.

Reporter
Reporter 9.3 for Windows - a fix is available in 9.3.3.2.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/8793.

Virtual Reporter 9.4 - a fix will not be provided.

Virtual Reporter 9.3 - a fix will not be provided.

References: 

National Vulnerability Database information:  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4180

OpenSSL Security Advisory:  http://www.openssl.org/news/secadv_20101202.txt

Advisory History: 

2015-01-20 Virtual Reporter versions were not fixed; marked as final.
2012-12-11 Reporter for Windows and Virtual Reporter have been found vulnerable. Notification of fixes are added for Reporter.
2012-04-12 Notification of a fix in PacketShaper/PolicyCenter 8.5.6.
2012-01-17 Notification that no fixes will be provided for ProxyOne or ProxySG 5.3.
2011-12-02 Notification of a fix for ProxyAV 3.4.  ProxyAV 3.3 interim fix removed from patch list.
2011-11-04 Notification of an interim fix for ProxyAV 3.3.
2011-10-19 Noted that Reporter is not vulnerable.
2011-10-07 Clarification of the versions that are vulnerable based on fixes released.  Notification of a fix in PolicyCenter 8.7.
2011-08-31 Notification of a fix in PacketShaper 8.7.
2011-06-29 Notification of an interim fix in patch release of Director 5.5.
2011-05-25 Notification of fix in a patch release of ProxySG version 4.3.4.2.
2011-02-03 Reduced PacketShaper/PolicyCenter severity and CVSS score.
2011-02-02 Added PacketShpaer/PolicyCenter as a vulnerable product.
2011-02-02 Added Reporter as a vulnerable product.  Added a patch for ProxySG 5.5.  Provided clarification about which connections are vulnerable for ProxyAV.
2011-02-01 Initial public release