Knowledge Search


×
 

2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL "POODLE" vulnerability (CVE-2014-3566)

  [JSA10656] Show Article Properties


Product Affected:
Various products. Please see the list in the Problem section below.
Problem:
The SSL protocol 3.0 (SSLv3) uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack.  This issue is also known as the "POODLE" vulnerability.

SSL v3 is an older security protocol with known issues, but still exists as a fallback protocol on many devices.

Vulnerable Products
  • Junos OS
  • Connect Secure (SA / SSL VPN) / Policy Secure (IC / UAC), MAG Series
  • ScreenOS
  • Junos Space
  • STRM/JSA Series
  • NSM (server and NSM4000, NSM3000, NSMXpress appliance)
  • Standalone IDP
  • Firefly Host (vGW Series)
  • SBR Carrier
  • C Series and SRC
  • WLA Wireless LAN Access Point
  • WLC Wireless LAN Controller
  • RingMaster
  • SmartPass
  • CTPView

Products Not Vulnerable
  • JunosE
  • QFabric Director
  • Juniper owned web servers that provide feature support for ScreenOS and SRX (Deep Inspection (DI), AV, and licensing)

Juniper is continuing to investigate our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated.

This issue has been assigned CVE-2014-3566.

Solution:
Junos:
OpenSSL has been upgraded to 0.9.8zc (pre-Junos OS 13.3) and 1.0.1j (Junos OS 13.3+), adding support for SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV).

The following software releases have been updated to resolve this specific issue: Junos OS 11.4R13, 12.1X44-D45, 12.1X46-D26, 12.1X47-D20, 12.3R9, 12.3X48-D10, 13.2R7, ​13.3R5, 14.1R4, 14.1X53-D20, 14.2R2, and all subsequent releases.

Additionally, SSLv3 has been disabled by default in Junos OS 13.2R8, 13.3R6, 14.1R5, 14.2R3, and all subsequent releases.


Connect Secure (SA / SSL VPN) / Policy Secure (IC / UAC), MAG Series:
Please refer to Pulse Secure TSB16540 for details on mitigating risk from this vulnerability.

ScreenOS:
Starting with ScreenOS 6.3.0r19, SSLv3 can be manually disabled via the 'unset ssl ssl3' CLI command.

Junos Space:
Disable SSLv3 by changing the following files.

/etc/httpd/conf.d/webProxy.conf
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf.d/webConf/webProxyCertAuth.conf
The following line needs to be updated to remove references to SSLv3:

Original:
SSLProtocol -ALL +SSLv3 +TLSv1

Updated:
SSLProtocol -ALL +TLSv1

Restart httpd by typing 'service httpd restart'.

A future release of Junos Space will disable SSLv3 by default.

STRM/JSA Series:
This issue has been resolved in 2013.2.R10 and 2014.4.R2, and all subsequent releases.

NSM (server and NSM3000/NSMXpress appliance):
SSLv3 has been disabled in 2012.2R10 and all subsequent releases.

Standalone IDP:
Modify /etc/httpd/conf/httpd.conf to add -SSLv3 as below and then restart httpd ('service httpd restart').

Old: SSLProtocol all -SSLv2
New: SSLProtocol all -SSLv2 -SSLv3

Firefly Host (vGW Series):
Resolved in upcoming release 6.0R2 of Firefly Host by adding ssl.use-sslv3 = "disable" to configuration.

SBR Carrier:
Resolved in 7.5.0_R-17, 7.6.0_R-16 and 8.0.0_R-8, and all subsequent releases..

C Series and SRC:

Resolved in 4.7.0-R2 and 4.8.0-R1 or later releases.

WLA/WLC Series:
Resolved in MSS_8.0.7, MSS_9.0.6, MSS_9.1.2 and later releases.

CTPView:
Resolved in 7.1R1 by upgrading OpenSSL to 1.0.1m.



IDP Signature:

Juniper has released signature SSL:AUDIT:SSL-V3-TRAFFIC in Sigpack 2430 to detect SSLv3 traffic.


Workaround:
Junos:
Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include:
  • Disabling J-Web
  • Disable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changes
  • Limit access to J-Web and XNM-SSL from only trusted networks

On SRX Series services gateways, Junos Pulse also fetches the configuration file via HTTPS.  To guard against downgrade/SSLv3 MITM attacks, an alternative workaround may be used to disable SSLv3 negotiation:

1. From the root shell:
root@junos% vi /jail/var/etc/httpd.conf

Change the default config of "SSLProtocol ALL -SSLV2" to "SSLProtocol TLSv1"

2. Find the process ID (pid) of httpd and kill/restart it:
root@junos% ps auxw | grep httpd
root@junos% kill -9 (pid of httpd)
OR kill -HUP (pid of httpd)

*Note: This change will not survive reboots.  Additionally, executing the 'restart web-management' CLI command will restart the httpd-gk process which will regenerate the default httpd.conf file, overwriting manual changes. Refer to KB18162 for more information about this workaround.


ScreenOS:
A temporary workaround for the server side of ScreenOS you can disable the HTTPS web user interface and the WebAuth feature. If you disable the HTTPS user interface you would be required to do configuration management over command line (SSH). The command to disable HTTPS is the following:  unset ssl enable

NSM4000, NSM3000, NSMXpress:

For Apache server listening on port 443:

Edit /etc/httpd/conf.d/ssl.conf and change the SSLProtocol entry to:
SSLProtocol all -SSLv2 -SSLv3

and restart HTTPD services.
For webproxy used to download the NSM client on port 8443:
Edit the /usr/netscreen/GuiSvr/lib/webproxy/conf/server.xml

from:
clientAuth="false" sslProtocol="SSL" keystoreFile="VAR-NSROOT-VAR/GuiSvr/lib/webproxy/conf/.webproxy_keystore"
to:
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="VAR-NSROOT-VAR/GuiSvr/lib/webproxy/conf/.webproxy_keystore"
and resart GuiSvr.

RingMaster/SmartPass
Disable SSLv3.  RingMaster and SmartPass use TLSv1 for security on the server side, so clients can use TLSV1 for all HTTPS-based interactions



Client Side Mitigation:
The risk of attack from negotiating or being forced to downgrade to SSLv3 can be completely mitigated by disabling SSLv3 support in the browser.


Implementation:
 
Modification History:
2014-10-15: Initial release
2014-10-15: Added CVSS score
2014-10-16: Suggested client-side mitigation
2014-10-16: Confirmed STRM/JSA Series vulnerable
2014-10-16: Added IDP audit signature
2014-10-17: Added NSM3000/NSMXpress
2014-10-20: Added additional workaround for SRX
2014-10-20: Added Standalone IDP
2014-10-21: Added QFabric Director (not vulnerable)
2014-10-21: NSM 2012.2R10 will include fix
2014-10-22: Added Firefly Host
2014-10-30: Updated NSM workaround, Included NSM4000 as affected
2014-10-30: Added ScreenOS workaround
2014-11-03: Added information about Juniper servers to problem section
2014-11-14: Added more details and PR numbers to Solution field
2014-11-14: Added command example for ScreenOS workaround
2014-12-04: Added SBR Carrier
2014-12-22: Resolved in NSMXpress 2012.2R10
2015-01-20: Included specific versions of Junos OS upgraded to add support for SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV)
2015-02-23: Fix available for ScreenOS
2015-03-09: SSLv3 disabled by default in Junos OS 13.2R8, 13.3R6, 14.1R5, 14.2R3, and above
2015-03-16: Added SBR Carrier and SRC solution
2015-04-03: WLAN products vulnerable
2015-05-19: Resolved for WLAN products in MSS_8.0.7, MSS_9.0.6, MSS_9.1.2
2015-05-26: Resolved for STRM/JSA in 2013.2.R10 and 2014.4.R2
2015-05-28: Clarified CLI command to disable SSLv3 in ScreenOS 6.3.0r19 and subsequent releases
2015-11-06: Added CTPView fixed release
Modification History:
Modification History:

2017-03-05: Category restructure.

Related Links:
CVSS Score:
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Severity Level:
Low
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
Acknowledgements: