IBM Support

MA46852 - LIC-SSL SYSTEM TLS ROBOT ATTACK VU#144389

 APAR (Authorized Program Analysis Report)

Abstract

LIC-SSL SYSTEM TLS ROBOT ATTACK VU#144389

Error Description

As described in Vulnerability Note VU#144389:                  
TLS implementations may disclose side channel information via  
discrepancies between valid and invalid PKCS#1 padding, and may
therefore be vulnerable to Bleichenbacher-style attacks. This  
attack is known as a "ROBOT attack".  This problem applies to  
RSA key exchange cipher suites.                                

Problem Summary

****************************************************************
* PROBLEM: (MA46852) Licensed Program = 5770999 for i 7.1,     *
*                                        i 7.2, and i 7.3      *
*           Security                                           *
****************************************************************
* USERS AFFECTED: All IBM i operating system users.            *
****************************************************************
* RECOMMENDATION: Apply LIC PTF MF64537 for i 7.1.             *
*                 Apply LIC PTF MF64536 for i 7.2.             *
*                 Apply LIC PTF MF64534 for i 7.3.             *
****************************************************************
As described in Vulnerability Note VU#144389:                  
TLS implementations may disclose side channel information via  
discrepancies between valid and invalid PKCS#1 padding, and may
therefore be vulnerable to Bleichenbacher-style attacks. This  
attack is known as a "ROBOT attack".                            
                                                               
This problem applies to RSA key exchange cipher suites which    
start with TLS_RSA or RSA.                                      

Problem Conclusion

Process different PKCS #1 v1.5 padding errors generated by the  
ROBOT attack identically from the view point of the attacker so
discrepancies cannot be used to distinguish between valid and  
invalid messages.                                              

Temporary Fix

                       *********                                
                       * HIPER *                                
                       *********                                

Comments

Circumvention


On IBM i 7.2 or newer partitions, disable the RSA key exchange  

cipher suites by removing them from the QSSLCSL system value.  

PTFs Available

R710 MF64537 PTF Cover Letter   1000
R720 MF64536 PTF Cover Letter   8249
R730 MF64534 PTF Cover Letter   8242

Affected Modules

         
         

Affected Publications

Summary Information

Status............................................ CLOSED PER
HIPER........................................... Yes
Component.................................. 9400DG300
Failing Module.......................... RCHMGR
Reported Release................... R730
Duplicate Of..............................




System i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information

Document information

More support for: i family

Software version: V5R1M0, V5R2M0, V5R3M0, V5R3M5, V5R4M0, V5R4M5, V6R1M0, V6R1M1, V7R1M0, V7R2M0, V7R3M0

Operating system(s): OS/400

Reference #: MA46852

Modified date: 14 October 2018