IBM Support

Security Bulletin: Vulnerability in SSLv3 affects Directory Server (CVE-2014-3566)

Security Bulletin


Summary

SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS).

Vulnerability Details

CVE-ID: CVE-2014-3566

DESCRIPTION
: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97013 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM Tivoli Directory Server 6.0, 6.1, 6.2, 6.3

IBM Security Directory Server 6.3.1, 6.4

IBM Security Directory Suite 8.0.1

Remediation/Fixes

Insure that the version listed below is installed on the system.

Product Version Fix level
IBM Security Directory Suite 8.0.1 8.0.1.0 (GA level)
IBM Security Directory Server 6.4 6.4.0.0 (GA level)
IBM Security Directory Server 6.3.1 6.3.1.8-ISS-ISDS-IF0008
Tivoli Directory Server 6.3 6.3.0.34-ISS-ITDS-IF0034
Tivoli Directory Server 6.2 6.2.0.41-ISS-ITDS-IF0041
Tivoli Directory Server 6.1 6.1.0.65-ISS-ITDS-IF0065
Tivoli Directory Server 6.0 6.0.0.73-ISS-ITDS-IF0073

    Notes:
    1. Though the above Fix levels provide necessary functionality to disable SSLv3, its important to use the latest recommended fix level of SDS/TDS 6.x or SDS 8.0.1. So based on your SDS / TDS version download the latest recommended fix level and install the same along with the latest related products.
IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3.

There are 4 components of Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS) where SSLv3 should be disabled: LDAP servers, LDAP clients, Web Administration Tool and HTTP clients (web browsers)

For TDS or SDS LDAP Servers:

TDS versions 6.2.0.41, 6.1.0.65 and 6.0.0.73: SSLV3 can be directly disabled in the server by adding the following line to the "cn=Front End, cn=Configuration" entry of the ibmslapd.conf file:

ibm-slapdSetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS10

TDS version 6.3.0.34: SSLV3 can be directly disabled in the server by adding the following line to the "cn=Front End, cn=Configuration" entry of the ibmslapd.conf file:

ibm-slapdSetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS10,TLS11,TLS12

SDS version 8.0.1.*, 6.4.0.* and 6.3.1.8 (and later fix levels): SSLV3 can be directly disabled in the server by adding the following lines to the "cn=SSL, cn=Configuration" entry of the ibmslapd.conf file. Make sure that " ibm-slapdSecurityProtocol: SSLV3" is NOT present.

ibm-slapdSecurityProtocol: TLS10
ibm-slapdSecurityProtocol: TLS11
ibm-slapdSecurityProtocol: TLS12

For TDS or SDS LDAP clients:

TDS versions 6.2.0.41, 6.1.0.65 and 6.0.0.73: SSLV3 can be directly disabled in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries.

export LDAP_OPT_SECURITY_PROTOCOL=TLS10

TDS version 6.3.0.34: SSLV3 can be directly disabled in the in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries.

export LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12

SDS version 8.0.1.*, 6.4.0.* and 6.3.1.8 (and later fix levels) : SSLV3 can be directly disabled in the in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries.

export LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12

Workarounds and Mitigations

IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3.


There are 4 components of Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS) where SSLv3 should be disabled: LDAP servers, LDAP clients, Web Administration Tool and HTTP clients (web browsers)

NOTE: It is strongly recommended that you maintain the latest fix level of both the directory server and GSKit to be sure that you have fixes for all known vulnerabilities and defects as part of your overall security strategy. The latest available fix levels are documented in the technote Fixes by version for IBM Security Directory Server - v.r.m.f levels and build dates

For TDS or SDS LDAP Servers 8.0.1, 6.4 and 6.3.1.8 (and later fix levels):

A) Disable SSLv3 protocol


    Enabling FIPS mode will disable SSLv3 on all versions of TDS/SDS. This can be done by setting the following options in the dn: cn=SSL, cn=Configuration entry of ibmslapd.conf and restarting the server:

      ibm-slapdSslFIPSModeEnabled: true
      ibm-slapdSslFIPSProcessingMode: true

    Note: FIPS mode restricts the allowable ciphers for TLS 1.0 to AES (35), AES-128 (2F), and TripleDES-168 (0A). These should be enabled by default, but if you've disabled them, then TLS 1.0 connections will be rejected:

      ibm-slapdSslCipherSpec: AES
      ibm-slapdSslCipherSpec: AES-128
      ibm-slapdSslCipherSpec: TripleDES-168

B) Enable TLS 1.2 and 1.1

    TLS 1.0 is enabled by default. TLS 1.2 and 1.1 are only supported on TDS 6.3.0.17 or later, or SDS 6.3.1.0 or later (see note section at bottom), SDS 6.4.0.0 or later and SDS 8.0.1.0 or later. You can enable or disable specific protocols using the ibm-slapdSecurityProtocol attribute of the cn=SSL, cn=Configuration entry in ibmslapd.conf:

      # ibm-slapdSecurityProtocol: SSLV3 <- (disable this, enable the rest)
      ibm-slapdSecurityProtocol: TLS10
      ibm-slapdSecurityProtocol: TLS11
      ibm-slapdSecurityProtocol: TLS12

    For TLS 1.2 to work, you may add one or more of the following TLS 1.2 ciphers to the cn=SSL, cn=Configuration entry of ibmslapd.conf and restart the server, If none of the TLS 1.2 ciphers are present, then SDS/TDS will initialize a default set of TLS 1.2 ciphers:

      # ciphers supported in FIPS mode and used by TDS client
      ibm-slapdSslCipherSpec: TLS_RSA_WITH_3DES_EDE_CBC_SHA
      ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_CBC_SHA
      ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA
      ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_GCM_SHA256
      ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_GCM_SHA384
      ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_CBC_SHA256
      ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA256
      ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
      ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
      ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
      ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
      ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
      ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
      ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
      ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      # ciphers supported in FIPS mode but NOT used by TDS client
      ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
      ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
      ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
      ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

For TDS or SDS LDAP clients:

    Enabling FIPS mode in client applications will also disable SSLv3 the same as on the server. The command line clients which ship with TDS and SDS use the '-x' command line option to enable FIPS mode. However, there is no environment variable to directly control this in the ldap client libraries. FIPS mode can only be enabled by calling the C client API ldap_ssl_set_fips_mode_np(). Third party applications will have different ways to expose this feature (if at all).

    If you're using TDS 6.3.0.17 or later clients (see note section at bottom), you can set the environment variable LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12 to disable SSLV3. But this option is not supported on TDS 6.2 or earlier. And like FIPS mode, it is only recognized by TDS or SDS client applications, not directly by the ldap client libraries. Third party applications will have different ways to expose this feature (if at all).

Web Administration Tool:

    To disable SSLV3 in the web administratio tool and the embedded Websphere Application Server (eWAS) included with TDS, please see technote #1694300: Disabling SSLv3 for Directory Server Web Admin Tool. at http://www.ibm.com/support/docview.wss?uid=swg21694300

    Iinformation on disabling SSLV3 in the full Websphere Application Server (WAS) can be found at http://www.ibm.com/support/docview.wss?uid=swg21687173

    Support for TLS 1.0 was added to webadmin version 6.2.0.22 with APAR IO15734, and 6.3.0.11 with APAR IO16024. The webadmin tool for TDS 6.1 and earlier does not support TLS.

HTTP clients (web browsers):
NOTE:

Get Notified about Future Security Bulletins

References

Complete CVSS v2 Guide
On-line Calculator v2

Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement

None

Change History

21 October 2014: Original Version Published
29 January 2015: corrected instructions under "For TDS or SDS LDAP clients" in the Remediation section
30 January 2015: corrected instructions in the Remediation section
19 March 2018: Added information and clarifications about 6.4 and 8.0.1.

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Historical Number

44446

Product Alias/Synonym

LDAP IDS ITDS TDS ISDS SDS

Document information

More support for: IBM Security Directory Server

Software version: 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.4, 8.0.1

Operating system(s): Platform Independent

Software edition: All Editions

Reference #: 1687611

Modified date: 30 January 2015