Security Bulletin
Summary
OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM WebSphere MQ on HP-NSS and HP OpenVMS platforms.
Vulnerability Details
CVEID: CVE-2014-3570
DESCRIPTION: An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact.
CVSS Base Score: 2.6
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710 or the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVEID: CVE-2014-3572
DESCRIPTION: OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 1.2
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-0204
DESCRIPTION: A vulnerability in the OpenSSL ssl3_get_key_exchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.
This vulnerability is also known as the FREAK attack.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-0205
DESCRIPTION: OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key.
CVSS Base Score: 2.1
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)
Affected Products and Versions
IBM MQ Appliance M2000
IBM WebSphere MQ for OpenVMS V6
IBM WebSphere MQ V5.3 for HP NonStop
IBM WebSphere MQ Client for HP Integrity NonStop Server - SupportPac MAT1
IBM MQ Client for HP Integrity NonStop Server - SupportPac MQC8
IBM Mobile Messaging and M2M Client Pack (Eclipse Paho MQTT C Client libraries only) - Support Pac MA9B
Remediation/Fixes
IBM strongly recommends immediately changing any channel definitions that use any of the following MQ CipherSpecs to use a stronger encryption algorithm;
- RC4_MD5_EXPORT
- TLS_RSA_EXPORT_WITH_RC4_40_MD5
- RC2_MD5_EXPORT
- TLS_RSA_EXPORT_WITH_RC2_40_MD5
Further details on MQ CipherSpecs can be found here.
IBM MQ Appliance M2000
A firmware update containing this fix is available, please contact your IBM Support Representative for further details.
IBM WebSphere MQ for OpenVMS V6
The version of OpenSSL used by MQ is provided by Hewlett-Packard. Please contact HP support for further information.
IBM WebSphere MQ V5.3 for HP NonStop
A patched version of OpenSSL will be made available in WebSphere MQ v531.11, in the interim please contact your IBM Support representative.
IBM WebSphere MQ Client for HP Integrity NonStop Server - Support Pac MAT1
This SupportPac has been withdrawn and replaced by IBM MQ Client for HP Integrity NonStop server, apply the ifix as indicated below.
IBM MQ Client for HP Integrity NonStop Server - Support Pac MQC8
An ifix is available to download from Fix Central - 8.0.0.2b-WS-MQC-HPNS-IA64.
IBM Mobile Messaging and M2M Client Pack (Eclipse Paho MQTT C Client libraries only) - Support Pac MA9B
Review the instructions below for rebuilding the C client libraries against a new version of OpenSSL.
Workarounds and Mitigations
IBM WebSphere MQ and IBM MQ Appliance
The MQ channel protocol protects against a man-in-the-middle downgrade of secure socket protocol and/or ciphersuites through channel SSLCIPH validation. After a successful handshake, the MQ protocol exchanges communications flows to negotiate channel startup, this processing detects an export ciphersuite being used where a stronger level of ciphersuite is required. In this scenario, the channel does not exchange any messages and logs an AMQ9631 error in the queue manager error logs before ending the connection.
IBM Mobile Messaging and M2M Client Pack
The C client libraries provided by the MA9B Support Pac can also be rebuilt from source and linked against a newer maintenance level of OpenSSL 1.0.1 using the following instructions. To address the vulnerabilities outlined in this security bulletin, version OpenSSL 1.0.1l or later should be used.
Get Notified about Future Security Bulletins
References
Change History
23rd March 2015 - Initial version Published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21699052