Security Bulletin
Summary
The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Informix Genero.
Vulnerability Details
CVEID: CVE-2015-2808
DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve sensitive information. This vulnerability is commonly referred to as "Bar Mitzvah Attack".
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101851 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Products and Versions
Informix Genero 2.32, 2.40, and 2.50
Remediation/Fixes
Informix Genero component products with version numbers of 2.50.12.P4 and v2.50.14.P4 to address these vulnerabilities. These versions can be downloaded from IBM’s Fix Central web site at the locations indicated below.
Informix Genero Version | Remediation/Fix by OS / Platform | |
2.50.14.P4 | ||
2.50.12.P4 |
For Informix Genero versions 2.3x and 2.4x, IBM recommends an upgrade to a fixed, supported version of the product.
Workarounds and Mitigations
The mitigation for this issue is to configure the OpenSSL library used by Informix Genero to disable the RC4 cipher. The options to perform this action are as follows:
Configuring OpenSSL to disable RC4
Option 1 - Disable RC4 in a server via a config file.
Locate the configuration file for OpenSSL that your product uses.
Note: If your product uses a shared config file, particularly if it uses a config file owned by the OS, this needs to be fixed first, since changing the supported ciphers may impact other processes and cause them to stop working. Look for a line similar to this:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!SSLv3:!EXPORT
Note: The SSLCipherSuite tag may vary from product to product. This example is from Apache, but the general format for the cipher selection is a common format which the OpenSSL API accepts.
Add !RC4 to disable RC4 and remove any lines that explicitly enable RC4, in the example above "RC4+RSA" also needs to be removed.
i.e. old
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!SSLV3:!EXPORT
new
SSLCipherSuite ALL:!ADH:!RC4:+HIGH:+MEDIUM:!LOW:!SSLv2:!SSLV3:!EXPORT
Verify, using
openssl ciphers -V "<cipherlist>" | grep RC4
Where <cipherlist> is similar to
ALL:!ADH:!RC4:+HIGH:+MEDIUM:!LOW:!SSLv2:!SSLV3:!EXPORT
i.e.
openssl ciphers -V "ALL:!ADH:!RC4:+HIGH:+MEDIUM:!LOW:!SSLv2:!SSLV3:!EXPORT" | grep RC4
<cipherlist> MUST BE the cipher specification your product actually uses.
Note: This is *NOT* an exact recipe for secure operation, it merey shows how to solve THIS problem and remove RC4 from the negotiated cipher list.
See http://www.openssl.org/docs/apps/ciphers.html for more detail on the syntax of cipher suite configuration. When testing, it is recommended to run openssl ciphers -V "<cipherlist>" and check that you have some ciphers left and not an empty set.
Option 2 - Disable RC4 programatically (Client or server)
This is similar to the config file method, except you use SSL_CTX_set_cipher_list() or SSL_set_cipher_list()
See http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html
The syntax of the list is the same as described above. When testing, it is recommended to run openssl ciphers -V "<cipherlist>" and check that you have some ciphers left and not an empty set.
Checking the ciphers configured can also be done programmatically using SSL_get_cipher_list()
Testing
- The easiest testing is to use SSL_get_cipher_list() and dump the list of configured ciphers that will work for client or server.
- The other option is to use the openssl command line program, configure that to act as the other end of the connection with RC4 suites enabled, and check that when negotiation occurs, ciphers containing RC4 are never available and never selected. This is awkward in practice as the ciphers used are negotiated from the intersection of the sets supported by client and server. The best method differs a little between client and server testing.
Testing a client
Testing a client is the simple case as openssl s_server dumps the shared ciphers when a connection from the client is made. Testing with both RSA and EC certs is difficult as the server needs to be restarted to do both, but for the simpler RSA case:
Generate the server key & certificate
openssl genrsa -out server_privkey2k.pem 2048
openssl req -new -x509 -key server_privkey2k.pem -out server_cert2k.pem -days 1095 -subj ''''/C=AU/ST=Queensland/L=GoldCoast/CN=somewhere.ibm.com''''
Start the openssl server and connect the client to the server. In the example below the server binds to localhost port 3443.
Note that the client and server can be run on the same machine, but the commands below need to be run in separate windows.
Start the server in "window 1"
openssl s_server -accept 3443 -cert server_cert2k.pem -key server_privkey2k.pem
Start the client in "window 2"
openssl s_client -connect localhost:3443 (Note that the client output is NOT useful here)
The server output (in window 1) IS useful and will look like this:
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALALwQABDDLJ0FuVcIvtbursIelrqg25tPmnJ5Qfo+Iz9oxqrAY
w0Q0MV2dCKXHMp8ChZDJZXShBgIEVRnxuqIEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA
CIPHER is ECDHE-RSA-AES128-GCM-SHA256
Secure Renegotiation IS supported
As can be seen above, this would be a fail. RC4 appears in the shared cipher list.
Note: The fact that RC4 wasn’t actually used is irrelevant for this test, if it is in the shared cipher list it could have been used.
Testing a server
The flexibility of the OpenSSL cipher selection helps here.
openssl s_client -connect localhost:3443 -cipher "RC4"
This will set the client cipher list which includes all the available RC4 ciphers and the server will pick one if there’s a match.
Below is a failure, which is what you want to see.
CONNECTED(00000003)
140333137577840:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 105 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
Below is the fail case. This is a successful connection, but a test failure.
mulga:~> openssl s_client -connect localhost:3443 -cipher "RC4"
CONNECTED(00000003)
depth=0 C = AU, ST = Queensland, L = GoldCoast, CN = mulga.gc.au.ibm.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Queensland, L = GoldCoast, CN = mulga.gc.au.ibm.com
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Queensland/L=GoldCoast/CN=mulga.gc.au.ibm.com
i:/C=AU/ST=Queensland/L=GoldCoast/CN=mulga.gc.au.ibm.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDezCCAmOgAwIBAgIJAJjckZ/MuhACMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMRIwEAYDVQQHDAlHb2xkQ29hc3Qx
HDAaBgNVBAMME211bGdhLmdjLmF1LmlibS5jb20wHhcNMTQwMzI4MDExMTA0WhcN
MTcwMzI3MDExMTA0WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECAwKUXVlZW5zbGFu
ZDESMBAGA1UEBwwJR29sZENvYXN0MRwwGgYDVQQDDBNtdWxnYS5nYy5hdS5pYm0u
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujPV7n24u2rGkTHV
cu0DwdUoNtB9SgzKmgTgg7xwjUbuJlAtqKfOZCiqV4H9/6M2fU8u8wABQ10NoI0W
lz/e27VFzlzRFyonubH7Nl+Bh2ZVe+SRWZri1Ak6DBpx+spLtm9HzddpS9FKQbIL
gppbh07BX9hBmMy0S5FvTRw/GXT/yhVw/dOXiHm2ZDd3+/7EAMPjLhh0ck3l5rk2
Jw0MuKmLgy79YCTLpHY09NyKNvcx7DpZM/J4PWrHT9xaTcYj5kmes15ZKH7CU5uC
nT8HpsBB0sVjgyPVi40vOG5gMaTkWdavNbZsFEzNHZAijPh6LawPsjUHNpJWo0bp
4zhHlQIDAQABo1AwTjAdBgNVHQ4EFgQU+wXIKZAahSg2DLXcDqmh2Z99dZ8wHwYD
VR0jBBgwFoAU+wXIKZAahSg2DLXcDqmh2Z99dZ8wDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQUFAAOCAQEAq8TynGnKpZHjbYeaXxxMAow/JM4FgwjL7gTXEBeVXGKW
NPtZBFCUDiGhSWKu0muvkd2NMCuaFSAJme8m/gW4xkVPsCk8Fr2diViT1dLZrBR4
ElAdiI/4RwigQFkRvrKu1CU1CPDcyAuj7Qg213WOV48PAmfmRVOLWp1Lsh8ZUTDD
Qvi80EHOUE5+2jYwQKELyn81OoWHAuQ/IXCW0Xqhz3cybr88CV2paarHKLGEYd8C
MHn100Qpwg5zieG4Vy+9jEuoTfxs6weGsUllvrIQ0LV3EItzh+k3SYw/+u+8wgjT
1zTyiY7b883aBnjUDLmOzcJaLSGb4Ms8jY1+5jpvOA==
-----END CERTIFICATE-----
subject=/C=AU/ST=Queensland/L=GoldCoast/CN=mulga.gc.au.ibm.com
issuer=/C=AU/ST=Queensland/L=GoldCoast/CN=mulga.gc.au.ibm.com
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 1550 bytes and written 259 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-RC4-SHA
Session-ID: 7D141BD56CFD88646E7B71300239C773D11CDC93BF5DBFA7C1FF213D3A7B1889
Session-ID-ctx:
Master-Key: 1F32F04738C3FAA3A49F7AB642CF29F53112A8A3238A2E5828148DEC755D8215EBA4301B62B5D13CED92B65D75C988BC
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 88 83 0a ae 25 28 87 3f-69 0a 5f 75 fa dc 28 fb ....%(.?i._u..(.
0010 - cb 79 fa a2 67 46 63 83-9e 74 82 c5 e2 2f 39 35 .y..gFc..t.../95
0020 - 72 85 f4 e4 26 2a d7 49-d5 8e da 7a 46 ad a3 a3 r...&*.I...zF...
0030 - e4 f4 7e e8 2c 37 42 ed-3e 3b 5b ce f0 5a 23 0c ..~.,7B.>;[..Z#.
0040 - 12 df f9 2c db 23 94 56-83 60 40 e5 29 66 90 0a ...,.#.V.`@.)f..
0050 - f2 d4 7b 1e ff 73 fd 38-76 56 b6 34 b9 77 72 9b ..{..s.8vV.4.wr.
0060 - 54 f6 e8 87 50 7d f5 a9-71 56 7f 3e b6 b5 f1 62 T...P}..qV.>...b
0070 - 97 e8 f7 96 cf 43 47 5b-9f 4b 7f 1f c9 24 e1 37 .....CG[.K...$.7
0080 - 65 5d d3 44 dd e7 f1 cf-29 f0 dc 9e c8 06 51 ea e].D....).....Q.
0090 - 04 91 9b a8 70 3a 1e 88-53 08 b6 55 9c 05 3a 25 ....p:..S..U..:%
Start Time: 1427765190
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
Get Notified about Future Security Bulletins
References
Change History
27 May 2015: Original Version Published
19 November 2015: Updated to include Fix information
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
03 June 2021
UID
swg21902697