Fix for ‘POODLE’ Attack Against SSL 3.0 Vulnerability

Fix for ‘POODLE’ Attack Against SSL 3.0 Vulnerability

CVE-2014-3566


‘POODLE’ attack could exploit a newly discovered vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability allows for a Man-in-the-middle (MiTM) attack to recover plaintext from encrypted SSL 3.0 connections and possibly exploit the negotiation method used by the client and server when determining which version of the encryption protocol will be used. In some cases the negotiation manipulation causes SSL handshake errors preventing the establishment of a secure connection. Both attack vectors require a MiTM setup to manipulate network traffic. These attacks are particularly effective against session cookies making web browsers attractive targets.

Support Information:

https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-cve-2014-3566/

http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566

https://www.openssl.org/news/secadv_20141015.txt

Recommendations:

  • Disable SSL 3.0
  • Use TLS 1.1 or later
  • If using OpenSSL, apply available patches

Systems Affected:

  • Both Linux/Unix and Microsoft OS are affected
  • Web Browsers are typically affected by encryption protocol version negotiation. (Firefox supports SSL 3.0 by default)

 Vulnerable Versions:

  • All versions of SSL 3.0 are vulnerable to (CVE-2014-3566)

 Alert Detection:

The Masergy Threat Intelligence Team currently has the following alerts to detect the exploitation of these vulnerabilities.

POLICY:VULN-SSL3

Detected a client browser connecting over SSLv3. SSL 3.0 was succeeded by TLSv1.0 in 1999 and has been confirmed to be vulnerable to the POODLE attack which allows a man-in-the-middle attacker to decrypt traffic.

WEB:POODLE-SERVER

Possible POODLE attack against server – excessive number of SSL 3.0 fatal alerts. POODLE (Padding Oracle On Downgraded Legacy Encryption) is an attack against a vulnerability (CVE-2014-3566) in SSL 3.0 that allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.

WEB:POODLE-CLIENT

Possible POODLE attack against client – excessive number of SSL 3.0 fatal alerts. POODLE (Padding Oracle On Downgraded Legacy Encryption) is an attack against a vulnerability (CVE-2014-3566) in SSL 3.0 that allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.

The Masergy Threat Intelligence Team will continue to release alerts for these vulnerabilities to all Masergy Unified Enterprise Security (UES) customers as they become available for IDS/IPS Detection + Prevention Modules (DPM). We will also update the Vulnerability Scanning Modules (VSM) with the capability to scan for this vulnerability as updates become available. Learn more about managed security.