|
|
|
Reflection Security Updates for US-CERT Vulnerability #845620: RSA Public Exponent 3
Technical Note 2137
Last Reviewed 22-Mar-2007
Applies To
Reflection for Secure IT version 6.0 - 6.1
Reflection for HP, UNIX and OpenVMS version 8.0 - 13.0.4, 14.0
Reflection for IBM version 8.0 - 13.0.4, 14.0
Reflection X version 10.0 - 13.0.4, 14.0
Reflection FTP Client version 10.0 - 13.0.4, 14.0
Summary
Technical Note 2137
Last Reviewed 22-Mar-2007
Applies To
Reflection for Secure IT version 6.0 - 6.1
Reflection for HP, UNIX and OpenVMS version 8.0 - 13.0.4, 14.0
Reflection for IBM version 8.0 - 13.0.4, 14.0
Reflection X version 10.0 - 13.0.4, 14.0
Reflection FTP Client version 10.0 - 13.0.4, 14.0
Summary
A flaw in the signature verification of RSA public keys or certificates could cause Reflection clients to accept forged signatures from a server resulting in successful man-in-the-middle attacks. This technical note describes the vulnerability (US-CERT Vulnerability Note VU #845620), affected Reflection applications, and available solutions and workarounds.
This note includes the following sections:
Vulnerability Details
There is a flaw in signature verification that affects RSA public keys and digital certificates created with a public exponent of 3. This flaw results from improper processing of the PKCS-1 padding before generating the hash. This allows a remote attacker to forge the PKCS#1 v1.5 signature signed by the RSA key and attempt a man-in-the-middle attack by masquerading as the valid server.
For details, see the CERT web site at http://www.kb.cert.org/vuls/id/845620.
Affected Reflection Applications
The following Reflection applications are vulnerable:
Secure Shell connections:
Reflection SFTP Client 6.0 – 6.1
Reflection for Secure IT 6.0 – 6.1
Reflection for HP 10.0 – 13.0.4, 14.0
Reflection for UNIX and OpenVMS 10.0 – 13.0.4, 14.0
Reflection for ReGIS Graphics 10.0 – 13.0.4, 14.0
Reflection X 10.0 – 13.0.4, 14.0
Reflection FTP Client 10.0 – 13.0.4, 14.0
SSL/TLS connections:
Reflection for HP 8.0 – 13.0.4, 14.0
Reflection for UNIX and OpenVMS 8.0 or higher
Reflection for ReGIS Graphics HP 8.0 – 13.0.4, 14.0
Reflection for IBM HP 8.0 – 13.0.4, 14.0
Reflection FTP Client HP 8.0 – 13.0.4, 14.0
Reflection SFTP Client 6.0 – 6.1
Reflection for Secure IT 6.0 – 6.1
Reflection for HP 10.0 – 13.0.4, 14.0
Reflection for UNIX and OpenVMS 10.0 – 13.0.4, 14.0
Reflection for ReGIS Graphics 10.0 – 13.0.4, 14.0
Reflection X 10.0 – 13.0.4, 14.0
Reflection FTP Client 10.0 – 13.0.4, 14.0
SSL/TLS connections:
Reflection for HP 8.0 – 13.0.4, 14.0
Reflection for UNIX and OpenVMS 8.0 or higher
Reflection for ReGIS Graphics HP 8.0 – 13.0.4, 14.0
Reflection for IBM HP 8.0 – 13.0.4, 14.0
Reflection FTP Client HP 8.0 – 13.0.4, 14.0
Solution
Product patches and service packs are available to correct this vulnerability in all affected applications. Maintained customers can obtain all necessary product updates from the Attachmate Download Library as directed below.
Reflection for Secure IT Windows Client
Maintained users of Reflection for Secure IT Windows Client version 6.0 and 6.1 should upgrade to Reflection for Secure IT Windows Client 6.1 Service Pack 1 (SP1). For information about Reflection for Secure IT Windows Client 6.1 SP1 (including file download details), see Technical Note 2128.
Reflection for Secure IT Windows Server
Maintained users of Reflection for Secure IT Windows Server version 6.0 and 6.1 should upgrade to Reflection for Secure IT Windows Server 6.1 Service Pack 2 (SP2). For information about Reflection for Secure IT Windows Server version 6.1 SP2 (including file download details), see Technical Note 2182.
Reflection for Secure IT UNIX Client or UNIX Server
Maintained users of Reflection for Secure IT UNIX Client or UNIX Server version 6.0 and 6.1 should upgrade to Reflection for Secure IT UNIX Client or UNIX Server 6.1 Service Pack 2 (SP2). For information about Reflection for Secure IT UNIX Client or Server version 6.1 SP2 (including file download details), see Technical Note 2181.
Reflection Windows-based Products
Maintained users of the following Reflection products (version 13.0 or higher) should apply the appropriate Reflection patch or service pack.
Reflection for HP
Reflection for UNIX and OpenVMS
Reflection for IBM
Reflection for Multi-Host Professional
Reflection for Multi-Host Standard
Reflection X
Reflection Suite for X
Reflection for UNIX and OpenVMS
Reflection for IBM
Reflection for Multi-Host Professional
Reflection for Multi-Host Standard
Reflection X
Reflection Suite for X
Maintained users of Reflection 14.0 should upgrade to Reflection 14.0 SP1. For information about Reflection 14.0 SP1 (including file download details), see Technical Note 2127.
Maintained users of Reflection 13.0–13.0.4 should upgrade to Reflection 13.0.5. For information about Reflection patch 13.0.5 (including file download details), see Technical Note 1869.
For Reflection Windows-based products version 8.0–12.0.X, contact your sales representative for information about upgrading your product to correct this vulnerability. For information about contacting Attachmate, see http://www.attachmate.com/Worldwide/.
Workaround
To workaround this security vulnerability, make sure that all RSA keys are generated with a public exponent greater than 3. The Reflection ssh-keygen utility has never generated RSA keys with public exponents of 3, so any keys generated by this utility are not subject to this vulnerability.
Important Security Note
The security for all of the Reflection products using the Reflection security features depends upon the security of the operating system, host, and network environment. Attachmate strongly recommends that you evaluate and implement all relevant security service packs, updates, and patches recommended by your operating system, host, and network manufacturers.
