Advisory: DROWN Vulnerability (CVE-2016-0800)

Grace NacesAdvisories

Publication Date: 7 March 2016
Updated: 15 March 2016

Description

A vulnerability that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. The Traffic between clients and non-vulnerable servers can be decrypted if another server supporting SSLv2 and EXPORT ciphers shares the RSA keys of the non-vulnerable server. This is even with a different protocol such as SMTP, IMAP or POP.

Impact

Websites or computer servers using the HTTPS protocol could be exposed to eavesdroppers.

Status

DROWN Vulnerability is classified as ‘CVE-2016-0800’ by CERT.

Affected gateway products are:

  1. IG 3100 model 3100, model 3101
  2. IG 4
  3. InnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series
  4. InnGate 3.01 G-Series, 3.10 G-Series
  5. SSG 4
  6. SG 4

Recommended Action

Contact Support as soon as possible to get help in deploying mitigation against DROWN:

ANTlabs Support Contact Details

24   x 7 Phone Support

Phone: +65 6100-SUPP (+65 6100-7877)

For US Customer: +1-858-217-5147

Email Support: tech-support@antlabs.com

We currently have the available patch(es):

IG 4 Security Patch #4
InnGate Security Patch #63
IG 3100 Security Patch #13
SG 4 Security Patch #5
SSG 4 Security Patch #9

These patches update the web service module to address the SSLv2 vulnerability. These are critical security updates that should be applied as soon as possible and they will automatically reboot the gateway upon patching.

ANTlabs Engineering team is currently working on hotfixes for other ANTlabs products and will be posting subsequent updates on this advisory.