-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory Number 06062014 CVE-2014-0224 TITLE OpenSSL Multiple Vulnerabilities SUMMARY On June 5, 2014, the OpenSSL Foundation announced multiple vulnerabilities in OpenSSL through the advisory at http://www.openssl.org/news/secadv_20140605.txt. A number of Aruba Networks products make use of OpenSSL. This advisory has been created to describe Aruba's exposure to these vulnerabilities. AFFECTED PRODUCTS SSL/TLS MITM vulnerability (CVE-2014-0224) - Multiple Aruba products impacted. See below for further details. DTLS recursion flaw (CVE-2014-0221) - No impact. No Aruba products implement DTLS. DTLS invalid fragment vulnerability (CVE-2014-0195) - No impact. No Aruba products implement DTLS. SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198) - No impact. Aruba products do not enable SSL_MODE_RELEASE_BUFFERS SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) - No impact. Aruba products do not enable SSL_MODE_RELEASE_BUFFERS Anonymous ECDH denial of service (CVE-2014-3470) - No impact. Aruba products do not enable anonymous TLS ciphersuites AFFECTED VERSIONS (for CVE-2014-0224) - ArubaOS (6.3.X, 6.4.X - including FIPS versions) - ClearPass (6.1.x, 6.2.x, 6.3.x) - AirWave (All versions) - VIA for Linux (2.0.X) NOT AFFECTED - Aruba Central (cloud services updated on June 5 to patch vulnerability) - Aruba Instant (product does not use OpenSSL) - Aruba VIA, other than Linux version (product does not use OpenSSL) - MeshOS POSSIBLY AFFECTED - ArubaOS 5.x, 6.1.x, 6.2.x - ArubaOS 7.x (Mobility Access Switch) These versions contain an older version of OpenSSL which is not reported to be vulnerable when acting as a TLS server. Although Aruba does not believe these versions pose a danger, OpenSSL will be patched during the next scheduled maintenance cycle as a precaution. DETAILS An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable server *and* client (both server and client must be running a vulnerable version of OpenSSL.) Most common web browsers do not make use of OpenSSL, and thus HTTPS connections between a browser and an affected Aruba device would not be impacted. The major exception is Chrome running on Android devices, which does use OpenSSL. Wireless EAP sessions *may* be impacted between an affected Aruba product and a client device that uses OpenSSL as part of its EAP stack. This primarily impacts Unix-like operating systems which employ the open-source "wpa_supplicant" package when it is built and linked against OpenSSL. Android is reported to use wpa_supplicant to manage 802.1X sessions. Aruba has not yet confirmed that EAP is vulnerable, but based on preliminary analysis: - EAP-TLS will not reveal credentials during an attack. EAP-TLS uses TLS for certificate verification, and does not actually communicate encrypted authentication messages over a TLS tunnel. - EAP-PEAP *may* be vulnerable to credential exposure. The impact would be the exposure of an MSCHAPv2 hash to an attacker, who could then conduct an offline dictionary or brute-force attack against the password hash. The strength of the password will determine how successful the attack is. - For any EAP type, the Pairwise Master Key (PMK) used to protect the resulting wireless session is based off the TLS master secret. If a man-in-the-middle attack successfully forces weak keying material to be used, the resulting PMK will be similarly weak. Given the ability to conduct man-in-the-middle attacks over a wireless network, Aruba recommends caution when connecting vulnerable client devices to WPA2 networks until either the client or server has been patched for this vulnerability. We expect numerous popular client operating systems to be patched immediately - for example, Red Hat and Ubuntu both issued patches on June 5. This caution applies only when the 802.1X EAP session is handled by an OpenSSL-enabled EAP authentication server - for example, when EAP termination is enabled on an Aruba controller, or when ClearPass Policy Manager is used as an authentication server for EAP sessions, or if another OpenSSL-enabled RADIUS server (e.g. FreeRADIUS) is used. Customers using a RADIUS server which does not use OpenSSL (e.g. Microsoft NPS) would not be vulnerable. DISCOVERY These vulnerabilities were announced publicly by the OpenSSL Foundation. IMPACT OpenSSL is used in a variety of ways in Aruba products, including: * HTTPS communications via the Administrative Web GUI * HTTPS communications via Captive Portal * 802.1X * Secure LDAP communication * Secure communication with some third party APIs * VIA profile download Aruba Networks participates in the Common Vulnerability Scoring System (CVSS). This rating system is a vendor agnostic, industry open standard designed to convey vulnerability severity and help determine urgency and priority of response. The CVSS score for this release is: CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) MITIGATION HTTPS sessions with affected products should only be made from a trusted network segment, or using a browser which is known not to be using a vulnerable version of OpenSSL. This practice should continue until one of the two devices participating in the HTTPS session has been updated. TLS sessions between network elements (e.g. between AirWave and an Aruba Mobility Controller) should be made through a trusted network segment that is protected from man-in-the-middle attacks. Customers should use caution when allowing wireless 802.1X-PEAP authentication between an authentication server using OpenSSL (e.g. ArubaOS with EAP Termination, or ClearPass Policy Manager) and a client operating system which uses OpenSSL to provide the EAP stack (e.g wpa_supplicant). SOLUTION Aruba Networks has published patch releases for the affected products. We recommend that all customers upgrade to these versions. ArubaOS 6.3.1.8 posted 6/13/2014 ArubaOS 6.4.1.0 posted 6/17/2014 ClearPass 6.1.3 or 6.1.4 patch posted 6/13/2014 ClearPass 6.2.6 patch posted 6/13/2014 ClearPass 6.3.3 patch posted 6/13/2014 AirWave 7.7.12 posted 6/12/2014 - Note: AirWave customers running older versions are strongly encouraged to upgrade to 7.7.12. Customers who are unable to upgrade may run "yum update openssl; rd" from a root shell. This will update OpenSSL and restart all required processes. AirWave 8.0.1 VIA for Linux 2.0.2 posted 6/13/2014 +---------------------------------------------------- OBTAINING FIXED FIRMWARE Aruba customers can obtain the firmware on the support website: http://support.arubanetworks.com Aruba Support contacts are as follows: 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) The full contact list is at: http://www.arubanetworks.com/support-services/support-program/contact-support/ e-mail: support(at)arubanetworks.com Please do not contact "sirt(at)arubanetworks.com" for software upgrades. STATUS OF THIS NOTICE: Final Although Aruba Networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUNCEMENT This advisory will be posted on Aruba's website at: http://www.arubanetworks.com/support/alerts/aid-06062014.txt Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 / 06-06-2014 / Initial release Revision 1.1 / 06-09-2014 / Update to EAP vulnerability estimate Revision 1.2 / 06-17-2014 / Update to include release information ARUBA SIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to sirt(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2014 by Aruba Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJToIEwAAoJEJj+CcpFhYbZ0F8H/1UymWW1dvvD/YvN6o4ARIZs fT+2N+kRSKc/H2l9V8MK+MtvV1oS7S70yMV20y1iFzymGpxw/mVVSk+08iWEkYy7 dMOfskdh6BxspSi55BVFLVsMn8TbGxwTf0ZYu86Tu1WSBIFd32HD5HQN2MENGxCE hnASnpJ99iNspdM3WnUVW97scUs8WCcw/EWZs6mHd72fmm4CYDstU1C+vlGIT+mH lNZl4D6N87rZy0zcioCjCmttXbty4seN1Onj4Oee4g9pyizlZ0BeiDk0oOjx1dQL y+ki52fwX6guZaICPmtMT8vsVpHh/F2SkyYz67ZWlzC3F0QKzhhlosG3huD7T6I= =1ogj -----END PGP SIGNATURE-----