Cisco Security Advisory-
A security vulnerability has been discovered in version 3.x of the RSA BSAFE SSL-J Software Developer Kit made by RSA Security. This vulnerability enables an attacker to establish a Secure Socket Layer (SSL) session with the server, bypassing the client authentication with a bogus client certificate. The server must have been developed using a vulnerable RSA BSAFE SSL-J Software Development Kit (SDK). Servers based on other libraries are not known to be vulnerable to this issue. For further details regarding this vulnerability, see http://www.rsasecurity.com/products/bsafe/.
Cisco Internet Content Distribution Network (iCDN) is affected by the vulnerable library. The only vulnerable version is iCDN 2.0. This vulnerability has been fixed in version 2.0.1.
No other Cisco product is vulnerable.
There is no workaround for this vulnerability.
This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010912-ssl-j
-
This section provides details on affected products.
Vulnerable Products
The only product affected is iCDN 2.0. iCDN 1.0 is not vulnerable because it does not contain the RSA BSAFE SSL-J library.
This vulnerability has been fixed in release 2.0.1
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
-
SSL as a protocol has the notion of a "session", which can be loosely described as a set of security parameters (such as the "master secret") which are shared between a client and server (See RFC2246, Appendix B). The creation of a session incurs the greatest penalty in terms of cryptographic operations, so the obvious optimization is to cache the session parameters.
The problem is as follows: If an error occurs during the client-server handshake, the server might, under certain conditions, store the session's ID in the cache rather than discarding it. If the same client then attempts a second connection, the server cache will already contain the session ID and the shorter version of the SSL handshake will be performed. Consequently, the server will skip the client authentication phase and the connection will proceed as if the client had successfully authenticated.
For further details regarding this vulnerability see http://www.rsasecurity.com/products/bsafe/.
This vulnerability is documented as Cisco Bug ID CSCdu68211.
-
There is no workaround.
-
The iCDN 1.0 is not vulnerable since it does not contain the vulnerable library.
iCDN 2.0.1 has fixed this vulnerability. It is based on a patched RSA BSAFE SSL-J SDK provided by RSA Security.
-
This vulnerability was discovered by Cisco. RSA Security provided the fix in a timely manner. The original RSA advisory is at: http://www.rsasecurity.com/products/bsafe/
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.