POODLE: SSLv3 vulnerability (CVE-2014-3566)

Red Hat Product Security has been made aware of a vulnerability in the SSLv3 protocol, which has been assigned CVE-2014-3566 and commonly referred to as 'POODLE'. All implementations of SSLv3 are affected.

Background Information

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. More details are available in the upstream OpenSSL advisory.

POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3. It does not affect the newer encryption mechanism known as Transport Layer Security (TLS).

Impact

Avoiding Man-In-The-Middle Attacks

Exploiting this vulnerability is not easily accomplished. Man-in-the-middle attacks require large amounts of time and resources. While likelihood is low, Red Hat recommends implementing only TLS to avoid flaws in SSL.

Avoiding a Fallback Attack

Several vendors have provided patches to cryptographic libraries introducing a TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV). This fallback mechanism allows clients to indicate to a server that they support newer SSL/TLS versions than those initially proposed. In the event of suspicious behavior where a client attempts to fallback to an older version when newer versions are supported, the server will abort the connection.

Currently, only HTTPs clients perform out-of-band protocol fallback.
Products that Red Hat support currently vulnerable from a client side perspective are:

• Firefox
• Chromium
• Curl command line tool and libraries

Currently, Google's Chromium is the only web based browser supported by Red Hat that will handle this functionality client side.

To avoid the fallback attack, supported browsers (only Chromium at this time) must interact with a server supporting TLS_FALLBACK_SCSV negotiation

The server side also needs to be patched to support SCSV extension, and does not need a rebuild with the patched crypto library. Again, due to current lack of support in most common web browsers, any changes server side will only be relevant when client based browsers support the more secure measures.

To learn more about the patched crypto libraries review RHSA-2014:1652-1 and RHSA-2014:1653-1

For non HTTPs clients:
Disabling SSLv3 in favor of at least a TLS connection is recommended. However in disabling SSL it is important to understand that certain applications that do not support TLS could default to plain-text transmission which would be worse from a security perspective than the vulnerable SSL protocol. Before disabling SSL on services, please carefully consider these measures.

Determining Vulnerability

Red Hat Support Subscribers

As a Red Hat customer the easiest way to check vulnerability and confirm remediation is the Red Hat Access Lab: SSLv3 (POODLE) Detector

Non Subscribers

If you are not a subscriber, the script attached to this article (poodle.sh) can be run against a server to check whether it has SSLv3 enabled.

NOTE: This script takes the hostname of the server to check as the first argument and an optional port as the second. By default it will check the local system and port 443.

Resolution

The following guides have been established to help disable SSLv3 for affected products. Red Hat is continuously working at this time to provide additional use cases and guides to disable SSLv3. Note that if you use a third-party service to terminate SSL/TLS connections, then SSLv3 needs to be disabled by the service. Changes on your systems are not necessary in this case.

For More Information

If you have questions or concerns, please contact Red Hat Technical Support