Warning message

Log in to add comments.

Go home SSLv2, you’re DROWNing

Mark J. Cox published on 2016-03-01T13:00:00+00:00, last updated 2016-03-22T20:49:59+00:00

The SSLv2 protocol had its 21st birthday last month, but it’s no cause to celebrate with an alcohol beverage, since the protocol was already deprecated when it turned 18.

Announced today is an attack called DROWN that takes advantage of systems still using SSLv2.

Many cryptographic libraries already disable SSLv2 by default, and updates from the OpenSSL project and Red Hat today catch up.

What is DROWN?

CVE-2016-0800, also known as DROWN, stands for Decrypting RSA using Obsolete and Weakened eNcryption and is a Man-in-the-Middle (MITM) attack against servers running TLS for secure communications.

This means that if an attacker can intercept and modify network traffic between a client and the host, the attacker could impersonate the server on what is expected to be a secure connection. The attacker could then potentially eavesdrop or modify important information as it is transferred between the server and client.

Other Man-in-the-Middle attacks have included POODLE and FREAK. The famous OpenSSL Heartbleed issue from April 2014 did not need a Man-in-the-Middle and was therefore a much more severe risk.

How does it work?

The DROWN issue is technically complicated, and the ability to attack using it depends on a number of factors described in more detail in the researchers’ whitepaper. In short, the issue uses a protocol issue in SSLv2 as an oracle in order to help break the encryption on other TLS services if a shared RSA key is in use. The issue is actually quite tricky to exploit by itself, but made easier on servers that are not up to date with some previous year-old OpenSSL security updates. They call this “Special DROWN”, as it could allow a real-time Man-in-the-Middle attack.

Red Hat has a vulnerability article in the Customer Portal which explains the technical attack and the dependencies in more detail.

How is Red Hat affected?

OpenSSL is affected by this issue. In Red Hat Enterprise Linux, the cryptographic libraries GnuTLS and NSS are not affected by this issue as they intentionally do not enable SSLv2.

Customers who are running services that have the SSLv2 protocol enabled could be affected by this issue.

Red Hat has rated this issue as having Important security severity. A successful attack would need to be able to leverage a number of conditions and require an attacker to be a Man-in-the-Middle.

Red Hat advises that SSLv2 is a protocol that should no longer be considered safe and should not be used in a modern environment. Red Hat updates for OpenSSL can be found here: https://access.redhat.com/security/cve/cve-2016-0800. The updates cause the SSLv2 protocol to be disabled by default.

Our OpenSSL updates also include several other lower priority security fixes which are each described in the Errata. Your organization should review those issues as well when assessing risk.

If you are a Red Hat Insights customer, a test has been added to identify servers affected by this issue.

What do you need to do?

If you are unsure of any details surrounding this issue in your environment, you should apply the update and restart services as appropriate. For detailed technical information please see the Red Hat vulnerability article.

Security protocols don’t turn 21 every day, so let’s turn off SSLv2, raise a glass, and DROWN one’s sorrows. Cheers!

About The Author

mjc1@redhat.com's picture

Mark J. Cox

Mark J Cox lives in Scotland and is the Senior Director of Product Security at Red Hat with responsibility over all Red Hat products. Over the last 23 years, Mark has developed software and worked on the security teams of some of the most popular open source projects, including Apache, mod_ssl, and ...