openSSL: Cross-protocol attack on TLS using SSLv2 (CVE-2016-0800 aka DROWN)

This document (7017297) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 Service Pack 1

SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 11 Service Pack 3 LTSS (SLES 11 SP3 LTSS)
SUSE Linux Enterprise Server 11 Service Pack 2 LTSS (SLES 11 SP2 LTSS)

Situation

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys fo the non-vulnerable server.
This vulnerability is also known as DROWN (for "Decrypting RSA using Obsolete and Weakened eNcryption"

Resolution

The issue can be avoided by disabling the SSLv2 protocol in all the SSL/TLS servers. Disabling all SSLv2 ciphers is also sufficient, provided the patches from CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed.

SUSE has release a patch that will disable SSLv2 protocol altogether by default as well as disabling all EXPORT ciphers. The patch also checks environment variables to allow customers to unbreak applications that mandatory need SSLv2:
OPENSSL_ALLOW_SSL2              - allow ssl2 protocol, default off
OPENSSL_ALLOW_EXPORT            - allow export ciphers, default off


SLES 12 SP1
  • openssl-1.0.1i-44.1 was released 1st of March 2016
SLES 12
  • openssl-1.0.1i-27.13.1 was released 1st of March 2016
SLES 11 SP4
  • openssl-0.9.8j-0.89.1 was released 1st of March 2016
SLES 11 SP3 LTSS
  • openssl-0.9.8j-0.89.1 was released 1st of March 2016
SLES 11 SP2 LTSS
  • openssl-0.9.8j-0.89.1 was released 1st of March 2016

Servers have to be patched with these versions to be safe.

Cause


Additional Information

Please review CVE-2016-0800 for Patch details.

The vulnerability was released here: drownattack.com

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7017297
  • Creation Date: 25-Feb-2016
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center