Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

OpenSSL Security Advisory [05 Jun 2014]

How does today's OpenSSL news relate to our F5s?

http://www.openssl.org/news/secadv_20140605.txt

5
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I'd mostly concur with Arie here. If you're using TMOS v11.4 or earlier (including v10.x) you are completely unaffected regardless of your configuration.

  • If using v11.5.x TMM related SSL/TLS traffic (terminated on your F5) will only be affected if you are using COMPAT ciphers, see here for more detail on that: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html.

  • If using V11.5.x HMS Management Traffic may be at risk but hopefully your management interface resides in a secure network and you don't manage via a public facing Self IP.

  • As above for iControl.

  • As above if the big3d running on your F5 (regardless of version) was installed by a GTM running v11.5.x.

A read through the Heartbleed SOL will give you a good idea of what uses OpenSSL etc. http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

3
Comments on this Answer
Comment made 05-Jun-2014 by czacek 26
This is right in line with what I found through my own research. Good news.
0
Comment made 09-Jun-2014 by AnotherGeek 0
I'm not fully convinced that <v11 is not vulnerable. There's a python script over here... http://www.tripwire.com/state-of-security/incident-detection/detection-script-for-cve-2014-0224-openssl-cipher-change-spec-injection/ that when run against my 10.2.4 build actually show successful early CCS injection.... but I'm still validating things. YMMV [TLSv1.2] x.x.x.x:443 allows early CCS [TLSv1.1] x.x.x.x:443 rejected early CCS [TLSv1] x.x.x.x:443 allows early CCS [SSLv3] x.x.x.x:443 allows early CCS ***This System Exhibits Potentially Vulnerable Behavior***
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

By default F5 does not use OpenSSL. Pending an official answer from F5 I would surmise that this newly discovered vulnerability does not affect F5-users. There are some (relatively rare) configurations that could use OpenSSL, but just as with Heartbleed there shouldn't be a problem if you use the default configuration for SSL (i.e. terminate SSL on the F5-device).

2
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

It is likely that the F5 APM product is vulnerable to the DTLS related vulnerabilities in the announcement. It is certainly the most concerning here as it meets the requirements of 1) running OpenSSL and 2) supporting DTLS.

DTLS support was added to the APM in version 10.1 (see: http://support.f5.com/kb/en-us/solutions/public/11000/200/sol11246.html)

2
Comments on this Answer
Comment made 05-Jun-2014 by What Lies Beneath 6703
Good point, thanks. As with LTM though, only an issue if using TMOS v11.5.x and COMPAT ciphers.
0
Comment made 05-Jun-2014 by ericc01 104
For the MITM vulnerability (CVE-2014-0224) the APM should only be affected if you are 11.5 or higher, yes. 11.5 *may* also be vulnerable to CVE-2014-3470 for anonymous ECDH DoS as the NATIVE cipher suite contains ECDH ciphers (affects clients only though, could be limited to outbound traffic?). With APM though I am talking about the two DTLS related CVEs of CVE-2014-0221 and CVE-2014-0195, one of which is remote code execution capable. DTLS is a part of APM, but the question is if having the DTLS disabled in all of the APM Network Access List configurations is enough to avoid the vulnerability?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Please see my article. CVE-2014-0224 is the worst vulnerability, but the article discusses all of them.

BIG-IP versions 11.5.0 and 11.5.1 contain OpenSSL 1.0.1 for the management GUI. These versions are vulnerable to CVE-2014-0224 only on the management interface. We'll be patching that soon. We'll be patching older releases which contain vulnerable client code over time.

BIG-IP 11.5.0 and 11.5.1 virtual servers doing TLS termination are not vulnerable. (Unless you are using COMPAT ciphers with 11.5.0 or 11.5.1. This is very rare.)

There are some tools that show virtual servers doing TLS termination as vulnerable. This is not correct for reasons that I hope I made clear in the article linked above.

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can check this AskF5 SOL for the most current response from F5 on the recent OpenSSL vulnerabilities:

SOL15325 - OpenSSL vulnerability - CVE-2014-0224

Aaron

0
Comments on this Answer
Comment made 06-Jun-2014 by arai.a 0
I've confirmed the SOL. Can we say OpenSSL 0.9.8 isn't vulnerable on earlier version than V11.5? I've confirmed following description, http://ccsinjection.lepidum.co.jp/ This site is described by founder of the vulnerability. This document describes that all versions before OpenSSL 0.9.8y as Affected Versions. However, openssl documentation says as following, ---------------------------------------------- https://www.openssl.org/news/secadv_20140605.txt The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. ---------------------------------------------- Maybe F5's judgement was followed by this openssl description. But final line of this is very difficult to understand. It says BIG-IP earlier than 11.5 are advised to upgrade as a precaution, Many end-user refer to the site of http://ccsinjection.lepidum.co.jp/ and ask us about this point. Can we really clearly say that BIG-IP earlier than 11.5 aren't vulnerable?
0
Comment made 06-Jun-2014 by arai.a 0
Sorry, I've found following document, and it clearly describes the point what I want to confirm. https://sect.iij.ad.jp/d/2014/06/069806.html
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I have read SOL15325. It states that:

  • All BIG-IP versions contain vulnerable client side code.
  • Only virtual servers using an SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable in BIG-IP 11.5.0 and 11.5.1.

It is unclear to me if server side (SSLserver profile) sessions using the NATIVE cipher suite are vulnerable or not? I.e., what exactly is 'client side code'? Does 'client' refer to the 'client side' on the BIG-IP or does 'client side' refer to the OpenSSL client code?

It is unclear to me if a NATIVE cipher suite SSL server side connection (i.e., a VS with a serverssl profile) uses OpenSSL (might be vulnerable) or the hardware accelerator chips (not vulnerable).

F5 please clarify?

0
Comments on this Answer
Comment made 24-Jun-2014 by MegaZone
Frank, Think of it this way. Server = the BIG-IP *receiving* an incoming connection request. Client = the BIG-IP *initiating* a connection request. And note this only applies when OpenSSL is in use - so it does not apply when Native ciphers are being used. It only applies to Compat ciphers or 'host-side' SSL connections - management GUI, curl, etc. For most customers following best practices the impact is minimal.
0