[4eyes] [COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
Matthew Turk
mturk at cs.ucsb.edu
Sun Nov 23 03:44:12 PST 2014
There are three lab machines that need patching. Please see the email below and check on your machine’s IP address.
Thanks,
Matthew
From: Jeff Oakes [mailto:joakes at engineering.ucsb.edu]
Sent: Friday, November 21, 2014 4:48 PM
To: mturk at cs.ucsb.edu
Cc: holl at cs.uscb.edu
Subject: Fwd: [COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
Hi All,
could you please let your students know that the following machines need patching:
ilab-116.cs.ucsb.edu 128.111.28.116 Vulnerable This server supports the SSL v3 protocol.
ilab-119.cs.ucsb.edu 128.111.28.119 Vulnerable
ilab-121.cs.ucsb.edu 128.111.28.121 Vulnerable
Thanks,
Jeff
-------- Original Message --------
Subject:
[COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
Date:
Fri, 21 Nov 2014 10:16:07 -0800
From:
security at ucsb.edu via CoE Support <mailto:help at engineering.ucsb.edu> <help at engineering.ucsb.edu>
Reply-To:
help at engineering.ucsb.edu
Fri Nov 21 10:16:06 2014: Request 62572 was acted upon.
Transaction: Ticket created by security at ucsb.edu
Queue: General
Subject: [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
Owner: Nobody
Requestors: security at ucsb.edu
Status: new
Ticket <URL: https://rt.engr.ucsb.edu/Ticket/Display.html?id=62572 >
Greetings,
It is possible to obtain sensitive information from the following
remote hosts with SSL/TLS-enabled services:
128.111.28.72
128.111.28.86
128.111.28.116
128.111.28.119
128.111.28.121
128.111.40.6
128.111.40.186
128.111.40.190
128.111.40.196
128.111.40.208
128.111.40.209
128.111.40.217
128.111.40.248
128.111.41.12
128.111.41.13
128.111.41.24
128.111.41.40
128.111.41.47
128.111.41.61
128.111.41.97
128.111.41.99
128.111.41.136
128.111.41.241
128.111.41.242
128.111.41.246
128.111.43.247
128.111.44.98
128.111.44.156
128.111.44.173
128.111.45.37
128.111.46.53
128.111.46.81
128.111.46.188
128.111.46.190
128.111.46.227
128.111.46.228
128.111.46.236
128.111.46.243
128.111.46.245
128.111.48.9
128.111.48.141
128.111.48.237
128.111.52.10
128.111.52.72
128.111.52.101
128.111.52.241
128.111.52.242
128.111.55.2
128.111.55.9
128.111.55.19
128.111.68.187
128.111.68.215
128.111.68.217
128.111.68.221
128.111.179.130
128.111.179.143
128.111.179.144
128.111.179.150
Description :
The remote host is affected by a man-in-the-middle (MitM) information
disclosure vulnerability known as POODLE. The vulnerability is due to
the way SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining (CBC) mode. A
MitM attacker can decrypt a selected byte of a cipher text in as few
as 256 tries if they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0 connections.
As long as a client and service both support SSLv3, a connection can
be "rolled back" to SSLv3, even if TLSv1 or newer is supported by the
client and service.
The TLS Fallback SCSV mechanism prevents "version rollback" attacks
without impacting legacy clients however, it can only protect
connections when the client and service support the mechanism. Sites
that cannot disable SSLv3 immediately should enable this mechanism.
This is a vulnerability in the SSLv3 specification, not in any
particular SSL implementation. Disabling SSLv3 is the only way to
completely mitigate the vulnerability.
See also :
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
Solution :
Disable SSLv3.
Services that must support SSLv3 should enable the TLS Fallback SCSV
mechanism until SSLv3 can be disabled.
Thank you,
--
E. Todd Atkins
Network Security Coordinator, Infrastructure
Enterprise Technology Services
University of California, Santa Barbara
http://www.ets.ucsb.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cs.ucsb.edu/pipermail/ilab-users/attachments/20141123/2a68b2c5/attachment.html>
More information about the Ilab-users
mailing list