[4eyes] [COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack

Jay Byungkyu Kang bkang at umail.ucsb.edu
Sun Nov 23 21:02:23 PST 2014 

Hi Matthew,

I've taken the same action on 128.111.28.116 as Donghao did.
(Disabled SSLv3 and updated the system)

Thanks!
-Jay

> On Nov 23, 2014, at 8:03 AM, Donghao Ren <donghaoren at cs.ucsb.edu> wrote:
> 
> Hi Matthew,
> 
> 128.111.28.121 is mine, I’ve disabled SSLv3 on it and upgraded its softwares.
> 
> Thanks,
> - Donghao
> 
>> On Nov 23, 2014, at 3:44 AM, Matthew Turk <mturk at cs.ucsb.edu> wrote:
>> 
>> There are three lab machines that need patching. Please see the email below and check on your machine’s IP address.
>> 
>> Thanks,
>>                Matthew
>> 
>> From: Jeff Oakes [mailto:joakes at engineering.ucsb.edu] 
>> Sent: Friday, November 21, 2014 4:48 PM
>> To: mturk at cs.ucsb.edu
>> Cc: holl at cs.uscb.edu
>> Subject: Fwd: [COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
>> 
>> Hi All,
>> 
>> could you please let your students know that the following machines need patching:
>> 
>> ilab-116.cs.ucsb.edu             128.111.28.116   Vulnerable   This server supports the SSL v3 protocol. 
>> ilab-119.cs.ucsb.edu             128.111.28.119   Vulnerable 
>> ilab-121.cs.ucsb.edu             128.111.28.121   Vulnerable 
>> 
>> Thanks,
>> 
>> Jeff
>> 
>> 
>> -------- Original Message -------- 
>> Subject: 
>> [COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
>> Date: 
>> Fri, 21 Nov 2014 10:16:07 -0800
>> From: 
>> security at ucsb.edu via CoE Support <help at engineering.ucsb.edu>
>> Reply-To: 
>> help at engineering.ucsb.edu
>> 
>> 
>> Fri Nov 21 10:16:06 2014: Request 62572 was acted upon.
>> Transaction: Ticket created by security at ucsb.edu
>>       Queue: General
>>     Subject: [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
>>       Owner: Nobody
>>  Requestors: security at ucsb.edu
>>      Status: new
>> Ticket <URL: https://rt.engr.ucsb.edu/Ticket/Display.html?id=62572 >
>> 
>> 
>> Greetings,
>> 
>> It is possible to obtain sensitive information from the following 
>> remote hosts with SSL/TLS-enabled services:
>> 
>> 128.111.28.72
>> 128.111.28.86
>> 128.111.28.116
>> 128.111.28.119
>> 128.111.28.121
>> 128.111.40.6
>> 128.111.40.186
>> 128.111.40.190
>> 128.111.40.196
>> 128.111.40.208
>> 128.111.40.209
>> 128.111.40.217
>> 128.111.40.248
>> 128.111.41.12
>> 128.111.41.13
>> 128.111.41.24
>> 128.111.41.40
>> 128.111.41.47
>> 128.111.41.61
>> 128.111.41.97
>> 128.111.41.99
>> 128.111.41.136
>> 128.111.41.241
>> 128.111.41.242
>> 128.111.41.246
>> 128.111.43.247
>> 128.111.44.98
>> 128.111.44.156
>> 128.111.44.173
>> 128.111.45.37
>> 128.111.46.53
>> 128.111.46.81
>> 128.111.46.188
>> 128.111.46.190
>> 128.111.46.227
>> 128.111.46.228
>> 128.111.46.236
>> 128.111.46.243
>> 128.111.46.245
>> 128.111.48.9
>> 128.111.48.141
>> 128.111.48.237
>> 128.111.52.10
>> 128.111.52.72
>> 128.111.52.101
>> 128.111.52.241
>> 128.111.52.242
>> 128.111.55.2
>> 128.111.55.9
>> 128.111.55.19
>> 128.111.68.187
>> 128.111.68.215
>> 128.111.68.217
>> 128.111.68.221
>> 128.111.179.130
>> 128.111.179.143
>> 128.111.179.144
>> 128.111.179.150
>> 
>> 
>> Description :
>> 
>> The remote host is affected by a man-in-the-middle (MitM) information
>> disclosure vulnerability known as POODLE. The vulnerability is due to
>> the way SSL 3.0 handles padding bytes when decrypting messages
>> encrypted using block ciphers in cipher block chaining (CBC) mode. A
>> MitM attacker can decrypt a selected byte of a cipher text in as few
>> as 256 tries if they are able to force a victim application to
>> repeatedly send the same data over newly created SSL 3.0 connections.
>> 
>> As long as a client and service both support SSLv3, a connection can
>> be "rolled back" to SSLv3, even if TLSv1 or newer is supported by the
>> client and service.
>> 
>> The TLS Fallback SCSV mechanism prevents "version rollback" attacks
>> without impacting legacy clients however, it can only protect
>> connections when the client and service support the mechanism. Sites
>> that cannot disable SSLv3 immediately should enable this mechanism.
>> 
>> This is a vulnerability in the SSLv3 specification, not in any
>> particular SSL implementation. Disabling SSLv3 is the only way to
>> completely mitigate the vulnerability.
>> 
>> See also :
>> 
>> https://www.imperialviolet.org/2014/10/14/poodle.html
>> https://www.openssl.org/~bodo/ssl-poodle.pdf
>> https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
>> 
>> Solution :
>> 
>> Disable SSLv3.
>> 
>> Services that must support SSLv3 should enable the TLS Fallback SCSV
>> mechanism until SSLv3 can be disabled.
>> 
>> Thank you,
>> 
>> --
>> E. Todd Atkins
>> Network Security Coordinator, Infrastructure
>> Enterprise Technology Services
>> University of California, Santa Barbara 
>> http://www.ets.ucsb.edu
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Ilab-users mailing list
>> Ilab-users at lists.cs.ucsb.edu
>> https://lists.cs.ucsb.edu/mailman/listinfo/ilab-users
> 
> 
> _______________________________________________
> Ilab-users mailing list
> Ilab-users at lists.cs.ucsb.edu
> https://lists.cs.ucsb.edu/mailman/listinfo/ilab-users

More information about the Ilab-users mailing list