[4eyes] [COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack

Matthew Turk mturk at cs.ucsb.edu
Mon Nov 24 18:43:40 PST 2014 

116 and 121 have been accounted for. Will you all please check to see if your machine is 128.111.28.119?

Thanks,
	Matthew

-----Original Message-----
From: Donghao Ren [mailto:donghaoren at cs.ucsb.edu] 
Sent: Sunday, November 23, 2014 8:03 AM
To: Matthew Turk
Cc: ilab-users at lists.cs.ucsb.edu; Jeff Oakes; holl at cs.uscb.edu
Subject: Re: [4eyes] [COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack

Hi Matthew,

128.111.28.121 is mine, I’ve disabled SSLv3 on it and upgraded its softwares.

Thanks,
- Donghao

> On Nov 23, 2014, at 3:44 AM, Matthew Turk <mturk at cs.ucsb.edu> wrote:
> 
> There are three lab machines that need patching. Please see the email below and check on your machine’s IP address.
>  
> Thanks,
>                 Matthew
>  
> From: Jeff Oakes [mailto:joakes at engineering.ucsb.edu] 
> Sent: Friday, November 21, 2014 4:48 PM
> To: mturk at cs.ucsb.edu
> Cc: holl at cs.uscb.edu
> Subject: Fwd: [COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
>  
> Hi All,
> 
> could you please let your students know that the following machines need patching:
> 
> ilab-116.cs.ucsb.edu             128.111.28.116   Vulnerable   This server supports the SSL v3 protocol. 
> ilab-119.cs.ucsb.edu             128.111.28.119   Vulnerable 
> ilab-121.cs.ucsb.edu             128.111.28.121   Vulnerable 
> 
> Thanks,
> 
> Jeff
> 
> 
> -------- Original Message -------- 
> Subject: 
> [COE #62572] [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
> Date: 
> Fri, 21 Nov 2014 10:16:07 -0800
> From: 
> security at ucsb.edu via CoE Support <help at engineering.ucsb.edu>
> Reply-To: 
> help at engineering.ucsb.edu
>  
> 
> Fri Nov 21 10:16:06 2014: Request 62572 was acted upon.
> Transaction: Ticket created by security at ucsb.edu
>        Queue: General
>      Subject: [UCSB-OIT #640251] Hosts Vulnerable to POODLE Attack
>        Owner: Nobody
>   Requestors: security at ucsb.edu
>       Status: new
>  Ticket <URL: https://rt.engr.ucsb.edu/Ticket/Display.html?id=62572 >
>  
>  
> Greetings,
>  
> It is possible to obtain sensitive information from the following 
> remote hosts with SSL/TLS-enabled services:
>  
> 128.111.28.72
> 128.111.28.86
> 128.111.28.116
> 128.111.28.119
> 128.111.28.121
> 128.111.40.6
> 128.111.40.186
> 128.111.40.190
> 128.111.40.196
> 128.111.40.208
> 128.111.40.209
> 128.111.40.217
> 128.111.40.248
> 128.111.41.12
> 128.111.41.13
> 128.111.41.24
> 128.111.41.40
> 128.111.41.47
> 128.111.41.61
> 128.111.41.97
> 128.111.41.99
> 128.111.41.136
> 128.111.41.241
> 128.111.41.242
> 128.111.41.246
> 128.111.43.247
> 128.111.44.98
> 128.111.44.156
> 128.111.44.173
> 128.111.45.37
> 128.111.46.53
> 128.111.46.81
> 128.111.46.188
> 128.111.46.190
> 128.111.46.227
> 128.111.46.228
> 128.111.46.236
> 128.111.46.243
> 128.111.46.245
> 128.111.48.9
> 128.111.48.141
> 128.111.48.237
> 128.111.52.10
> 128.111.52.72
> 128.111.52.101
> 128.111.52.241
> 128.111.52.242
> 128.111.55.2
> 128.111.55.9
> 128.111.55.19
> 128.111.68.187
> 128.111.68.215
> 128.111.68.217
> 128.111.68.221
> 128.111.179.130
> 128.111.179.143
> 128.111.179.144
> 128.111.179.150
>  
>  
> Description :
>  
> The remote host is affected by a man-in-the-middle (MitM) information
> disclosure vulnerability known as POODLE. The vulnerability is due to
> the way SSL 3.0 handles padding bytes when decrypting messages
> encrypted using block ciphers in cipher block chaining (CBC) mode. A
> MitM attacker can decrypt a selected byte of a cipher text in as few
> as 256 tries if they are able to force a victim application to
> repeatedly send the same data over newly created SSL 3.0 connections.
>  
> As long as a client and service both support SSLv3, a connection can
> be "rolled back" to SSLv3, even if TLSv1 or newer is supported by the
> client and service.
>  
> The TLS Fallback SCSV mechanism prevents "version rollback" attacks
> without impacting legacy clients however, it can only protect
> connections when the client and service support the mechanism. Sites
> that cannot disable SSLv3 immediately should enable this mechanism.
>  
> This is a vulnerability in the SSLv3 specification, not in any
> particular SSL implementation. Disabling SSLv3 is the only way to
> completely mitigate the vulnerability.
>  
> See also :
>  
> https://www.imperialviolet.org/2014/10/14/poodle.html
> https://www.openssl.org/~bodo/ssl-poodle.pdf
> https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
>  
> Solution :
>  
> Disable SSLv3.
>  
> Services that must support SSLv3 should enable the TLS Fallback SCSV
> mechanism until SSLv3 can be disabled.
>  
> Thank you,
>  
> --
> E. Todd Atkins
> Network Security Coordinator, Infrastructure
> Enterprise Technology Services
> University of California, Santa Barbara 
> http://www.ets.ucsb.edu
>  
>  
>  
>  
> _______________________________________________
> Ilab-users mailing list
> Ilab-users at lists.cs.ucsb.edu
> https://lists.cs.ucsb.edu/mailman/listinfo/ilab-users

More information about the Ilab-users mailing list