Date: Wed, 3 Jun 1998 16:30:02 -0400
From: CERT Bulletin <[email protected]>
To: [email protected]Subject: CERT Vendor-Initiated Bulletin VB-98.05 - cisco
-----BEGIN PGP SIGNED MESSAGE-----
CERT* Vendor-Initiated Bulletin VB-98.05
June 03, 1998
Topic: PIX Private Link Key Processing and Cryptography Issues
Source: Cisco
To aid in the wide distribution of essential security information, the CERT
Coordination Center is forwarding the following information from Cisco.
Cisco urges you to act on this information as soon as possible. Cisco contact
information is included in the forwarded text below; please contact them if
you have any questions or need further information.
=======================FORWARDED TEXT STARTS HERE============================
- -----BEGIN PGP SIGNED MESSAGE-----
Field Notice:
PIX Private Link Key Processing and Cryptography Issues
June 3, 1998
Summary
=======
PIX Private Link is an optional feature that can be installed in Cisco PIX
firewalls. PIX Private Link creates IP virtual private networks over
untrusted networks, such as the Internet, using tunnels encrypted with Data
Encryption Standard (DES) in ECB ("electronic codebook") mode.
An error in parsing of configuration file commands reduces the effective key
length for the PIX Private Link DES encryption to 48 bits from the nominal
56 bits.
Who Is Affected
===============
All users of the PIX Private Link encryption product with PIX software
versions earlier than the date of this notice are affected. This includes
all PIX Private Link software through version 4.1.6.
Impact
======
If attackers know the details of the key-parsing error in the PIX Private
Link software, they will know 8 bits of the key ahead of time. This reduces
the effective key length from the attacker's point of view from 56 to 48
bits. This reduction of the effective key length reduces the work involved
in a brute-force attack on the encryption by a factor of 256. That is,
knowledgeable attackers can, on the average, find the right key 256 times
faster than they would be able to find it with a true 56-bit key.
In addition to this key-length issue, some customers have expressed concern
over the use of DES ECB mode for PIX Private Link encryption. Although the
use of ECB mode is intentional, ECB is not generally considered to be the
best mode in which to employ DES, because it tends to simplify certain forms
of cryptanalysis and may permit certain replay attacks. Technical details of
the relative merits of various encryption modes are beyond the scope of this
document. Interested readers should refer to a cryptography text for more
information, such as Bruce Schneier's Applied Cryptography.
Details
=======
This vulnerability has been assigned Cisco bug ID CSCdk11848.
Affected Software Versions
- - ------------------------
This vulnerability affects all released versions of PIX Private Link
software with version numbers up to and including 4.1.6, and all
beta/interim software released earlier than the date of this notice.
Planned Software Fixes
- - --------------------
The first regular release containing a fix for this problem will be version
4.2.1, which is tentatively scheduled for release in late June 1998. This
schedule is subject to change. Fixes for the 4.1 software release have not
yet been scheduled.
This fix extends the effective DES key length to a full 56 bits; ECB mode is
still used.
Customers who need to upgrade immediately may contact Cisco's Technical
Assistance Center (TAC) to obtain interim software. Interim software has not
been subjected to full testing; it has a greater chance of containing
serious bugs than would regular released software.
Interim releases are available only by special request from the Cisco TAC,
not via the regular download channels. Cisco advises customers to install
interim releases only if absolutely necessary. Customers who choose to
install interim releases should plan to upgrade to the regular released
software when it becomes available.
When the fix is installed, it will be necessary to upgrade both ends of each
Private Link tunnel at the same time. This is because key the modified key
parsing algorithm will lead old and new versions to derive different
encryption keys from the same configuration file.
Software upgrades to correct this key-length problem will be offered free of
charge to all PIX Private Link customers, regardless of their service
contract status. Customers under contract may obtain upgrades through their
usual procedures. Customers not under contract should call the Cisco TAC.
Contact information for the TAC is in the "Cisco Security Procedures"
section at the end of this message, and is available on Cisco's Worldwide
Web site at http://www.cisco.com/.
The use of ECB mode was a deliberate design decision for the PIX Private
Link product, and will not be changed. However, future IPSEC/IKE products
for the PIX platforms will use other encryption modes.
Workarounds
- - ---------
There is no configuration workaround.
Exploitation and Public Announcements
Cisco has had no reports of malicious exploitation of this vulnerability.
Cisco knows of no public announcements of this vulnerability before the date
of this notice. This vulnerability was discovered by an engineering analysis
conducted by a Cisco customer at a security incident response organization.
Status of This Notice
This is a final field notice. Although Cisco cannot guarantee the accuracy
of all statements in this notice, all the facts have been checked to the
best of our ability. Cisco does not anticipate issuing updated versions of
this notice unless there is some material change in the facts. Should there
be a significant change in the facts, Cisco may update this notice.
Distribution
- - ----------
This notice will be posted on Cisco's Worldwide Web site at
http://www.cisco.com/warp/public/770/pixkey-pub.shtml. In addition to
Worldwide Web posting, the initial version of this notice is being sent to
the following e-mail and Usenet news recipients:
* [email protected]
* [email protected]
* comp.security.firewalls
* [email protected]
* [email protected] (includes CERT/CC)
* Various internal Cisco mailing lists
Future updates of this notice, if any, will be placed on Cisco's Worldwide
Web server, but may or may not be actively announced on mailing lists or
newsgroups. Users concerned about this problem are encouraged to check the
URL given above for any updates.
Revision History
- - --------------
Revision 1.0, Initial released version
08:00 AM
US/Pacific,
03-JUN-1998
Cisco Security Procedures
Please report security issues with Cisco products, and/or sensitive security
intrusion emergencies involving Cisco products, to [email protected].
Reports may be encrypted using PGP; public RSA and DSS keys for
"[email protected]" are on the public PGP keyservers.
The alias "[email protected]" is used only for reports incoming to
Cisco. Mail sent to the list goes only to a very small group of users within
Cisco. Neither outside users nor unauthorized Cisco employees may subscribe
to "[email protected]".
Please do not use "[email protected]" for configuration questions,
for security intrusions that you do not consider to be sensitive
emergencies, or for general, non-security-related support requests. We do
not have the capacity to handle such requests through this channel, and will
refer them to the TAC, delaying response to your questions. We advise
contacting the TAC directly with these requests. TAC contact numbers are as
follows:
* +1 800 553 2447 (toll-free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: [email protected]
All formal public security notices generated by Cisco are sent to the public
mailing list "[email protected]". For information on
subscribing to this mailing list, send a message containing the single line
"info cust-security-announce" to "[email protected]". An analogous list,
"[email protected]" is available for public discussion of the
notices and of other Cisco security issues.
This notice is copyright 1998 by Cisco Systems, Inc. This notice may be
redistributed freely after the release date given at the top of the notice,
provided that redistributed copies are complete and unmodified, including
all date and version information.
- -----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNXVhZgyPsuGbHvEpAQHBnQf+MjqCUsvPoiVYVsiCKcXKYqlzc3CaBUM2
V78tQDBn+3Em2U5rAvIR3RhXQ3gL43QGMQsK7+q70cO3bjyWFsvXxWR41+ll9TjC
mU9GVfxevTJEi1GHep2LcOy1iEwWRwqw++67DJjklxM7dvPs8l7ExCjarXeFjHy9
bYNLBkSHhcck3oPxmLrYRn2tGp7QGfyJPDw9zbFvps3jSgN3WpI22QC8vJNLS6O1
vueDYGQfTQMRufYjfVb1qS/PqYZyYnClnhWHuUlEHpEqN9az8H+vsgwh2wUQLw+a
mtyCKAov1r9C68+DmP2Ws2xVUmUO+RPFTUdezTa5pKlwfk6OQ2J9yw==
=8gFB
- -----END PGP SIGNATURE-----
========================FORWARDED TEXT ENDS HERE=============================
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST). See http://www.first.org/team-info/.
We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact
the CERT staff for more information.
Location of CERT PGP key
ftp://ftp.cert.org/pub/CERT_PGP.key
CERT Contact Information
- ------------------------
Email [email protected]
Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.
Fax +1 412-268-6989
Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA
CERT publications, information about FIRST representatives, and other
security-related information are available from
http://www.cert.org/ftp://ftp.cert.org/pub/
CERT advisories and bulletins are also posted on the USENET newsgroup
comp.security.announce
To be added to our mailing list for CERT advisories and bulletins, send your
email address to
[email protected]
In the subject line, type
SUBSCRIBE your-email-address
* Registered U.S. Patent and Trademark Office.
The CERT Coordination Center is part of the Software Engineering
Institute (SEI). The SEI is sponsored by the U. S. Department of Defense.
This file: ftp://ftp.cert.org/pub/cert_bulletins/VB-98.05.cisco
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNXWYuXVP+x0t4w7BAQFL2gP9HM8Se4K0FGbou+3ZC5Y4IaxC0hrGVuiv
Qc4XIwdIN2skPCsP4ceS/rK4Tx99URovCUO2RB8MZqfmZZ0tyHdzcuqulBGKiDUx
UpYgi9Tqm098H/6mHMi9qS2aYpUDCNrFlzpWPxLSa7EF8q944XRQwrkTE1KN7CRE
EJlFAY6aRhU=
=b2Eh
-----END PGP SIGNATURE-----