Jump to content


Photo

Security Advisories

Security Vulnerability; Advisory; Exploit; CVE;

  • This topic is locked This topic is locked
23 replies to this topic

#21 Markus Lang

Markus Lang
  • Moderators
  • 371 posts

Posted 20 April 2017 - 03:49 AM

Linux Kernel Vulnerability - CVE-2017-6214
 
Summary: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
 
Risk Rating: Medium
 
Affected Products: Barracuda NextGen Firewall
 
Details: The Barracuda NextGen Firewall is only affected by this vulnerability in case the following two conditions in an Access Rule are met at the same time: The Application Ruleset is disabled and the TCP Policy "Generic TCP-Proxy" is enabled. 
 
Mitigations and Workarounds: We are currently working on respective Hotfixes which will be available shortly. 

Senior Product Manager

#22 Oliver Braekow

Oliver Braekow
  • Moderators
  • 165 posts
  • LocationInnsbruck, Austria

Posted 03 August 2017 - 08:05 AM

Important Security Hotfix

Summary:

Security hotfix to address an issue that could lead to unauthorized, low privilege access via the management IP addresses.

Description:

Several hotfixes were released on Aug 3rd 2017 to address an internally discovered logic error in the configuration process which could allow an attacker to gain unauthorized low privilege access to the NextGen Firewall via the management IP addresses.

Affected products:

The logic error exists in the following versions of the NextGen Firewall F series firewalls as well as NextGen Control Centers since firmware 5.2.3:

  • 5.2.x - end of support reached - please upgrade to newer firmware
  • 5.4.x - end of support reached - please upgrade to newer firmware
  • 6.0.x - resolved in Hotfix 837
  • 6.1.x - end of support reached - please upgrade to newer firmware
  • 6.2.x - resolved in Hotfix 836
  • 7.0.0 - resolved in Hotfix 838
  • 7.0.1 - resolved in Hotfix 834
  • 7.0.2 without Hotfix 825 - resolved in Hotfix 834
  • 7.0.2 with Hotfix 825 - resolved in Hotfix 839
  • 7.0.3 The issue is resolved in maintenance release 7.0.3 released on Aug 3rd. 2017.
  • 7.1.0 - resolved in Hotfix 835

Mitigation:

The Hotfixes released today fully mitigate the issue in the affected versions. Hotfixes are available in the download portal: https://dlportal.barracudanetworks.com.

Additionally, with firmware release 7.0.0 or newer the hotfix corresponding to the current fimware release will be displayed in the UPDATES section of the General Dashboard on NextGen Firewalls F-Series.

Additionally, with firmware release 7.0.0 or newer the hotfixes will be available from the Download Portal tab of the CONTROL -> Firmware Updates section on NextGen Control Centers.

 

 

We further recommend that customers isolate the management IP addresses to a trusted local network. The NextGen Firewall supports setting additional ACLs for accessing the management interface that can further increase security. Finally, we also recommend setting strong passwords on all accounts or configuring key based authentication and disabling password authentication.

 

Instructions on setting up ACLs and key based authentication are available here:

How to Change the Root Password and Management ACL

How to Configure Key-Based SSH Authentication for the Root User

How to Configure Certificate Based Authentication for the Root User



#23 Markus Lang

Markus Lang
  • Moderators
  • 371 posts

Posted 17 October 2017 - 03:20 AM

Key Reinstallation Attack (KRACK) Vulnerability 
 
Summary: Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse
 
Details: On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.
 
Risk Rating: High
 
Affected Products: Our investigations indicate that currently only Barracuda NextGen Firewall Wi-Fi Models used under Wi-Fi Client mode are affected:
F101
F201
F301
F80
F82.DSLA
F82.DSLB
F180
F183
F280
FSC1
 
Mitigations and Workarounds: We are currently working on respective Hotfixes that address these vulnerabilities.
 
Update - October 18, 2017:
 
Summary: Hotfixes have been made available. We do recommend to update your systems also in case the firewall is used under Access Point mode.
 
Fixed Vulnerabilities:
  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Mitigations and Workarounds:
 

Senior Product Manager

#24 Markus Lang

Markus Lang
  • Moderators
  • 371 posts

Posted 30 October 2017 - 04:51 AM

DUHK Vulnerability 
 
Summary: DUHK (Don't Use Hard-coded Keys) is a vulnerability that affects devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key.
 
Details: The ANSI X9.31 RNG is an algorithm that until recently was commonly used to generate cryptographic keys that secure VPN connections and web browsing sessions, preventing third parties from reading intercepted communications. DUHK allows attackers to recover secret encryption keys from vulnerable implementations and decrypt and read communications passing over VPN connections or encrypted web sessions.
 
Risk Rating: High
 
Affected Products: NONE - The Barracuda NextGen Firewalls (X and F-Series) are NOT affected. Hard-coded seed keys and/or the vulnerable RNG are not used/supported.
 
Mitigations and Workarounds:

Senior Product Manager