EGI SVG Advisories

Title:       EGI CSIRT 'MEDIUM' Risk - 'POODLE' vulnerability in SSL version 3

Date:        2014-10-16
Updated

Introduction
============

A protocol vulnerability in SSL version 3 has recently been disclosed
by Google researchers. The vulnerability, codenamed POODLE ("Padding
Oracle On Downgraded Legacy Encryption"), makes it possible to perform
a man-in-the-middle-attack against connections protected by SSLv3.

POODLE is a weakness in the protocol itself, not in any particular
application, so all implementations of SSLv3 are vulnerable.

For successful exploitation of POODLE, an attacker needs to be able to
trigger a large amount of SSLv3 connections with partly
attacker-controlled content, and also needs to be able to intercept
and modify the encrypted SSLv3 traffic.

EGI CSIRT has assessed POODLE as MEDIUM risk in the context of
ordinary HTTPS web servers and as LOW risk in the context of grid
services.

EGI CSIRT recommends SSLv3 support to be disabled wherever feasible -
please refer to the compatibility notes below.


Details
=======

SSLv3 provides support for only the RC4 stream cipher or a block
cipher in CBC mode. RC4 is already known to leak information if an
attacker can observe many connections with constant data. As it turns
out, the CBC cipher is also vulnerable, leaving SSLv3 without any
secure ciphers.

For full details on the problems with the CBC cipher, please see the
advisory from the original reporters:

  https://www.openssl.org/~bodo/ssl-poodle.pdf


Compatibility notes
===================

Disabling SSLv3 support on web servers may lead to compatibility
problems with elderly clients like IE6 on Windows XP, which do not
support more secure protocol versions.

There are unconfirmed reports that the Evolution mail client is unable
to connect to IMAPS servers which have SSLv3 support disabled.


Credits
=======

POODLE was discovered by Bodo Möller, Thai Duong and Krzysztof
Kotowicz.