Think you have a false positive on this rule?

Sid 1-33796

Message

SERVER-OTHER SSL export grade ciphersuite server negotiation attempt

Summary

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORTRSA issues associated with servers or other TLS implementations.

Impact

CVSS base score 4.3 CVSS impact score 2.9 CVSS exploitability score 8.6 confidentialityImpact NONE integrityImpact PARTIAL availabilityImpact PARTIAL

CVE-2015-0204:

CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

CVE-2015-1637:

CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

CVE-2015-4000:

CVSS base score 3.7

CVSS impact score 1.4

CVSS exploitability score 2.2

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Detailed information

CVE-2015-0204: The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORTRSA issues associated with servers or other TLS implementations.

CVE-2015-1637: Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.

CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then rewriting a ServerHello with DHEEXPORT replaced by DHE, aka the "Logjam" issue.

Affected systems

  • openssl openssl 0.9.8zc
  • openssl openssl 1.0.0a
  • openssl openssl 1.0.0b
  • openssl openssl 1.0.0c
  • openssl openssl 1.0.0d
  • openssl openssl 1.0.0e
  • openssl openssl 1.0.0f
  • openssl openssl 1.0.0g
  • openssl openssl 1.0.0h
  • openssl openssl 1.0.0i
  • openssl openssl 1.0.0j
  • openssl openssl 1.0.0k
  • openssl openssl 1.0.0l
  • openssl openssl 1.0.0m
  • openssl openssl 1.0.0n
  • openssl openssl 1.0.0o
  • openssl openssl 1.0.1a
  • openssl openssl 1.0.1b
  • openssl openssl 1.0.1c
  • openssl openssl 1.0.1d
  • openssl openssl 1.0.1e
  • openssl openssl 1.0.1f
  • openssl openssl 1.0.1g
  • openssl openssl 1.0.1h
  • openssl openssl 1.0.1i
  • openssl openssl 1.0.1j
  • microsoft windows2003server *
  • microsoft windows_7 *
  • microsoft windows_8 -
  • microsoft windows_8.1 -
  • microsoft windows_rt -
  • microsoft windowsrt8.1 -
  • microsoft windowsserver2008 *
  • microsoft windowsserver2008 r2
  • microsoft windowsserver2012 -
  • microsoft windowsserver2012 r2
  • microsoft windows_vista *
  • apple safari *
  • apple iphone_os 8.3
  • apple macosx 10.10.3
  • google chrome -
  • ibm content_manager 8.5
  • microsoft ie *
  • mozilla firefox *
  • mozilla firefox 39.0
  • mozilla firefox_esr 31.8
  • mozilla firefox_esr 38.1.0
  • mozilla networksecurityservices 3.19
  • mozilla seamonkey 2.35
  • mozilla thunderbird 31.8
  • mozilla thunderbird 38.1
  • mozilla firefox_os 2.2
  • openssl openssl 1.0.1m
  • openssl openssl 1.0.2a
  • opera opera_browser -
  • oracle jdk 1.6.0
  • oracle jdk 1.7.0
  • oracle jdk 1.8.0
  • oracle jre 1.6.0
  • oracle jre 1.7.0
  • oracle jre 1.8.0
  • oracle jrockit r28.3.6
  • oracle sparc-oplserviceprocessor 1121
  • canonical ubuntu_linux 12.04
  • canonical ubuntu_linux 14.04
  • canonical ubuntu_linux 14.10
  • canonical ubuntu_linux 15.04
  • debian debian_linux 7.0
  • debian debian_linux 8.0
  • hp hp-ux b.11.31
  • suse linuxenterprisedesktop 12
  • suse linuxenterpriseserver 11.0
  • suse linuxenterpriseserver 12
  • suse linuxenterprisesoftwaredevelopmentkit 12

Ease of attack

CVE-2015-0204:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2015-1637:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2015-4000:

Access Vector

Access Complexity

Authentication

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • freakattack.com
  • technet.microsoft.com/en-us/security/bulletin/ms15-031