ESB-2018.1522 - [Appliance] Symantec products: Multiple vulnerabilities 2018-05-17

Printable version
PGP/GPG verifiable version

Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

               Symantec products vulnerable to ROBOT attack
                                17 May 2018


        AusCERT Security Bulletin Summary

Product:           Symantec SSLV
                   Symantec IntelligenceCenter
Publisher:         Symantec
Operating System:  Network Appliance
Impact/Access:     Access Privileged Data         -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-18268 CVE-2017-15533 

Original Bulletin:

Comment: Note that Symantec IntelligenceCenter does not yet have a patch,
         but Symantec SSLV does.

- --------------------------BEGIN INCLUDED TEXT--------------------

SA160: Return of the Bleichenbacher Oracle Threat (ROBOT)

Security Advisory ID: SA160
Published Date: May 16, 2018
Advisory Status: Interim
Advisory Severity: Medium
CVSS v2 base score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE Number: 
CVE-2017-15533 - 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2017-18268 - 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Symantec Network Protection products using affected SSL/TLS server
implementations and RSA key exchange are susceptible to a variation of the
Bleichenbacher adaptive chosen ciphertext attack.  A remote attacker, who has
captured a pre-recorded encrypted SSL session to the target, can establish a
large number of crafted SSL connections to the target and obtain the session
keys required to decrypt the pre-recorded SSL session.

Affected Products:

The following products are vulnerable:

IC 3.3 is vulnerable.  Only the management web UI is affected.

SSL Visibility
SSLV 3.8.4FC, 3.10 prior to, 3.11 and 3.12 prior to are
vulnerable when performing SSL inspection on intercepted SSL/TLS traffic, but
exploiting the vulnerability is not known to be practical.  See the Advisory
Details section for more information.  The SSLV 3.8.4FC, 3.10, 3.11, and 3.12
management web user interfaces are not vulnerable.  SSLV 4.0, 4.1, and 4.2 are
not vulnerable on any SSL interfaces.

The following products are not vulnerable:
Advanced Secure Gateway
Android Mobile Agent
Symantec HSM Agent for the Luna SP
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
Content Analysis
General Auth Connector Login Application
IntelligenceCenter Data Collector
Mail Threat Defense
Malware Analysis
Management Center
Norman Shark Industrial Control System Protection
Norman Shark Network Protection
Norman Shark SCADA Protection
PacketShaper S-Series
PolicyCenter S-Series
ProxyAV ConLog and ConLogXP
Security Analytics
SSL Visibility
Unified Agent
X-Series XOS

Advisory Details: 

Symantec Network Protection products using affected SSL/TLS libraries as an SSL
server and cipher suites with RSA key exchange are susceptible to the Return of
Bleichenbacher's Oracle Threat (ROBOT), which is a new variation of the
Bleichenbacher adaptive chosen ciphertext attack.

In the original Bleichenbacher attack, a remote attacker, who has recorded or
obtained a pre-recorded encrypted SSL session, can exploit the padding oracle
flaw in an SSL/TLS server by establishing a large number of crafted SSL
connections.  With each connection, the server leaks a small amount of
information about the original secret in the pre-recorded session.  After
approximately one million crafted connections to the server, the Bleichenbacher
attacker can recover the original secret, compute the session keys and decrypt
the encrypted data exchanged during the pre-recorded session.

The ROBOT attack is a new variation of the Bleichenbacker attack that uses
modified attack vectors to discover padding oracles in SSL server
implementations.  The ROBOT attack classifies padding oracles as follows:

  * A "strong oracle" leaks sufficient information per crafted SSL connection
    to allow recovering the pre-recorded SSL session's keys with the same
    efficiency as the original Bleichenbacher attack (approximately one million
    crafted connections).
  * A "weak oracle" does not leak sufficient information per crafted SSL
    connection and requires multiple millions of crafted connections to recover
    the session keys for a single pre-recorded SSL session.  ROBOT attacks
    against weak oracles are considered impractical.

Symantec Network Protection products are vulnerable as follows:

  * CVE-2017-18268 is a strong padding oracle flaw in the IntelligenceCenter
    3.3 management web UI.
  * CVE-2017-15533 is a weak padding oracle flaw in SSLV 3.x when intercepting
    SSL/TLS traffic.


The ROBOT attack is only possible on SSL sessions established using RSA key
exchange.  Disabling RSA key exchange cipher suites on SSL/TLS servers behind
SSLV and enabling only cipher suites using DHE and ECDHE key exchange prevents
this attack.


IC 3.3 - a fix is not available at this time.

SSL Visibility
SSLV 3.12 - a fix is available in
SSLV 3.11 - a fix will not be provided.  Please upgrade to a later release with
the vulnerability fixes.
SSLV 3.10 - a fix is available in
SSLV 3.8.4FC - a fix will not be provided.  Please upgrade to a later release
with the vulnerability fixes.


The ROBOT Attack -
CERT Vulnerability Note VU#144389 -
CVE-2017-15533 -
CVE-2017-18268 -

Advisory History: 

2018-05-16 initial public release

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.


« Back to bulletins