Skip to page contents

---

Select language...       English English (US) Deutsch Español Français Italiano 中文 (Chinese)

Extranet    | Home | Legal & Privacy Notice | Search | Sitemap | 

---

---

Products and Solutions    Training    Support    Partners    How to Buy Contact | About us | Press & Media | Investor Relations

---

Support Offering | Security Advisories | Technical Product Documentation | Request support | Evaluation Licenses | Product Life-cycle | License Center | Downloads |

---

---

---

Home » EN » Support » Security Advisories » 20 May, 2008: Weak Random Number Generators in Stonesoft Products

---

Stonesoft Corporation Security Advisory

Date:   20 May, 2008
Title:  Weak Random Number Generators in Stonesoft Products
Refs:   DSA-1571, CVE-2008-0166
Severity: High

1. Overview

Debian published a security advisory on 13 May 2008 about a predictable random number generator included with the Debian Linux distribution. All cryptographical keys generated in the vulnerable systems may be guessable, enabling unauthorized decrypting and man-in-the-middle attacks.

Stonesoft products are affected as stated below.

2. StoneGate Firewall and VPN

A predictable random number generator is included in some StoneGate High Availability Firewall and VPN engine versions. This may have affected weak SSL/TLS and SSH keys.

Only the StoneGate Firewall and VPN engine versions 4.2.0 and 4.2.1 contain weak random number generators. The Firewall and VPN engines before version 4.2.0 and the Firewall and VPN engine 4.2.2 are not vulnerable.

StoneGate Firewall and VPN engine generates the SSL/TLS and SSH keys at the time when the engine is installed for the first time. Further upgrades do not change the keys. Therefore those StoneGate Firewall and VPN engine installations that have been first installed with version 4.2.0 or 4.2.1 contain weak keys, even if these engines have been upgraded later to 4.2.2. Similarly, the Firewall and VPN engines that have originally been installed with a version lower than 4.2.0 do not suffer from this vulnerability, even if they have been upgraded later to 4.2.0 or 4.2.1.

StoneGate Firewall and VPN management connections are protected  with SSL/TLS encryption and certificate authentication. These management connections may be subject to data leakage and man-in-the-middle attacks, if the engine keys have been generated with the vulnerable version of random number generator.

Optional SSH connections to the StoneGate Firewall and VPN  engine may be subject to data leakage and man-in-the-middle  attacks, if the engine keys have been generated with the  vulnerable version of random number generator.

Recommended Actions:

The StoneGate Firewall and VPN users who are using engines that  have been first installed with version 4.2.0 or 4.2.1 should  upgrade to 4.2.2 and generate new SSL/TLS and SSH keys. It  should be noted that just an upgrade to a non-vulnerable engine version is not enough, but the keys must be regenerated as well.

The SSH keys can be regenerated by deleting the SSH key files in the engine and by rebooting the engine. The SSL/TLS keys can be regenerated by deleting the SSL/TLS keys, rebooting the engine and running a new initial contact with the management server. It is also possible to regenerate all vulnerable keys by performing  a factory reset to the engine and then initiating a new initial contact to the management server. It is important to upgrade to the non-vulnerable engine 4.2.2 before regenerating the keys. The initial contact requires a policy refresh from the management server after the initial contact has been successful.

The SSH keys are stored as the following files in the Firewall engine:
/data/config/ssh/ssh_host_dsa_key
/data/config/ssh/ssh_host_dsa_key.pub
/data/config/ssh/ssh_host_rsa_key
/data/config/ssh/ssh_host_rsa_key.pub

The SSL/TLS keys are stored as the following files in the Firewall engine:
/data/config/tls/certificate.pem
/data/config/tls/private-key.pem
/data/config/tls/node-cert-id

It is recommended to disable the SSH service in the engine until the keys have been regenerated.

3. StoneGate IPS Sensor and Analyzer

A predictable random number generator is included in StoneGate IPS Sensor and Analyzer engine. This has affected weak SSL/TLS and SSH keys.

The StoneGate IPS Sensor and Analyzer versions 4.0.0, 4.1.0 - 4.1.2 and 4.2.0 - 4.2.2 contain weak random number generators.

Stonesoft has released new StoneGate IPS Sensor and Analyzer versions 4.0.1, 4.1.3 and 4.2.3 to fix the vulnerability.

StoneGate IPS management connections are protected with SSL/TLS encryption and certificate authentication. These management connections may be subject to data leakage and man-in-the-middle attacks, if the engine keys have been generated with the vulnerable version of random number generator.

The optional SSH connections to the StoneGate IPS engine may be subject to data leakage and man-in-the-middle attacks, if the engine keys have been generated with the vulnerable version of random number generator.

Recommended Actions:

The StoneGate IPS users are recommended to upgrade to the new engine version 4.0.1, 4.1.3 or 4.2.3 and to re-generate the SSL/TLS and SSH keys. It should be noted that just an upgrade to a non-vulnerable engine version is not enough, but the keys must be re-generated as well.

The SSH keys can be regenerated by deleting the SSH key files in the engine and by rebooting the engine. The SSL/TLS keys can be regenerated by deleting the SSL/TLS keys, rebooting the engine and by running a new initial contact with the management server. It is also possible to regenerate all vulnerable keys by performing a factory reset to the engine and then initiating a new initial contact to the management server. It is important to upgrade to a non-vulnerable engine version before regenerating the keys. The initial contact requires a policy refresh from the management server after the initial contact has been successful.

The SSH keys are stored as the following files in the IPS engine:
/data/config/ssh/ssh_host_dsa_key
/data/config/ssh/ssh_host_dsa_key.pub
/data/config/ssh/ssh_host_rsa_key
/data/config/ssh/ssh_host_rsa_key.pub

The SSL/TLS keys are stored as the following files in the IPS engine:
/data/config/analyzer/node-cert.pem
/data/config/analyzer/node-private-key.pem
/data/config/analyzer/node-cert_id.txt
/data/config/sensor/node-cert.pem
/data/config/sensor/node-private-key.pem
/data/config/sensor/sendlogd.pem
/data/config/sensor/node-cert_id.txt

It is recommended to disable the SSH service in the engine until the keys have been regenerated.

4. StoneGate SSL VPN

A predictable random number generator is included in StoneGate SSL VPN engine. This has affected weak SSL/TLS and SSH keys.

All released StoneGate SSL VPN engine versions up to 1.1.0 contain weak random number generators.

Stonesoft plans to release a new StoneGate SSL VPN version 1.1.1 to fix the vulnerability.

StoneGate SSL VPN Access Point connections, as well as the Administrator Web interface are protected with SSL/TLS encryption and certificate authentication. Unless the SSL/TLS keys have been generated outside of the SSL VPN engine and imported to the engine, these connections are subject to data leakage and man-in-the-middle attacks.

The optional SSH connections to the StoneGate SSL VPN engine is subject to data leakage and man-in-the-middle attacks.

Recommended Actions:

We strongly encourage all StoneGate SSL VPN users who have not created their Access Point SSL/TLS keys outside of the StoneGate SSL VPN engine to do so and to import the keys to the engine. This can be done with any version of the SSL VPN and we urge to do it immediately.

The tools to create the Access Point SSL/TLS keys are available in the StoneGate SSL VPN Administrator Web interface front page. After the keys have been imported, the StoneGate SSL VPN engine must be rebooted. The procedure is documented in PDF document "Creating a Certificate Signing Request" that is linked from StoneGate SSL VPN Administrator Web interface front page. The document is also available at Stonesoft web site at:
http://www.stonesoft.com/system/galleries/download/sg_sslvpn_man/Creating_a_Certificate_Signing_Request.pdf.

If you want to use a self-signed certificate, you may sign the certificate request generated following the above instructions with the command "openssl x509 -signkey private.key -req -in server.csr -out servercert.pem -days 1095". After this command the certificate is in the file servercert.pem.

The StoneGate SSL VPN users are recommended to upgrade to the new engine version 1.1.1 as soon as it will be available. Furthermore, the SSH keys and the SSL/TLS keys for the Administrator Web interface should be regenerated after the upgrade.

The SSH keys can be regenerated by deleting the SSH key files in the engine and by rebooting the engine. The SSH keys can be deleted by deleting all files under the /data/config/ssh directory. This should not be done before upgrading the SSL VPN engine to version 1.1.1 or later.

The SSL/TLS keys for the SSL VPN Web Console can be regenerated by deleting the file /data/webmin/etc/miniserv.pem in the engine and by rebooting the engine. This should not be done before upgrading the SSL VPN engine to version 1.1.1 or later.

It is recommended to disable the SSH service in the engine until the SSH keys have been regenerated.

5. StoneGate Management Center

The StoneGate Management Center is not affected.

6. StoneGate VPN Client

The StoneGate VPN Client is not affected.

7. StoneBeat HA

StoneBeat HA is not affected.

8. StoneBeat Clustering Products

StoneBeat Clustering products are not affected.

9. Appendices

Stonesoft Security Analysis Group's PGP key is available at: http://www.stonesoft.com/system/galleries/download/other_files/Stonesoft-Security-Alert.asc

To report or to inquire about a security problem with Stonesoft software, please contact one or more of the following:

Stonesoft Support
Stonesoft Security Analysis Group: security-alert@stonesoft.com


The information contained in this advisory is provided on an as-is basis. Stonesoft does not make any warranties of any kind with respect to the information contained in this advisory. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES ARE HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.

IN NO EVENT WILL STONESOFT CORPORATION BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN THIS ADVISORY.

If any of the above provisions are held to be in violation of applicable law, void, or unenforceable in any jurisdiction, then such provisions are waived to the extent necessary for this disclaimer to be otherwise enforceable in such  jurisdiction.

Copyright 2008 Stonesoft Corporation. All rights reserved.

Stonesoft, StoneGate and StoneBeat are trademarks or registered trademarks of Stonesoft Corporation in Finland and other countries. All other company and product names contained herein are property of their respective holders. This advisory may be reproduced and distributed only in its unaltered form and only for non-commercial purposes.

---