SIP over TLS: X.509 peer authentication vulnerability in Ingate products
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SIP over TLS: X.509 peer authentication vulnerability in Ingate products
========================================================================
Product: Ingate Firewall and Ingate SIParator
Versions: all current versions
Tracking ID: 2829
Summary
=======
The OpenSSL project has released an advisory titled "RSA Signature
Forgery (CVE-2006-4339)". This advisory possibly affects some
installations of Ingate Firewall and Ingate SIParator.
To be affected, you have to use an external CA and SIP over TLS. See
below for details.
The IPsec implementation is not affected by this issue.
Impact
======
It may be possible for an attacker to connect using SIP over TLS even
if an X.509 client certificate is required. It may be possible for an
attacker to intercept connections to TLS-secured servers that the
Ingate product initiates.
Affected versions
=================
All current versions of Ingate Firewall and Ingate SIParator are
affected.
Details
=======
The vulnerability is only exploitable if an X.509 certificate uses an
RSA key with exponent 3. The Ingate product never creates such keys
by itself, but if an external CA is used, and if that CA uses exponent
3, the configuration may be vulnerable. Most CAs uses exponent 65537,
and certificates issued by them are not vulnerable.
SIP installations are vulnerable if any of the certificates in the
"TLS CA Certificates" table on the "Signaling Encryption" tab uses
exponent 3.
How to determine if an X.509 certificate uses exponent 3
========================================================
If you have the OpenSSL package installed, you can examine a
certificate with a command such as this (assuming that the X.509
certificate is stored in PEM format in the file named "cert.cer").
openssl x509 -inform pem -in cert.cer -text
Among the lines printed, there will be a line such as:
Exponent: 65537 (0x10001)
If it says 3 instead of 65537 the certificate is vulnerable.
Workarounds
===========
Switch to a CA that don't use exponent 3. If that is not possible,
turn off the SIP module.
Fix
===
Since Ingate believes that few of our customers use an external CA
that uses exponent 3, we plan to resolve this issue in the next
regular release. Contact <support@xxxxxxxxxx> to obtain a patch that
fixes this problem if you are affected.
Background
==========
The OpenSSL advisory is available here:
http://www.openssl.org/news/secadv_20060905.txt
Further questions regarding this issue can be directed to
support@xxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFFCRhgTl5zjNKUYI4RAncPAJ0YvMYY9M9elI7Wtt5djt0ZzUg2TQCeKBe8
Gro5v7fwPMRlCU4Kxzj+M7A=
=iTB4
-----END PGP SIGNATURE-----