Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
Daniel Nashed 29 March 2016 10:02:24
There is a new vulnerability affecting AES GCM ciphers which have been introduced in 9.01. FP3 (enabled by default).For very large data sets, IBM Domino Web servers using TLS and AES GCM generate a weak nonce which could be potentially used for a man-in-the-middle-attack.
All Domino 9 versions supporting those ciphers are affected and there is new IF (9.0.1 FP5 IF2) which addresses this issue.
The IBM Domino AES GCM weak nonce generation vulnerability is tracked as SPR #KLYHA6ZP4F.
If you cannot update your server you should change your cipher spec to exclude those ciphers.
The following cipher spec would only allow the CBC ciphers and leave out the 6 GCM ciphers currently supported.
notes.ini SSLCipherSpecÀ28006BC0140039C0270067C013003D0035003C002F000A
The better option would be to install IF2.
Also the new Interims Fix includes a couple of other fixes. Including a fix for the Domino Console introduced by disabling MD5 in the last JVM patch as posted before.
There is no detail how SPR #RSSNA6UU79 addressed the console issue. I had no time to test it in detail yet.
Update 31.3.2016: There is a new issue with the Server Controller if you have applied the JVM fix as well.
The solution is to re-install the latest JVM patch which has apparently a fix as well.
See this new blog post for details --> http://blog.nashcom.de/nashcomblog.nsf/dx/server-controller-issue-when-applying-9.0.1-fp5-if2.htm
| SPR | Description | |
| KLYHA6ZP4F | Security Bulletin: Vulnerability in IBM Domino Web Server TLS AES GCM Nonce Generation (technote 1979604) | |
| EDOE9HZLXH | Using the colon character in the Domino server title break the Java console. | |
| MKINA86V2A | The Java console applet needs to be updated for Oracle JVMs | |
| MKINA85TJB | The java console applet needs the same fix as SODY9FFEYE (technote 1662233) | |
| MKINA85TEQ | The java console applet needs the same fix as SODY9DDBD5 (technote 1662233) | |
| PMGYA4CHDZ | Fixes intermittent Domino Server and Notes Client crash when organization is doing a key rollover. Crash occurs on both client and server side when trying to connect. | |
| RSSNA6UU79 | Domino Console won't connect even when scontroller is running (technote 1977125) |
Details and references:
http://www.ibm.com/support/docview.wss?uid=swg21979604
CVEID: CVE-2016-0270 / DESCRIPTION: IBM Domino contains an unspecified vulnerability that could lead to session snooping using man-in-the-middle techniques.
- Comments [2]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}