Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

Security Issue - IBM Domino AES GCM weak nonce generation vulnerability

Daniel Nashed  29 March 2016 12:02:24
There is a new vulnerability affecting AES GCM ciphers which have been introduced in 9.01. FP3 (enabled by default).
For very large data sets, IBM Domino Web servers using TLS and AES GCM generate a weak nonce which could be potentially used for a man-in-the-middle-attack.


All Domino 9 versions supporting those ciphers are affected and there is  new IF (9.0.1 FP5 IF2) which addresses this issue.


The IBM Domino AES GCM weak nonce generation vulnerability is tracked as SPR #KLYHA6ZP4F.

If you cannot update your server you should change your cipher spec to exclude those ciphers.


The following cipher spec would only allow the CBC ciphers and leave out the 6 GCM ciphers currently supported.


notes.ini SSLCipherSpecÀ28006BC0140039C0270067C013003D0035003C002F000A


The better option would be to install IF2.


Also the new Interims Fix includes a couple of other fixes. Including a fix for the Domino Console introduced by disabling MD5 in the last JVM patch as posted before.
There is no detail how SPR #RSSNA6UU79 addressed the console issue. I had no time to test it in detail yet.

Update 31.3.2016: There is a new issue with the Server Controller if you have applied the JVM fix as well.
The solution is to re-install the latest JVM patch which has apparently a fix as well.
See this new blog post for details -->
http://blog.nashcom.de/nashcomblog.nsf/dx/server-controller-issue-when-applying-9.0.1-fp5-if2.htm

SPR Description
KLYHA6ZP4F Security Bulletin: Vulnerability in IBM Domino Web Server TLS AES GCM Nonce Generation (technote 1979604) Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
EDOE9HZLXH Using the colon character in the Domino server title break the Java console. Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
MKINA86V2A The Java console applet needs to be updated for Oracle JVMs Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
MKINA85TJB The java console applet needs the same fix as SODY9FFEYE (technote 1662233) Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
MKINA85TEQ The java console applet needs the same fix as SODY9DDBD5 (technote 1662233) Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
PMGYA4CHDZ Fixes intermittent Domino Server and Notes Client crash when organization is doing a key rollover. Crash occurs on both client and server side when trying to connect. Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
RSSNA6UU79 Domino Console won't connect even when scontroller is running (technote 1977125)






Details and references:


http://www.ibm.com/support/docview.wss?uid=swg21979604

CVEID: CVE-2016-0270 / DESCRIPTION: IBM Domino contains an unspecified vulnerability that could lead to session snooping using man-in-the-middle techniques.

Comments

1Sascha Troll  30.03.2016 18:09:35  Security Issue - IBM Domino AES GCM weak nonce generation vulnerability

After installing this fix, I am not longer able to connect to Domino Console now.

Updating to the new Client Fix 9.0.1FP5SHF237 also wont change.

I checked the java security settings and all recommendations arent valid for the security file on my server.

Have to open a PMR I think.

2Craig Wiseman  31.03.2016 14:20:53  Security Issue - IBM Domino AES GCM weak nonce generation vulnerability

FWIW,

I installed this patch on my test server (32bit Domino on Windows) and AMgr crashed the server every time it started.... with no logging on why and no NSD.

I then did a clean install on 9.0.1, applied FP5 and then this hotfix, and AMgr still died.

I then rolled back to FP5 and applied IF1 and things are stable. I'm going to look at what agents are scheduled and see if there's something odd with my set up.

FYI/YMMV

Archives


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]