KB Article | Forcepoint Support

Problem Description

KBA Severity
CVE-2018-0734 – Medium
CVE-2019-1559 – Medium

CVE Numbers
CVE-2018-0734
CVE-2019-1559

KBA Summary
OpenSSL vulnerabilities.
 
Affected Products
Forcepoint Sidewinder

KBA Detailed Information
The following descriptions are from NIST.

CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

CVE References

Resolution

Hotfix and Information About Other Fixes

The following patches are available to resolve these vulnerabilities:
 
 Sidewinder 7.0.1.03Sidewinder 8.3.2
CVE-2018-07347.0.1.03E1268.3.2E182* or 8.3.2P12
CVE-2019-1559 7.0.1.03E1268.3.2E182* or 8.3.2P12
*indicates patch is obsoleted by a newer patch

Sidewinder download information
User name:     atl-963845ro
User password: 34bT4hF3AFJn
Server name:   csftp.us.stonesoft.com
https://csftp.us.stonesoft.com
https://csftp.us.stonesoft.com/file/access.pl?username=atl-963845ro&password=34bT4hF3AFJn
ftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload
sftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload

Article Feedback



Thank you for the feedback and comments.