A flaw in the signature verification of RSA public keys or certificates could cause Reflection and EXTRA! clients to accept forged signatures from a server resulting in successful man-in-the-middle attacks. This technical note describes the vulnerability (US-CERT Vulnerability Note VU #845620), affected Reflection and EXTRA! applications, and available solutions and workarounds.
This note includes the following sections:
There is a flaw in signature verification that affects RSA public keys and digital certificates created with a public exponent of 3. This flaw results from improper processing of the PKCS-1 padding before generating the hash. This allows a remote attacker to forge the PKCS#1 v1.5 signature signed by the RSA key and attempt a man-in-the-middle attack by masquerading as the valid server.
For details, see the CERT web site at http://www.kb.cert.org/vuls/id/845620.
The following Attachmate applications are vulnerable:
Product patches and service packs are available to correct this vulnerability in all affected applications. Maintained customers can obtain all necessary product updates from the Attachmate Download Library as directed below.
Maintained users of Reflection for Secure IT Windows Client version 6.0 and 6.1 should upgrade to Reflection for Secure IT Windows Client 6.1 Service Pack 1 (SP1) or higher.
Maintained users of Reflection for Secure IT Windows Server version 6.0 and 6.1 should upgrade to Reflection for Secure IT Windows Server 6.1 Service Pack 2 (SP2) or higher.
Maintained users of Reflection for Secure IT UNIX Client or UNIX Server version 6.0 and 6.1 should upgrade to Reflection for Secure IT UNIX Client or UNIX Server 6.1 Service Pack 2 (SP2) or higher.
Maintained users of the following Reflection 2008 products should apply the Reflection service pack appropriate for their product:
Maintained users of Reflection for IBM 2007 should upgrade to Reflection for IBM 2008 R1 SP1 or higher.
Maintained users of the following Reflection products (version 13.0 14.x) should apply the appropriate Reflection patch or service pack.
Maintained users of Reflection 14.0 should upgrade to Reflection 14.0 SP1 or higher. For information about Reflection 14.0 SP1 or higher (including file download details), see Technical Note 2127.
Maintained users of Reflection 13.013.0.4 should upgrade to Reflection 13.0.5 or higher.
For Reflection Windows-based products version 8.012.0.X, contact your sales representative for information about upgrading your product to correct this vulnerability. For information about contacting Attachmate, see http://www.attachmate.com/Worldwide/.
Maintained EXTRA! users should upgrade to EXTRA! 9.1 or higher.
To workaround this security vulnerability, make sure that all RSA keys are generated with a public exponent greater than 3. The Reflection ssh-keygen utility has never generated RSA keys with public exponents of 3, so any keys generated by this utility are not subject to this vulnerability.
The security for all of the Reflection and EXTRA! products using the Reflection and EXTRA! security features depends upon the security of the operating system, host, and network environment. Attachmate strongly recommends that you evaluate and implement all relevant security service packs, updates, and patches recommended by your operating system, host, and network manufacturers.