This week has brought about the latest security vulnerability. Google’s Thai Duong, Krzysztof Kotowicz, and Bodo Möller made the vulnerability — POODLE (Padding Oracle On Downgraded Legacy Encryption) — public on Tuesday, October 14, 2014. POODLE is a padding oracle attack affecting Secure Sockets Layer (SSL) version 3 and in particular, CBC-mode ciphers. This vulnerability opens the door for possible man-in-the-middle attacks.
Adam Langley of Google provides some additional insight into POODLE:
“This should be an academic curiosity because SSLv3 was deprecated very nearly 15 years ago. However, the Internet is vast and full of bugs. The vastness means that a non-trivial number of SSLv3 servers still exist and workarounds for the bugs mean that an attacker can convince a browser to use SSLv3 even when both the browser and server support a more recent version. Thus, this attack is widely applicable.” (Emphasis not added)
He also provided some guidance for mitigation via TLS_FALLBACK_SCSV.
And Matthew Green, Assistant Research Professor of the Johns Hopkins Information Security Institute, provides an excellent summary of the vulnerability on his blog:
“it allows a clever attacker who can (a) control the Internet connection between your browser and the server, and (b) run some code (e.g., script) in your browser to potentially decrypt authentication cookies for sites such as Google, Yahoo and your bank.”
You may recall this isn’t the first time CBC has fallen under scrutiny; however, the other cipher used in SSLv3, RC4, has as well: BEAST, Lucky Thirteen, RC4 in TLS and WPA.
Zimbra and POODLE
Zimbra has provided guidance below regarding Zimbra’s products. For customers or partners: 1) if you leverage a SSL offload appliance please reach out to your appliance provider for guidance; 2) if Zimbra is hosting your solution, you will receive a direct communication from Zimbra in the next 48 hours.
We will provide updates to this post as new developments take shape. Thank you for your patience and understanding.
Zimbra Collaboration
Zimbra is providing documentation for how to disable SSLv3 for all instances of Zimbra Collaboration (8.0.x & 8.5.x), and is tracking the vulnerability in Zimbra’s bugzilla.
Zimbra Community/Social
For our community/social product, you must disable SSLv3 on your IIS server, which Microsoft has provided guidance for.
The original post contains an error; it doesn’t specify the name of the new (or generally existing) DWORD value that needs to be changed. The correct entry is named “Enabled”. If this exists, it should be set to “0” as the article specifies, if it does not, it should be created per the article’s instructions.
Zimbra Sync and Share (formerly Mezeo)
While Zimbra Sync and Share is not publicly available, we want to provide guidance for anyone running the software.
The server typically uses SSL termination at the load-balancer and not the product itself. In the cases where customer’s needs require a load-balancer, we help customers deploy HAProxy — who has written a POODLE mitigation blog post for their product
Additional Information
Several browser, server and OS vendors have posted tech notes or blogs:
Stupid program. It’s getting impossible to change your tiny display fonts. How the hell do you do anything if you can’t even read what’s in front of you.
Are there official patches in the works?
Hi Mike,
Sorry I missed your comment earlier. Yes, we are working on patches for poodle as well as addressing the SSL issue.
Thanks,
Brendan Cosgrove
Director of Product Management
Zimbra
Will there be any patch/guide on how to disable SSLv3 on single-server 7.x installations? thanks
Hello Fernando,
The wiki was updated to include 7.x instructions. Please review this and let us know if you have any other questions, https://wiki.zimbra.com/wiki/How_to_disable_SSLv3#ZCS_7.x.y
Thanks,
Matthew
Yes, I read and implemented those measures, but they only work for proxied installs and postfix – AdminUI and general web access are still vulnerable.
Hi,
You recommended haproxy. How can Haproxy frontend then admin page backend?
Thanks,
Eddel
Hi Eddel,
Best place to ask the technical questions is here:
http://community.zimbra.com/collaboration/
Thanks,
Rob
Running 8.5.1 and a scan detects these vulnerable ciphers on port 993. Your wiki says it is not possible to resolve at this time. That is unacceptable! We have to be compliant for a PCI-DSS scan that is due next week. Please advise a fix.
Hi Phil, I will escalate this immediately.
Just a note of warning for those searching for information:
It appears that some fixes for this were included in ZCS 8.6.0. However, after an update to 8.6.0 all Mac Outlook users (using IMAP transport) are completely locked out of being able to connect to ZCS.
We have a support ticket going and there are other folks reporting it on the Community site, with no reasonable solution seen yet.
Be forewarned… the Wiki page warns that very old clients such as Windows Phone 7 and ancient versions of MSIE can be affected, but says nothing about Outlook Mac 2011 and beyond.
(We’ve tested with both the boxed and fully updated 14.x.x version and the new 15.x.x version only available to O365 subscribers. Neither work.)
Be careful doing an 8.6.0 upgrade if you have Outlook Mac IMAP users.
Additionally, this wiki does NOT give information on how to REVERT changes made in 8.6.0 specifically — some of the changes to disable SSLv3 in 8.5.0 MIGHT work to revert it on 8.6.0, but there’s no guarantees…
https://wiki.zimbra.com/wiki/How_to_disable_SSLv3
Additional link noting problem:
http://community.zimbra.com/collaboration/f/1886/t/1137082
No responses.
Hi guys,
If you have problems login with IMAPS or Outlook in Mac, or Outlook in Windows, please try this commands and let us know:
zmprov mcf +zimbraMailboxdSSLProtocols SSLv2Hello
zmmailboxdctl restart
This issue will be fixed in Zimbra Collaboration 8.7
Best regards