Security report indicates vulnerabilities on port 5634 used by VIOM (Veritas Infoscale Operations Manager)

book

Article ID: 100031711

calendar_today

Updated On:

Description

Description

Several security reports indicate vulnerabilities for port 5634.This port is used by the xprtld process within the VIOM (Veritas Infoscale Operations Manager) domain for communications between the CMS (Central Management Server) and MH (Managed Host).

The SSL ciphers used by xprtld may be identified as susceptible to the below vulnerabilities:

  • CVE-2011-3389
    An information disclosure vulnerability exists in the SSL 3.0 and TLS 1.0 encryption protocols. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability exist in the protocol itself and primarily impacts HTTPS traffic since the browser is the primary attack vector. All web traffic served via HTTPS, or mixed content HTTP/HTTPS, is affected. 

    More information about this vulnerability is available from the National Vulnerability Database of the NIST (National Institute of Standards and Technology).
    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389

 

  • CVE-2013-2566
    A group of researchers found a vulnerability in the RC4 algorithm as used in the TLS and SSL protocols.

    More information about this vulnerability is available from the National Vulnerability Database of the NIST (National Institute of Standards and Technology).
    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566

Solution

1) Upgrade the VIOM CMS and MHs to the latest version. Updates and hotfixes are available from https://downloads.infoscale.com

2) In addition to that, make the following changes to the VRTSatlocal.conf file.

Unix: /var/opt/VRTSsfmh/sec/root/.VRTSat/profile/VRTSatlocal.conf

Windows: \ProgramData\Symantec\VRTSsfmh\sec\systemprofile\VRTSatlocal.conf  

Change SSLCipherSuite settings from

"SSLCipherSuite"="HIGH:MEDIUM:!aNULL:!eNULL:!SSLv2"

to

"SSLCipherSuite"="HIGH:HIGH:!RC4:!MD5:!aNULL:!eNULL:!SSLv2".


3. Restart the VIOM services on the servers where the VRTSatlocal.conf file was modified.

 

To disable TLS v1 and v1.1 and avoid the SWEET32 vulnerability, complete these steps

A) On Managed Hosts:

1a) Stop xprtld 

# /opt/VRTSsfmh/adm/xprtldctrl stop

2a) Make edits to both files using values stated below:

# vi /var/opt/VRTSsfmh/sec/.VRTSat/profile/VRTSatlocal.conf
# vi /var/opt/VRTSsfmh/sec/root/.VRTSat/profile/VRTSatlocal.conf
 
Previous:
> "AllowTLSV1"=dword:00000001
> "SSLCipherSuite"="HIGH:MEDIUM:!eNULL:!aNULL:!SSLv2:!RC4"
 
New:
< "AllowTLSV1"=dword:00000000
< "SSLCipherSuite"="HIGH:HIGH:!MD5:!aNULL:!eNULL:!SSLv2:!RC4:!SHA:!DES:!3DES:!AES128-SHA256:!AES256-SHA256:!TLSv1"

3a) Restart xprtld
# /opt/VRTSsfmh/adm/xprtldctrl start

 

B) On VIOM server:

1b) Stop authentication and communication processes
# /opt/VRTSsfmcs/bin/vomsc --stop at
# /opt/VRTSsfmcs/bin/vomsc --stop xprtld

2b) Add the same changes to AllowTLSV1 and SSLCipherSuite values (if SSLCipherSuite appears twice, change both entries):

# vi /var/opt/VRTSsfmh/sec/root/.VRTSat/profile/VRTSatlocal.conf

Previous:
"AllowTLSV1"=dword:00000001
"SSLCipherSuite"="HIGH:MEDIUM:!eNULL:!aNULL:!SSLv2:!RC4"
 
New:
"AllowTLSV1"=dword:00000000
"SSLCipherSuite"="HIGH:HIGH:!MD5:!aNULL:!eNULL:!SSLv2:!RC4:!SHA:!DES:!3DES:!AES128-SHA256:!AES256-SHA256:!TLSv1"

3b) Restart the VIOM services that you stopped.

# /opt/VRTSsfmcs/bin/vomsc --start at
# /opt/VRTSsfmcs/bin/vomsc --start xprtld

3c) Run the below openssl command to verify that the TLS v1 protocol now fails the handshake:

[managed-host] # openssl s_client -connect :5634 -tls1
CONNECTED(00000003)
140599050246032:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg  : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: ###########
    Timeout  : 7200 (sec)
    Verify return code: 0 (ok)
---

NOTE: Changes to the VRTSatlocal.conf file will persist across upgrades, if performed for VIOM.


 

 

Issue/Introduction

Security report indicates vulnerabilities on port 5634 used by VIOM (Veritas Infoscale Operations Manager)

Powered by Wolken Software