SAS Statement Regarding DROWN Vulnerability

Reference Name: DROWN vulnerability
Severity: Medium
Status: Fixes are available

History

• 8-12-2016 - Revised links in the Solution section to reference the latest updates
• 4-27-2016 - Acknowledgement, with fixes

Impact

The DROWN vulnerability allows attackers to break an encryption protocol and read or steal sensitive communications.

If your SAS deployment is connected to an external internet, you could be vulnerable.

• Review your use of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) capabilities in SAS^® Foundation products. Examples of how you might use these capabilities are given in SAS Note 54376.
• Review your use of SSL and TLS with SAS^® Web Server and SAS^® Web Application Server.

Description

The DROWN vulnerability is a cross-protocol attack on TLS using SSLv2. Some servers still support SSLv2, a 1990s-era predecessor to TLS. Modern servers and clients use the TLS encryption protocol (instead of SSL).

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections.

DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption. More information about CVE-2016-0800 is available from the MITRE CVE dictionary and NIST NVD.

Solution

A recommended solution is to ensure that protocol SSLv2 is not enabled anywhere in your network, for SAS products or other applications or services.

In SAS^® 9.4 TS1M3, SAS removed the option to use SSLv2 with SAS Foundation products. Special configuration (and warnings) allow a customer to configure for SSLv3 if there are no other options available for the site.

Configuration guidelines for the SAS Web Server and SAS Web Application Server allow an administrator to specify settings that avoid the DROWN vulnerability.

SAS recommends that you update SAS components by applying the hot fixes noted below.

August 16, 2016

Updated hot fixes are available

• Customers who are running SAS Web Server are encouraged to disable SSLv3 and SSLv2 as described in SAS Note 54376. You are also encouraged to apply the fix referenced in SAS Note 58194.
• Customers should review SAS Note 58391 , and follow the notes to retrieve and apply OpenSSL 1.0.2h for SAS^® 9.3 and SAS 9.4 environments.
• Customers are encouraged to upgrade to the latest SAS Private JRE. See information on the Security Bulletins site.

April 27, 2016

Hot fixes are available for SAS 9.4 and SAS 9.3 releases

• Customers should review SAS Note 57686, and download and apply the appropriate fixes to upgrade SAS Foundation software to versions of OpenSSL that are not subject to this vulnerability. The hot fixes for SAS 9.3 TS1M0, SAS 9.4 TS1M0, and SAS 9.4 TS1M1 upgrade OpenSSL to version 0.9.8zh. The hot fix for SAS 9.4 TS1M2 and SAS 9.4 TS1M3 upgrade OpenSSL to version 1.0.1r.
• Customers who are running SAS Web Server are encouraged to disable SSLv3 and SSLv2 as described in SAS Note 54376. You are also encouraged to apply the fix referenced in SAS Note 56481.
• Customers are encouraged to upgrade to the latest SAS Private JRE. See information on the Security Bulletins site.