[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : PIX Private Link Key Processing and Cryptography Issues

Title: PIX Private Link Key Processing and Cryptography Issues
Released by: CISCO
Date: 3rd June 1998
Printable version: Click here

Field Notice:

PIX Private Link Key Processing and Cryptography Issues


June 3, 1998



PIX Private Link is an optional feature that can be installed in Cisco PIX

firewalls. PIX Private Link creates IP virtual private networks over

untrusted networks, such as the Internet, using tunnels encrypted with Data

Encryption Standard (DES) in ECB ("electronic codebook") mode.

An error in parsing of configuration file commands reduces the effective key

length for the PIX Private Link DES encryption to 48 bits from the nominal

56 bits.

Who Is Affected


All users of the PIX Private Link encryption product with PIX software

versions earlier than the date of this notice are affected. This includes

all PIX Private Link software through version 4.1.6.



If attackers know the details of the key-parsing error in the PIX Private

Link software, they will know 8 bits of the key ahead of time. This reduces

the effective key length from the attacker's point of view from 56 to 48

bits. This reduction of the effective key length reduces the work involved

in a brute-force attack on the encryption by a factor of 256. That is,

knowledgeable attackers can, on the average, find the right key 256 times

faster than they would be able to find it with a true 56-bit key.

In addition to this key-length issue, some customers have expressed concern

over the use of DES ECB mode for PIX Private Link encryption. Although the

use of ECB mode is intentional, ECB is not generally considered to be the

best mode in which to employ DES, because it tends to simplify certain forms

of cryptanalysis and may permit certain replay attacks. Technical details of

the relative merits of various encryption modes are beyond the scope of this

document. Interested readers should refer to a cryptography text for more

information, such as Bruce Schneier's Applied Cryptography.



This vulnerability has been assigned Cisco bug ID CSCdk11848.

Affected Software Versions

- - ------------------------

This vulnerability affects all released versions of PIX Private Link

software with version numbers up to and including 4.1.6, and all

beta/interim software released earlier than the date of this notice.

Planned Software Fixes

- - --------------------

The first regular release containing a fix for this problem will be version

4.2.1, which is tentatively scheduled for release in late June 1998. This

schedule is subject to change. Fixes for the 4.1 software release have not

yet been scheduled.

This fix extends the effective DES key length to a full 56 bits; ECB mode is

still used.

Customers who need to upgrade immediately may contact Cisco's Technical

Assistance Center (TAC) to obtain interim software. Interim software has not

been subjected to full testing; it has a greater chance of containing

serious bugs than would regular released software.

Interim releases are available only by special request from the Cisco TAC,

not via the regular download channels. Cisco advises customers to install

interim releases only if absolutely necessary. Customers who choose to

install interim releases should plan to upgrade to the regular released

software when it becomes available.

When the fix is installed, it will be necessary to upgrade both ends of each

Private Link tunnel at the same time. This is because key the modified key

parsing algorithm will lead old and new versions to derive different

encryption keys from the same configuration file.

Software upgrades to correct this key-length problem will be offered free of

charge to all PIX Private Link customers, regardless of their service

contract status. Customers under contract may obtain upgrades through their

usual procedures. Customers not under contract should call the Cisco TAC.

Contact information for the TAC is in the "Cisco Security Procedures"

section at the end of this message, and is available on Cisco's Worldwide

Web site at http://www.cisco.com/.

The use of ECB mode was a deliberate design decision for the PIX Private

Link product, and will not be changed. However, future IPSEC/IKE products

for the PIX platforms will use other encryption modes.


- - ---------

There is no configuration workaround.

Exploitation and Public Announcements


Cisco has had no reports of malicious exploitation of this vulnerability.

Cisco knows of no public announcements of this vulnerability before the date

of this notice. This vulnerability was discovered by an engineering analysis

conducted by a Cisco customer at a security incident response organization.

Status of This Notice


This is a final field notice. Although Cisco cannot guarantee the accuracy

of all statements in this notice, all the facts have been checked to the

best of our ability. Cisco does not anticipate issuing updated versions of

this notice unless there is some material change in the facts. Should there

be a significant change in the facts, Cisco may update this notice.


- - ----------

This notice will be posted on Cisco's Worldwide Web site at

http://www.cisco.com/warp/public/770/pixkey-pub.html. In addition to

Worldwide Web posting, the initial version of this notice is being sent to

the following e-mail and Usenet news recipients:

   * cust-security-announce@cisco.com

   * firewalls@lists.gnac.net

   * comp.security.firewalls

   * bugtraq@netspace.org

   * first-teams@first.org (includes CERT/CC)

   * Various internal Cisco mailing lists

Future updates of this notice, if any, will be placed on Cisco's Worldwide

Web server, but may or may not be actively announced on mailing lists or

newsgroups. Users concerned about this problem are encouraged to check the

URL given above for any updates.

Revision History

- - --------------

 Revision 1.0,        Initial released version

 08:00 AM



Cisco Security Procedures


Please report security issues with Cisco products, and/or sensitive security

intrusion emergencies involving Cisco products, to security-alert@cisco.com.

Reports may be encrypted using PGP; public RSA and DSS keys for

"security-alert@cisco.com" are on the public PGP keyservers.

The alias "security-alert@cisco.com" is used only for reports incoming to

Cisco. Mail sent to the list goes only to a very small group of users within

Cisco. Neither outside users nor unauthorized Cisco employees may subscribe

to "security-alert@cisco.com".

Please do not use "security-alert@cisco.com" for configuration questions,

for security intrusions that you do not consider to be sensitive

emergencies, or for general, non-security-related support requests. We do

not have the capacity to handle such requests through this channel, and will

refer them to the TAC, delaying response to your questions. We advise

contacting the TAC directly with these requests. TAC contact numbers are as


   * +1 800 553 2447 (toll-free from within North America)

   * +1 408 526 7209 (toll call from anywhere in the world)

   * e-mail: tac@cisco.com

All formal public security notices generated by Cisco are sent to the public

mailing list "cust-security-announce@cisco.com". For information on

subscribing to this mailing list, send a message containing the single line

"info cust-security-announce" to "majordomo@cisco.com". An analogous list,

"cust-security-discuss@cisco.com" is available for public discussion of the

notices and of other Cisco security issues.

This notice is copyright 1998 by Cisco Systems, Inc. This notice may be

redistributed freely after the release date given at the top of the notice,

provided that redistributed copies are complete and unmodified, including

all date and version information.


Version: PGP for Personal Privacy 5.0

Charset: noconv









(C) 1999-2000 All rights reserved.