Security Bulletin
Summary
IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. The fix for this issue was already published in an earlier bulletin. If you have already applied the appropriate Db2 special build or installed GSKit version 8.0.55.31, which contains the fix, then no further action is required.
Vulnerability Details
CVEID: CVE-2023-32342
DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255828 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
| DB2 | 11.1.x |
| DB2 | 11.5.x |
| DB2 | 10.5.x |
Remediation/Fixes
Customers running any vulnerable fixpack level of an affected Program, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V10.5 FP11, V11.1.4 FP7, and V11.5.8. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.
IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.
Important:
Db2 releases with KI DT223175 will use the non-FIPS ICC for TLS ciphers that use RSA key exchange, as the FIPS certified ICC is vulnerable to CVE-2023-32342.
Customers with a requirement to use only FIPS 140 certified cryptographic modules must enable Strict FIPS mode. In strict FIPS mode, Db2 releases with KI DT223175 will disable all TLS ciphers and versions that are vulnerable to CVE-2023-32342 and will use only FIPS certified cryptographic modules.
The following restrictions will apply to TLS when strict mode is enabled:
- TLS 1.0 and 1.1 will be disabled in strict mode, as TLS 1.1 and prior only support ciphers that use RSA key exchange. If TLS 1.0 or 1.1 is the only TLS version enabled for client/server SSL, TLS 1.2 will be enabled in its place. The LDAP plugins will automatically use TLS 1.2 in strict FIPS mode.
- TLS 1.2 ciphers that use RSA key exchange (TLS_RSA_*) will be disabled. If there are no remaining ciphers in the SSL_CIPHERSPECS DBM CFG parameter, all supported ECDHE ciphers will be enabled. For instances using RSA certificates, Db2 will automatically prefer TLS_ECDHE_RSA ciphers for TLS 1.2 and no certificate change is required.
- TLS 1.3 is unaffected by CVE-2023-32342
To enable strict FIPS mode, set the DB2AUTH registry variable to STRICT_FIPS. If the DB2AUTH registry variable is already set, multiple options can be separated by commas.
db2set DB2AUTH=STRICT_FIPS
In an environment without a Db2 registry, such as the Data Server Driver, the DB2AUTH registry variable can be set in the environment.
Unix/Linux: export DB2AUTH=STRICT_FIPS
Windows: setx DB2AUTH STRICT_FIPS /m
If the LDAP authentication plugins are in use, the FIPS_MODE parameter can be set to STRICT in the IBMLDAPSecurity.ini
FIPS_MODE=STRICT
Db2 must be restarted (db2stop/db2start) for the changes to the DB2AUTH registry variable or IBMLDAPSecurity.ini to take effect.
Note: Customers using an IBM LDAP sever such as IBM Security Verify Directory 10.0, IBM Security Directory Suite 8.0, or IBM Security Directory Server 6.4 must explicitly enable TLS_ECDHE_RSA_WITH_AES_* ciphers if using an RSA certificate, or TLS_ECDHE_ECDSA_WITH_AES_* ciphers if using an ECDSA certificate before upgrading Db2 to a release with a fix for CVE-2023-32342. TLS 1.2 cipher settings can be found in the web administration tool under Server Administration > Manage Security Properties > Encryption.
Warning: Starting with KI DT223175, SERVER_ENCRYPT is deprecated. SERVER_ENCRYPT_AES is not compliant with the FIPS 140-3 standard, and will not work in strict FIPS mode when FIPS 140-3 certified cryptographic modules are introduced in a future version of Db2. SERVER_ENCRYPT without AES will continue to work in strict FIPS mode when FIPS 140-3 certified cryptographic modules are introduced in a future version of Db2.
Customers requiring encryption of sensitive credentials should disable SERVER_ENCRYPT_AES and switch to TLS 1.2 or TLS 1.3. TLS provides more secure protection of credentials and data compared to SERVER_ENCRYPT or SERVER_ENCRYPT_AES
To enable TLS, refer to TLS Configuration of Db2
Once TLS is enabled in the Db2 server and on all clients, to migrate clients to SERVER or SERVER_ENCRYPT authentication instead of SERVER_ENCRYPT_AES:
- On client that use the database catalogs, uncatalog the database and re-catalog without the AUTHENTICATION keyword
- On clients that use the db2cli.ini, db2dsdriver.cfg, or a connection string, ensure the Authentication keyword is removed.
Removing the Authentication keyword will allow the client to negotiate SERVER, SERVER_ENCRYPT, or SERVER_ENCRYPT_AES based on what is offered by the Db2 server. Once the authentication keyword has been removed from the configuration of all clients, the following steps can be used to ensure the server does not request SERVER_ENCRYPT_AES.
- Set the ALTERNATE_AUTH_ENC database manager configuration parameter to NULL.
- If the AUTHENTICATION or SRVCON_AUTH database manager configuration parameters are set to SERVER_ENCRYPT, set them to SERVER instead to reduce overhead. TLS is encrypting the entire data stream, so it is not necessary to re-encrypt credentials with SERVER_ENCRYPT
- If the AUTHENTICATION or SRVCON_AUTH database manager configuration parameters are set to one of the following combination types, no action needs to be taken at this time.
- KRB_SERVER_ENCRYPT
- GSS_SERVER_ENCRYPT
- SERVER_ENCRYPT_TOKEN
- KRB_SVR_ENC_TOKEN
- GSS_SVR_ENC_TOKEN
Warning: If Db2 is configured to use SERVER authentication, and TLS is not configured, credentials will be exposed over the wire. Ensure TLS is configured before enabling SERVER authentication.
Note: Db2 must be restarted (db2stop/db2start) for these changes to take effect.
Workarounds and Mitigations
If a fix for DT223175 is not installed, to work around CVE-2023-32342 ciphers that use RSA key exchange must be disabled. Becase TLS 1.0 and 1.1 only support ciphers that use RSA key exchange, TLS 1.0 and 1.1 must also be disabled.
Client/Server SSL
Enable TLS 1.2 and/or TLS 1.3. Note: TLS 1.3 is available starting with Db2 11.5.8
- db2 update dbm cfg using SSL_VERSIONS TLSV12
- db2 update dbm cfg using SSL_VERSIONS TLSV13
- db2 update dbm cfg using SSL_VERSIONS TLSV12,TLSV13
If TLS 1.2 is enabled, set SSL_CIPHERSPECS such that only TLS_ECDHE_RSA_* or TLS_ECDHE_ECDSA_* ciphers are enabled. Refer to the following document for a list of supported cipher suites: https://www.ibm.com/docs/en/db2/11.5?topic=parameters-ssl-cipherspecs-supported-cipher-specifications-server
KMIP
In the KMIP server, ensure that all TLS_RSA_* ciphersuites are disabled and only TLS_ECDHE_RSA_* or TLS_ECDHE_ECDSA_* ciphersuites are enabled. Refer to the KMIP server’s documentation on how to disable TLS ciphers. On Db2 11.5.8 or later, TLS 1.3 can be enforced as a workaround to CVE-2023-32342. Set the TLSVersion keyword to TLSV13 in the KMIP configuration file.
LDAP Plugins
Enable TLS 1.2 by setting the SECURITY_PROTOCOL keyword to TLSV12 in the IBMLDAPSecurity.ini
In the LDAP server, ensure that all TLS_RSA_* ciphersuites are disabled and only TLS_ECDHE_RSA_* or TLS_ECDHE_ECDSA_* ciphersuites are enabled for incoming connections. Refer to the LDAP server’s documentation on how to disable TLS ciphers.
Get Notified about Future Security Bulletins
References
Acknowledgement
Change History
03 Nov 2023: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
03 November 2023
UID
ibm17066501