This post is in response to the new vulnerability termed as Ticketbleed – CVE-2016-9244, and its impact on NetScaler.
Details about the vulnerability can be found here – https://filippo.io/Ticketbleed/
Ticketbleed is a vulnerability that affects F5’s implementation of a TLS session resumption mechanism that works by having the client submit a previously granted ticket to the server.
Some technical details follow:
There are two ways to resume a TLS session; using a session identifier (session ID), which is defined in the original TLS specification, and via session tickets, introduced as a TLS extension and described in IETF RFC 5077.
In the session ID method, the TLS server sends a session ID to the client during a TLS handshake. The client may subsequently use this session ID to resume a session. The downside to this is that the server has to maintain per-client session state, including session keys and TLS negotiation parameters.
TLS resumption using Session Tickets alleviates the need for the server to maintain per-client state. When this extension is enabled on the server, and a client signals its support during the handshake, the server will send a session ticket at the conclusion of the handshake.
Ticketbleed occurs when the client submits the session ticket as well as a session ID during session resumption. This session ID can be any random value of length between 1 and 32 bytes and does not have to be one from a previous session. If the server validates the ticket, and the session ID field is not empty, it is supposed to echo back that session ID. The issue arises because the F5 TLS stack always echoes back a 32-byte session ID, even if the client sent, say, a 1 byte session ID value. In such a case, the remaining 31 bytes will be read from uninitialized memory and sent back to the client, leading to a limited Heartbleed-style attack.
NetScaler introduced session resumption via session tickets in NetScaler 11.1 build 51.21, on Dec 26th 2016. However, we would like to assure our customers that all current versions of NetScaler stand completely unaffected by Ticketbleed.