Vulnerability Note VU#120541
SSL and TLS protocols renegotiation vulnerability
Overview
A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.
Description
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group: The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. |
Impact
A remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences. |
Solution
Users should contact vendors for specific patch information. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Barracuda Networks | Affected | 05 Nov 2009 | 17 Dec 2009 |
| Debian GNU/Linux | Affected | 05 Nov 2009 | 11 Nov 2009 |
| GnuTLS | Affected | 05 Nov 2009 | 11 Nov 2009 |
| Hewlett-Packard Company | Affected | 05 Nov 2009 | 17 Dec 2009 |
| IBM Corporation | Affected | 05 Nov 2009 | 11 Nov 2009 |
| McAfee | Affected | 05 Nov 2009 | 11 Nov 2009 |
| Sun Microsystems, Inc. | Affected | 05 Nov 2009 | 06 Nov 2009 |
| Cryptlib | Not Affected | 05 Nov 2009 | 11 Nov 2009 |
| Force10 Networks, Inc. | Not Affected | 05 Nov 2009 | 22 Jul 2011 |
| libgcrypt | Not Affected | 05 Nov 2009 | 11 Nov 2009 |
| Redback Networks, Inc. | Not Affected | 05 Nov 2009 | 11 Nov 2009 |
| SafeNet | Not Affected | 05 Nov 2009 | 19 Nov 2009 |
| 3com Inc | Unknown | 05 Nov 2009 | 05 Nov 2009 |
| ACCESS | Unknown | 05 Nov 2009 | 05 Nov 2009 |
| Alcatel-Lucent | Unknown | 05 Nov 2009 | 05 Nov 2009 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://extendedsubset.com/?p=8
- http://www.links.org/?p=780
- http://www.links.org/?p=786
- http://www.links.org/?p=789
- http://blogs.iss.net/archive/sslmitmiscsrf.html
- http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
- https://bugzilla.redhat.com/show_bug.cgi?id=533125
- http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html
- http://cvs.openssl.org/chngview?cn=18790
- http://www.links.org/files/no-renegotiation-2.patch
- http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html
- https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
- http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
Credit
Thanks to Marsh Ray of PhoneFactor for reporting this vulnerability. This issue was also independently discovered and publicly disclosed by Martin Rex of SAP.
This document was written by Chris Taschner.
Other Information
- CVE IDs: CVE-2009-3555
- Date Public: 05 Nov 2009
- Date First Published: 11 Nov 2009
- Date Last Updated: 22 Jul 2011
- Document Revision: 35
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.