|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#120541
SSL and TLS protocols renegotiation vulnerability
OverviewA vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.
I. DescriptionThe Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group:
The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data.
This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer.
II. ImpactA remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences.
III. SolutionUsers should contact vendors for specific patch information.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
| 3com Inc | Unknown | 2009-11-05 | 2009-11-05 |
| ACCESS | Unknown | 2009-11-05 | 2009-11-05 |
| Alcatel-Lucent | Unknown | 2009-11-05 | 2009-11-05 |
| Apache-SSL | Unknown | 2009-11-05 | 2009-11-05 |
| Apache HTTP Server Project | Unknown | 2009-11-05 | 2009-11-05 |
| Apple Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Aruba Networks, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Attachmate | Unknown | 2009-11-05 | 2009-11-05 |
| AT&T | Unknown | 2009-11-05 | 2009-11-05 |
| Avaya, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Barracuda Networks | Vulnerable | 2009-11-05 | 2009-12-17 |
| Belkin, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Borderware Technologies | Unknown | 2009-11-05 | 2009-11-05 |
| Certicom | Unknown | 2009-11-05 | 2009-11-05 |
| Charlotte's Web Networks | Unknown | 2009-11-05 | 2009-11-05 |
| Check Point Software Technologies | Unknown | 2009-11-05 | 2009-11-05 |
| Cisco Systems, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Clavister | Unknown | 2009-11-05 | 2009-11-05 |
| Computer Associates | Unknown | 2009-11-05 | 2009-11-05 |
| Conectiva Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Cray Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Cryptlib | Not Vulnerable | 2009-11-05 | 2009-11-11 |
| Crypto++ Library | Unknown | 2009-11-05 | 2009-11-05 |
| D-Link Systems, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Debian GNU/Linux | Vulnerable | 2009-11-05 | 2009-11-11 |
| DragonFly BSD Project | Unknown | 2009-11-05 | 2009-11-05 |
| EMC Corporation | Unknown | 2009-11-05 | 2009-11-05 |
| Engarde Secure Linux | Unknown | 2009-11-05 | 2009-11-05 |
| Enterasys Networks | Unknown | 2009-11-05 | 2009-11-05 |
| Ericsson | Unknown | 2009-11-05 | 2009-11-05 |
| eSoft, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Extreme Networks | Unknown | 2009-11-05 | 2009-11-05 |
| F5 Networks, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Fedora Project | Unknown | 2009-11-05 | 2009-11-05 |
| Force10 Networks, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Fortinet, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Foundry Networks, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| FreeBSD Project | Unknown | 2009-11-05 | 2009-11-05 |
| Fujitsu | Unknown | 2009-11-05 | 2009-11-05 |
| Gentoo Linux | Unknown | 2009-11-05 | 2009-11-05 |
| Global Technology Associates, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| GnuTLS | Vulnerable | 2009-11-05 | 2009-11-11 |
| Hewlett-Packard Company | Vulnerable | 2009-11-05 | 2009-12-17 |
| Hitachi | Unknown | 2009-11-05 | 2009-11-05 |
| IBM Corporation | Vulnerable | 2009-11-05 | 2009-11-11 |
| IBM eServer | Unknown | 2009-11-05 | 2009-11-05 |
| Infoblox | Unknown | 2009-11-05 | 2009-11-05 |
| Intel Corporation | Unknown | 2009-11-05 | 2009-11-05 |
| Internet Security Systems, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Intoto | Unknown | 2009-11-05 | 2009-11-05 |
| IP Filter | Unknown | 2009-11-05 | 2009-11-05 |
| IP Infusion, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Juniper Networks, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| libgcrypt | Not Vulnerable | 2009-11-05 | 2009-11-11 |
| Lotus Software | Unknown | 2009-11-05 | 2009-11-05 |
| Luminous Networks | Unknown | 2009-11-05 | 2009-11-05 |
| m0n0wall | Unknown | 2009-11-05 | 2009-11-05 |
| Mandriva S. A. | Unknown | 2009-11-05 | 2009-11-05 |
| McAfee | Vulnerable | 2009-11-05 | 2009-11-11 |
| Microsoft Corporation | Unknown | 2009-11-05 | 2009-11-05 |
| Microsoft Internet Explorer | Unknown | 2009-11-05 | 2009-11-05 |
| Mirapoint, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| mod_ssl | Unknown | 2009-11-05 | 2009-11-05 |
| MontaVista Software, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Mozilla - Network Security Services | Unknown | 2009-11-05 | 2009-11-05 |
| Multitech, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| National Center for Supercomputing Applications | Unknown | 2009-11-05 | 2009-11-05 |
| NEC Corporation | Unknown | 2009-11-05 | 2009-11-05 |
| NetApp | Unknown | 2009-11-05 | 2009-11-05 |
| NetBSD | Unknown | 2009-11-05 | 2009-11-05 |
| netfilter | Unknown | 2009-11-05 | 2009-11-05 |
| Netscape NSS | Unknown | 2009-11-05 | 2009-11-05 |
| Nokia | Unknown | 2009-11-05 | 2009-11-05 |
| Nortel Networks, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Novell, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| OpenBSD | Unknown | 2009-11-05 | 2009-11-05 |
| OpenSSL | Unknown | 2009-11-05 | 2009-11-05 |
| Openwall GNU/*/Linux | Unknown | 2009-11-05 | 2009-11-05 |
| PePLink | Unknown | 2009-11-05 | 2009-11-05 |
| Process Software | Unknown | 2009-11-05 | 2009-11-05 |
| Q1 Labs | Unknown | 2009-11-05 | 2009-11-05 |
| QNX Software Systems Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Quagga | Unknown | 2009-11-05 | 2009-11-05 |
| RadWare, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Red Hat, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Redback Networks, Inc. | Not Vulnerable | 2009-11-05 | 2009-11-11 |
| SafeNet | Not Vulnerable | 2009-11-05 | 2009-11-19 |
| Secureworx, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Silicon Graphics, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Slackware Linux Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| SmoothWall | Unknown | 2009-11-05 | 2009-11-05 |
| Snort | Unknown | 2009-11-05 | 2009-11-05 |
| Soapstone Networks | Unknown | 2009-11-05 | 2009-11-05 |
| Sony Corporation | Unknown | 2009-11-05 | 2009-11-05 |
| Sourcefire | Unknown | 2009-11-05 | 2009-11-05 |
| Spyrus | Unknown | 2009-11-05 | 2009-11-05 |
| Stonesoft | Unknown | 2009-11-05 | 2009-11-05 |
| Stunnel | Unknown | 2009-11-05 | 2009-11-05 |
| Sun Microsystems, Inc. | Vulnerable | 2009-11-05 | 2009-11-06 |
| SUSE Linux | Unknown | 2009-11-05 | 2009-11-05 |
| Symantec | Unknown | 2009-11-05 | 2009-11-05 |
| The SCO Group | Unknown | 2009-11-05 | 2009-11-05 |
| TippingPoint Technologies Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Turbolinux | Unknown | 2009-11-05 | 2009-11-05 |
| Ubuntu | Unknown | 2009-11-05 | 2009-11-05 |
| Unisys | Unknown | 2009-11-05 | 2009-11-05 |
| VMware | Unknown | 2009-11-05 | 2009-11-05 |
| Vyatta | Unknown | 2009-11-05 | 2009-11-05 |
| Watchguard Technologies, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| Wind River Systems, Inc. | Unknown | 2009-11-05 | 2009-11-05 |
| ZyXEL | Unknown | 2009-11-05 | 2009-11-05 |
References
http://extendedsubset.com/?p=8
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.links.org/?p=789
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
https://bugzilla.redhat.com/show_bug.cgi?id=533125
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html
http://cvs.openssl.org/chngview?cn=18790
http://www.links.org/files/no-renegotiation-2.patch
http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
Credit
Thanks to Marsh Ray of PhoneFactor for reporting this vulnerability. This issue was also independently discovered and publicly disclosed by Martin Rex of SAP.
This document was written by Chris Taschner.
Other Information
| Date Public: | 2009-11-05 |
| Date First Published: | 2009-11-11 |
| Date Last Updated: | 2009-12-17 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2009-3555 |
| NVD-ID(s): | CVE-2009-3555 |
| US-CERT Technical Alerts: | |
| Metric: | 0.00 |
| Document Revision: | 33 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|