Subscribe to the RSS feed in case you are interested in updates


In order to allow me to update in a more convenient manner, the latest updates will be added to the G-SEC blog only. Once the final revision of this blog post will be achieved I will update this blog with the latest one.


  • Updated 17:50 GMT+1 / 05.2009 - added Mitigation / Impact 
  • Updated 16:40 GMT+1 / 06.2009 - added IETF draft 
  • Updated 14:35 GMT+1 / 07.2009 - added SSLTLS Test Tool 
  • Updated 16:34 GMT+1 / 07.2009 - added OpenSSL patch 
  • Updated 13:00 GMT+1 / 09.2009 - added GNUTLS patch 
  • Updated 19:40 GMT+1 / 09.2009 - added Mikestoolbox.net testing TLS renegotiation support 
  • Updated 21:29 GMT+1 / 09.2009 - added Apache patch, Mozilla Bug ID, Redhat Bug ID, Mozilla patch disabling tls renegotiation, Tomcat mitigation 
  • Updated 21:00 GMT+1 / 12.2009 - added a whitepaper trying to explain the vulnerability and it's implications to a broader audience


After some in-house tests, we can confirm that the vulnerability presented at http://www.extendedsubset.com/ indeed real and should pose a significant threat to most. The vulnerability has been discovered by "Marsh Ray".

We are currently looking into possible mitigations and will update this blog post regularly with more information regarding said vulnerability - if available.


Details

Patches
  • OpenSSL 0.9.81 ( Attention: OpenSSL removed the TLS/SSL renegotiation feature from this package - you need to test application before/after updating to this version ) (via ISC)
  • GnuTLS patch (implements a new TLS extension proposed in the IETF Draft) (via SID)
  • Apache patch (patches renogtiation prefix attacks at the application layer, still need openssl fixes for other attacks)
Impacts :
Currently known to exist
  • In general an attacker positioned in the middle of a connection may inject arbritary content into the beginning of an authenticated strea, it will be interesting to see what potential impact this vulnerability has within each of the applications / protocols supporting it. IMAPS, FTPSSL, POP3 etc
  • For web servers - Attackers (if in the middle) can inject data into a segment that is authenticated to the web server, the web server will merge those requests and process them. (GET requests are trivially exploitable, POST are not known to be)
Mitigations :
  • Monitor renegotiation requests
  • To mitigate possible attacks against web applications - use an IPS/IDS/Application firewall to catch recurrent HTTP request that are enclosed within each other









3 comments

Sheen said... @ 08 December, 2009 13:57

This post contains a very good an informative information about various things.
Mio Navman Spirit V505

Mio Navman Spirit V505 said... @ 14 December, 2009 07:36

Indeed a good amount of information I found here. It was really fun reaing your post and I got to know many new things..

EAP-TTLS said... @ 11 December, 2012 13:51

The prevalence of wireless networks, specifically 802.11, has increased considerably over the past few years. While awareness of wireless security issues in general is improving, this technology brings with it a set of unique security risks that many organisations still fail to properly understand and address.

Post a Comment