<< Previous Next >>
Transport Layer Security
This is a writeup about a flaw that I found recently, and that
existed in multiple implementations of SMTP (Simple Mail Transfer
Protocol) over TLS (Transport Layer Security) including my Postfix
open source mailserver. I give an overview of the problem and its
impact, how to find out if a server is affected, fixes, and draw
lessons about where we can expect similar problems. A time line
is at the end.
For further reading:
http://www.kb.cert.org/vuls/id/555316
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03024266
Version: 1
HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS, Denial of Service (DoS), Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-11-07
Last Updated: 2011-11-07
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
It was discovered that an old bug workaround in the SSL/TLS
server code allowed an attacker to modify the stored session cache
ciphersuite. This could possibly allow an attacker to downgrade the
ciphersuite to a weaker one on subsequent connections. (CVE-2010-4180)
It was discovered that an old bug workaround in the SSL/TLS server
calls across IP networks such as the Internet. SIP is responsible for
handling all aspects of call setup and termination. Voice and video
are the most popular types of sessions that SIP handles, but the
protocol is flexible to accommodate for other applications that
require call setup and termination. SIP call signaling can use UDP
(port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP
port 5061) as the underlying transport protocol.
MGCP is the protocol for controlling telephony gateways from external
call control elements known as media gateway controllers or call
agents. A telephony gateway is a network element that provides
and folders on a Novell NetWare® 6.5 server or Novell Open Enterprise
Server can be
accessed using either a browser or via Network Neighborhood and Microsoft Web
Folders; no Novell Client^ software is required. Users can securely
access files
from any IP-enabled machine via Secure Sockets Layer (SSL) and Secure Hypertext
Transfer Protocol (HTTPS)."
Novell NetStorage contains a wide variety of vulnerabilities that may
allow an attacker
to cause a denial of service, gain configuration information or exploit other
The SIP Phone Port, which is set to 5060 by default, refers to the
TCP and UDP ports on which the Cisco Unified Communications Manager
listens for normal SIP messages. SIP Phone Secure Port, which is set
to 5061 by default, refers to the TCP port on which the Cisco Unified
Communications Manager listens for SIP over Transport Layer Security
(TLS) messages. For additional information about this procedure,
refer to the "Updating a Cisco Unified Communications Manager"
section of the "Cisco Unified Communications Manager Administration
Guide" at:
Several weak certificates were issued by Malaysian intermediate CA
"Digicert Sdn. Bhd." This event, along with other issues, has lead to
Entrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed
certificates.
This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this
decision by marking Digicert Sdn. Bhd.'s certificates as revoked.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.9.8g-15+lenny14.
identifier CVE-2008-2055.
2. Crafted TLS Packet Vulnerability
+----------------------------------
Transport Layer Security (TLS) is the replacement for the Secure
Socket Layer (SSL) protocol. It is a protocol that provides, via
cryptography, secure communications between two end-points.
The Cisco PIX and Cisco ASA security appliances rely on TLS to
protect the confidentiality of communications in a variety of
Introduction
============
Recent history has proven that web communications security is highly
lacking in redundancy. That is, simple breaks in common protocols,
such as SSL/TLS or the authentication mechanisms which support it,
often lead to catastrophic gaps in security. Recent examples of this
fragile architecture abound, and even when protocols and
implementations themselves are sound, research indicates browser user
interfaces continue to leave room for serious attacks.
This update also includes the complete RSA-1024 and RSA-2048
blacklists for all Ubuntu architectures, as well as support for
other future blacklists for non-standard bit lengths.
You can check for weak SSL/TLS certificates by installing
openssl-blacklist via your package manager, and using the
openssl-vulnkey command.
$ openssl-vulnkey /path/to/certificate_or_key
Topics: Improper SSL certificate subject verification
Author: Matthias Andree
Version: 1.0
Announced: 2009-08-06
Type: Allows undetected Man-in-the-middle attacks against SSL/TLS.
Impact: Credential disclose to eavesdroppers.
Danger: medium
CVSSv2 vectors: (AV:N/AC:M/Au:N/C:P/I:N/A:N) (E:H/RL:OF/RC:C)
CVE Name: CVE-2009-2666
Problem Description:
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not
properly check the return value from the OpenSSL EVP_VerifyFinal
function, which allows remote attackers to bypass validation of
the certificate chain via a malformed SSL/TLS signature, a similar
vulnerability to CVE-2008-5077 and CVE-2009-0025.
In this particular case the DSA_verify function was fixed with
MDVSA-2009:002, this update does however address the RSA_verify
function (CVE-2009-0265).
Background
==========
OpenSSL is an implementation of the Secure Socket Layer and Transport
Layer Security protocols.
Affected packages
=================
-------------------------------------------------------------------
+----------------------------------------------------
SUMMARY
This advisory addresses the renegotiation related vulnerability
disclosed recently in Transport Layer Security protocol [1][2]. This
vulnerability may allow a Man-in-the-Middle (MITM) attacker to inject
arbitrary data into the beginning of the application protocol stream
protected by TLS.
The only ArubaOS component that seems affected by this issue is the
> >
> > Regards, /nils.
>
> I would consider this a feature of the X509 standard and not a bug.
> subjectAltName and wildcard matching exists primarily for name based
> virtual hosting in SSL/TLS. There is no other way you could do this
> without this extention. (*correction -> check bottom*)
Agreed. I don't claim this being a bug of X.509.
> If a user is fool enough to accept lame certs (even temporary)
Earlier versions may also be affected.
Overview:
1.vendor description of software
------------------------------------------------
TurboFTP Server is a high performance, secure, scalable and management friendly file transfer server running on Windows platforms. With it you can easily set up a secure file transfer server that delivers regular FTP, FTP over SSL/TLS, and "SFTP over SSH" services with virtual domains, advanced directory access control, virtual folders, IP access control, flexible authentication options and many other features.
2.vulnerability details:
------------------------------------------------
Directory Traversal Vulnerability exists in "FTP" and "SFTP" module of Turbo FTP Server that allows an authenticated user to create directories outside the root directory, which may lead to other attacks.
If you could log on the server successfully,
Debian-specific: no
Debian Bug : 658276
cURL is a command-line tool and library for transferring data with URL
syntax. It was discovered that the countermeasures against the
Dai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389,
"BEAST") cause interoperability issues with some server
implementations. This update ads the the CURLOPT_SSL_OPTIONS and
CURLSSLOPT_ALLOW_BEAST options to the library, and the
- --ssl-allow-beast option to the "curl" program.
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol has the flexibility to accommodate other
applications that require call setup and termination. SIP call
signaling can use UDP (port 5060), TCP (port 5060), or Transport
Layer Security (TLS; TCP port 5061) as the underlying transport
protocol.
Three vulnerabilities exist in the SIP implementation in Cisco IOS
Software that may allow a remote attacker to cause an affected device
to reload. These vulnerabilities are triggered when the device
Debian bug : 541991
CVE ID : CVE-2009-2417
It was discovered that curl, a client and library to get files from servers
using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against
SSL/TLS Certificates" recently published at the Blackhat conference. This
allows an attacker to perform undetected man-in-the-middle attacks via a
crafted ITU-T X.509 certificate with an injected null byte in the Common
Name field.
CVE ID : CVE-2009-3490
Daniel Stenberg discovered that wget, a network utility to retrieve files from
the Web using http(s) and ftp, is vulnerable to the "Null Prefix Attacks Against
SSL/TLS Certificates" published at the Blackhat conference some time ago. This
allows an attacker to perform undetected man-in-the-middle attacks via a crafted
ITU-T X.509 certificate with an injected null byte in the Common Name field.
For the oldstable distribution (etch), this problem has been fixed in
Overview:
CFNetwork is a framework in the Core Services framework that provides a
library of abstractions for network protocols. It can be used to perform
a variety of network tasks using different protocols such as SSL/TLS,
DNS, FTP and HTTP.
Besides many other applications the CFNetwork framework is used by
Safari and Mail.
Description:
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
Several remote vulnerabilities have been discovered in GNUTLS, an
implementation of the SSL/TLS protocol suite.
NOTE: The libgnutls13 package, which provides the GNUTLS library, does
not contain logic to automatically restart potentially affected
services. You must restart affected services manually (mainly Exim,
using "/etc/init.d/exim4 restart") after applying the update, to make
For the old stable distribution (etch), this problem has been fixed in
version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for
openssl097.
The OpenSSL 0.9.8 update for oldstable (etch) also provides updated
packages for multiple denial of service vulnerabilities in the
Datagram Transport Layer Security implementation. These fixes were
already provided for Debian stable (Lenny) in a previous point
update. The OpenSSL 0.9.7 package from oldstable (Etch) is not
affected. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379,
CVE-2009-1386 and CVE-2009-1387)
Details follow:
USN-927-1 fixed vulnerabilities in NSS. Due to upstream changes in NSS
3.12.6, Thunderbird would be unable to initialize the security component
and connect with SSL/TLS if the old libnss3-0d transition package was
installed. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
Several remote vulnerabilities have been discovered in GNUTLS, an
implementation of the SSL/TLS protocol suite.
NOTE: The libgnutls13 package, which provides the GNUTLS library, does
not contain logic to automatically restart potentially affected
services. You must restart affected services manually (mainly Exim,
using "/etc/init.d/exim4 restart") after applying the update, to make
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol has the flexibility to accommodate other
applications that require call setup and termination. SIP call
signaling can use UDP (port 5060), TCP (port 5060), or Transport
Layer Security (TLS; TCP port 5061) as the underlying transport
protocol.
Multiple vulnerabilities exist in the SIP implementation in Cisco IOS
Software that could allow a remote attacker to cause an affected
device to reload or to trigger memory leaks that may result in system
Problem type : remote
Debian-specific: no
Debian Bug : 603709
CVE Id(s) : CVE-2010-3864
A flaw has been found in the OpenSSL TLS server extension code parsing
which on affected servers can be exploited in a buffer overrun attack.
This allows an attacker to cause an appliation crash or potentially to
execute arbitrary code.
However, not all OpenSSL based SSL/TLS servers are vulnerable: A server
http://www.debian.org/security/ Stefan Fritsch
January 06, 2011 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : nss
Vulnerability : SSL/TLS insecure renegotiation protocol design flaw
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-3555
CVE-2009-3555:
http://www.openssl.org/news/secadv_20090107.txt
Description:
Previous versions of OpenSSL do not properly check the return value from
the EVP_VerifyFinal function, which allows remote attackers to bypass
validation of the certificate chain via a malformed SSL/TLS signature
for DSA and ECDSA keys.
http://wiki.rpath.com/Advisories:rPSA-2009-0008
Copyright 2009 rPath, Inc.
===============
1) Introduction
===============
SurgeFTP is a commercial FTP server which supports also SSL/TLS and has
a web interface for remote administration.
#######################################################################
<<Previous Next>>
|
