Next Page >>
TLS
This is a writeup about a flaw that I found recently, and that
existed in multiple implementations of SMTP (Simple Mail Transfer
Protocol) over TLS (Transport Layer Security) including my Postfix
open source mailserver. I give an overview of the problem and its
impact, how to find out if a server is affected, fixes, and draw
lessons about where we can expect similar problems. A time line
is at the end.
For further reading:
http://www.kb.cert.org/vuls/id/555316
Two crafted packet vulnerabilities exist in the Cisco PIX 500 Series
Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security
Appliance (ASA) that may result in a reload of the device. These
vulnerabilities are triggered during processing of Media Gateway
Control Protocol (MGCP) packets, or during processing of Transport
Layer Security (TLS) traffic that terminates on the PIX or ASA security
appliance.
Note: These vulnerabilities are independent of each other; a device may
be affected by one and not by the other.
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive
Security Appliances and Cisco PIX Security Appliances. This security
advisory outlines details of these vulnerabilities:
* Crafted TCP ACK Packet Vulnerability
* Crafted TLS Packet Vulnerability
* Instant Messenger Inspection Vulnerability
* Vulnerability Scan Denial of Service
* Control-plane Access Control List Vulnerability
The first four vulnerabilities may lead to a denial of service (DoS)
Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities as follows:
* Three SunRPC Inspection Denial of Service Vulnerabilities
* Three Transport Layer Security (TLS) Denial of Service
Vulnerabilities
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Vulnerability
-----Original Message-----
From: Barry Raveendran Greene [mailto:bgreene@senki.org]
Sent: Monday, December 21, 2009 9:16 PM
To: 'RedTeam Pentesting GmbH'; bugtraq@securityfocus.com
Subject: RE: TLS Renegotiation Vulnerability: Proof of Concept Code
(Python)
Also, can you change this:
"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aruba Networks Security Advisory
Title: TLS Protocol Session Renegotiation Security Vulnerability
Aruba Advisory ID: AID-020810
Revision: 1.0
For Public Release on 02/08/2010
Also, can you change this:
"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF
draft standard that addresses the vulnerability."
To:
"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF TLS
Working Group draft that addresses the vulnerability."
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1
TLS record handling vulnerability in GnuTLS [MU-201202-01]
ASN.1 length decoding vulnerability in Libtasn1 [MU-201202-02]
20 March 2012
Hash: SHA1
Cisco Security Advisory: Transport Layer Security Renegotiation
Vulnerability
Advisory ID: cisco-sa-20091109-tls
http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
Revision 1.0
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. The flaw is with TLS renegotiation and
potentially affects any software that supports this feature. Attacks
against the HTTPS protocol are known, with the severity of the issue
Summary:
Under certain conditions, Miranda ignores the "Use TLS" setting in
Jabber accounts and uses an unencrypted connection.
Affected: Miranda IM (instant messenger), at least versions 0.8.16,
0.9.0 alpha build #6 Unicode and SVN rev. 11383
Description:
If the following conditions are met:
- "Use TLS" is enabled in the jabber account settings (Network -
v1.0 2009-12-03 Initial release.
v1.1 2009-12-03 Corrected instructions in section V.2)b).
I. Background
The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols
provide a secure communications layer over which other protocols can be
utilized. The most widespread use of SSL/TLS is to add security to the
HTTP protocol, thus producing HTTPS.
FreeBSD includes software from the OpenSSL Project which implements SSL
Information about a vulnerability in the TLS protocol was published in the
beginning of November 2009. Attackers can take advantage of that vulnerability
to inject arbitrary prefixes into a network connection protected by TLS. This
can result in severe vulnerabilities, depending on the application layer
protocol used over TLS.
RedTeam Pentesting used the Python module "TLS Lite" to develop proof of concept
code that exploits this vulnerability. It is published at
http://www.redteam-pentesting.de/publications/tls-renegotiation
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols
provide a secure communications layer over which other protocols can be
utilized. The most widespread use of SSL/TLS is to add security to the
HTTP protocol, thus producing HTTPS.
FreeBSD includes software from the OpenSSL Project which implements SSL
Affected: 2008.1
_______________________________________________________________________
Problem Description:
Testing using the Codenomicon TLS test suite discovered a flaw in
the handling of server name extension data in OpenSSL 0.9.8f and
OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default
TLS server name extensions, a remote attacker could send a carefully
crafted packet to a server application using OpenSSL and cause a
crash. (CVE-2008-0891)
===============================================
Ben Laurie of Google's Applied Security team, while working with an
external researcher, Dr. Richard Clayton of the Computer Laboratory,
Cambridge University, found that various OpenID Providers (OPs) had
TLS Server Certificates that used weak keys, as a result of the Debian
Predictable Random Number Generator (CVE-2008-0166).
In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and
the fact that almost all SSL/TLS implementations do not consult CRLs
(currently an untracked issue), this means that it is impossible to
The Miranda IM instant messaging software silently falls back to
unencrypted connections if a Jabber/XMPP server does not report that it
supports TLS, even if "Use TLS" is checked. This allows an active
attacker to perform MitM attacks on Jabber/XMPP connections which the
user assumes to be secure.
Proof of concept MitM server attached.
Miranda IM team was notified via bugtracker. Issue was closed without
being fixed, probably because of confusion with another, similar issue
Background
==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
Affected packages
=================
> ===============================================
>
> Ben Laurie of Google's Applied Security team, while working with an
> external researcher, Dr. Richard Clayton of the Computer Laboratory,
> Cambridge University, found that various OpenID Providers (OPs) had
> TLS Server Certificates that used weak keys, as a result of the Debian
> Predictable Random Number Generator (CVE-2008-0166).
>
> In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and
> the fact that almost all SSL/TLS implementations do not consult CRLs
> (currently an untracked issue), this means that it is impossible to
Hey,
I though it would be worthwhile to let you know about my recent
updates to the "TLS/SSL Compatiblity Report". A Document that tries to
give a complete overview over what TLS/SSL protocols and what ciphers
are available on different platforms and browsers.
The 2011 version was updated notably with the following items :
* Chrome moved away from SCHANNEL to NSS offering better
In general, a standard system update will make all the necessary changes.
Details follow:
USN-860-1 introduced a partial workaround to Apache that disabled client
initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1
introduced the new RFC5746 renegotiation extension in openssl, and
completely resolves the issue.
After updating openssl, an Apache server will allow both patched and
unpatched web browsers to connect, but unpatched browsers will not be able
220 server.example.com ESMTP Postfix
ehlo client.example.com
250-server.example.com
250-PIPELINING
250-SIZE 10240000
250-STARTTLS
250-AUTH DIGEST-MD5 LOGIN PLAIN CRAM-MD5
250-AUTH=DIGEST-MD5 LOGIN PLAIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: GnuTLS: Execution of arbitrary code
Date: May 21, 2008
Bugs: #222823
ID: 200805-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Background
==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
Affected packages
=================
USN-927-1 fixed vulnerabilities in NSS. This update provides the
Thunderbird update to use the new NSS.
Original advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds support for the new
new renegotiation extension and will use it when the server supports it.
> host-by-host basis and managed by the firewalls. That, again, is
> security in depth.
>
> If your users are running XP, then the admin would prevent them from
> updating to the 6.0 client anyway. All you have to do in this case is
> configure your RDP hosts to require TLS encryption based on a
> certificate, and the client will not be able to connect at all if the
> certificate is not in the trusted root certificates store. Done. If
> you've got advanced users or have allowed 6.0 clients, then you ensure
> that the client is set not to connect if authentication fails against
> TLS secured hosts - of course, these people would be educated against
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0050
Antonio Martin discovered a denial-of-service vulnerability in
OpenSSL, an implementation of TLS and related protocols. A malicious
client can cause the DTLS server implementation to crash. Regular,
TCP-based TLS is not affected by this issue.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.9.8g-15+lenny16.
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol has the flexibility to accommodate other
applications that require call setup and termination. SIP call
signaling can use UDP (port 5060), TCP (port 5060), or Transport
Layer Security (TLS; TCP port 5061) as the underlying transport
protocol.
Three vulnerabilities exist in the SIP implementation in Cisco IOS
Software that may allow a remote attacker to cause an affected device
to reload. These vulnerabilities are triggered when the device
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds backported support
for the new RFC5746 renegotiation extension and will use it when both the
client and the server support it.
> host-by-host basis and managed by the firewalls. That, again, is
> security in depth.
>
> If your users are running XP, then the admin would prevent them from
> updating to the 6.0 client anyway. All you have to do in this case is
> configure your RDP hosts to require TLS encryption based on a
> certificate, and the client will not be able to connect at all if the
> certificate is not in the trusted root certificates store. Done. If
> you've got advanced users or have allowed 6.0 clients, then you ensure
> that the client is set not to connect if authentication fails against
> TLS secured hosts - of course, these people would be educated against
Next Page>>
|
