High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
Thierry ZOLLER
Principal Security Consultantcontact@g-sec.lu
http://www.g-sec.lu
G-
SEC™ is a
vendor independent
Luxemburgish ledsecurity consulting group that offers IT Securityconsulting services on an organizational andtechnical level. Our work has been featured in NewYork Times, eWeek, ct', SAT1, Washington Post andat conferences ranging from Hack.lu to Cansecwest.
Draft
Draft: TLS & SSLv3 renegotiation vulnerability
2009
2
Table of Contents
Synopsis ......................................................................................................................................................... 3Revisions ........................................................................................................................................................ 3Generic example: TLS renegotiation prefix injection vulnerability ............................................................... 4Details ........................................................................................................................................................ 5Specific Example : TLS renegotiation clear stream prefix injection vulnerability abusing HTTPS ................. 6Details ........................................................................................................................................................ 7The Impact on protocols using TLS ................................................................................................................ 8Summary ................................................................................................................................................... 8EAP-TLS ...................................................................................................................................................... 9IMAPS ........................................................................................................................................................ 9POP3S ........................................................................................................................................................ 9Proposed IETF solution ................................................................................................................................ 10Vulnerability requirements ......................................................................................................................... 11Patching TLS ................................................................................................................................................. 11Client........................................................................................................................................................ 11Server ...................................................................................................................................................... 11Patching SSLv3 ............................................................................................................................................. 11Conclusions .................................................................................................................................................. 12Servers ..................................................................................................................................................... 12Clients ...................................................................................................................................................... 12Sources ........................................................................................................................................................ 12Thanks ......................................................................................................................................................... 12Disclaimer .................................................................................................................................................... 12
Draft: TLS & SSLv3 renegotiation vulnerability
2009
3
Synopsis
Around the 09/11/2009 Marsh Ray, Steve Dispensa and Martin Rex
published details
1
about avulnerability affecting the renegotiation phase of the TLS & SSLv3 protocol. The vulnerability isbeing tracked under CVE-2009-3555
2
| VU#120541
3
and affects a multitude of platforms andprotocols, the impact of this vulnerability varies from protocol to protocol and research intothose is currently ongoing.When speaking of a
“Man in the Middle” attack, it is often assumed that
data can be altered or
changed. Indeed an attacker that sits in the middle of a connection (hence it’s name) is often
able to do so. In this particular case however the attacker piggybacks an existing authenticatedand encrypted TLS sessions in order to (prefix) inject arbitrary text of its choice. The attackermay not read/alter the other
TLS session between the “client” and the “server”.
See Chapter 3 -
“E
xample of an attack scenario
...”
for more detailsThis paper explains the vulnerability for a broader audience and summarizes the informationthat is currently available. The document is prone to updates and is believed to be accurate bythe time of writing.
Revisions
Version Date Annotations
0.8 09.11.2009 Initial draft0.81 10.11.2009 Adding general and specific example0.9 12.11.2009 Added vulnerability requirements, protocol overview0.91 12.11.2009 Initial public draft release at http://www.g-sec.lu/0.92 13.11.2009 Typos
1
http://www.extendedsubset.com/
2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
3
http://www.kb.cert.org/vuls/id/120541
Add a Comment
uploaded a new revision for this document (#5)
uploaded a new revision for this document (#4)
uploaded a new revision for this document (#3)
uploaded a new revision for this document (#2)
uploaded a new revision for this document (#1)