Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22841
HistoryNov 30, 2009 - 12:00 a.m.

TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)

2009-11-3000:00:00
vulners.com
78
JSON

Dear List,

I updated the whitepaper with a lot of new information, some
leveraging the vulnerability in other ways that certainly increase
the effectiveness and impact of this vulnerability.

A brief warning to those that think they are safe because they
don't accept client-side renegotiations (server + openssl). I
came across major websites where the SSL loadbalancer in front of the HTTPS
servers were vulnerable. Although the servers were patched it still was
possible to perform the attacks (The loadbalancer merged both
sessions and handed them as one to the webserver)

Updates :

  • Added a simple s_client testcase
  • Analysis of FTPS (vendors are encouraged to assess)
  • HTTPS : Injecting arbritary responses into the stream
  • HTTPS : Downgrading HTTPS to HTTP and performing an active mitm
    (Discovered by Frank Heidt but details witheld,
    rediscovered by Thierry Zoller for this paper)

With this new information G-SEC encourages Vendors and customers
to reevaluate the impact of this vulnerability on their products.

Brief explanations :
^^^^^^^^^^^^^^^^^^^^
HTTPS : Injecting arbritary responses into the stream

The attacker injects a TRACE command, by doing so the attacker can
indirectly control the content that is send from the server to the
victim over HTTPS

Downgrading HTTPS to HTTP and performing an active mitm

This attack leverages the known SSLStrip attack to also work on
establised SSL connections. SSLstrip had the limitation that it
required a user to access over HTTP in order to rewrite the html code
to perform active mitm. This attack over the TLS renegotiation
vulnerability now allows (if certain conditions are met) to downgrade
EXISTING SSL connections to perform an SSLstrip attack.

Proof of concept files
^^^^^^^^^^^^^^^^^^^^^^
G-SEC provides 2 proof of concept files :

  • ssl-trace.c : using TRACE to inject (partialy) arbritary content
    into the encrypted stream
  • ssl-302.c : Injecting a GET command to a 302 page redirecting the
    client to HTTP

Whitepaper : http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
POC files : http://www.g-sec.lu/tls-ssl-proof-of-concept.html

This paper explains the vulnerability for a broader audience and
summarizes the information that is currently available. The document
is prone to updates and is believed to be accurate by the time of
writing.

Post:
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html

Direct Download
http://clicky.me/tlsvuln

Disclaimer
Information is believed to be accurate by the time of writing.
As this vulnerability has complex implications this document
is prone to revisions in the future.

Thierry ZOLLER - G-SEC
http://www.g-sec.lu
Principal Security Consultant

JSON