{"vuid":"VU#120541","idnumber":"120541","name":"SSL and TLS protocols renegotiation vulnerability","keywords":["SSL","TLS","man-in-the-middle","MITM","https","design"],"overview":"A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.","clean_desc":"The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group: The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer.","impact":"A remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences.","resolution":"Users should contact vendors for specific patch information.","workarounds":"","sysaffected":"","thanks":"Thanks to Marsh Ray of PhoneFactor for reporting this vulnerability. This issue was also independently discovered and publicly disclosed by Martin Rex of SAP.","author":"This document was written by Chris Taschner.","public":["http://extendedsubset.com/?p=8","http://www.links.org/?p=780","http://www.links.org/?p=786","http://www.links.org/?p=789","http://blogs.iss.net/archive/sslmitmiscsrf.html","http://www.ietf.org/mail-archive/web/tls/current/msg03948.html","https://bugzilla.redhat.com/show_bug.cgi?id=533125","http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html","http://cvs.openssl.org/chngview?cn=18790","http://www.links.org/files/no-renegotiation-2.patch","http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html","https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt","http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"],"cveids":["CVE-2009-3555"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-11-05T13:22:49Z","publicdate":"2009-11-05T00:00:00Z","datefirstpublished":"2009-11-11T19:42:20Z","dateupdated":"2011-07-22T12:47:20Z","revision":38,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"tcp\n993/tcp\n995/tcp\n1194/tcp\n1194/udp","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}