6.5 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.713 High
EPSS
Percentile
98.0%
The remote SSL/TLS service is prone to a denial of service (DoS)
vulnerability.
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.117761");
script_version("2024-02-02T05:06:11+0000");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"last_modification", value:"2024-02-02 05:06:11 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"creation_date", value:"2021-10-29 08:24:03 +0000 (Fri, 29 Oct 2021)");
script_cve_id("CVE-2011-1473", "CVE-2011-5094"); # nb: See the note on the Disputed state below...
script_name("SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)");
script_category(ACT_ATTACK); # nb: Might be already seen as an attack by remote systems.
script_family("SSL and TLS");
script_copyright("Copyright (C) 2021 Greenbone AG");
script_dependencies("gb_ssl_sni_supported.nasl", "gb_tls_version_get.nasl", "gb_starttls_pop3.nasl", "gb_starttls_imap.nasl",
"gb_starttls_ftp.nasl", "gb_starttls_smtp.nasl", "gb_postgres_tls_support.nasl", "gb_starttls_ldap.nasl",
"gb_starttls_nntp.nasl", "gb_starttls_xmpp.nasl", "gb_starttls_mysql.nasl", "gb_starttls_irc.nasl",
"gb_starttls_rdp.nasl");
script_mandatory_keys("ssl_tls/port");
script_xref(name:"URL", value:"https://web.archive.org/web/20211201133213/https://orchilles.com/ssl-renegotiation-dos/");
script_xref(name:"URL", value:"https://mailarchive.ietf.org/arch/msg/tls/wdg46VE_jkYBbgJ5yE4P9nQ-8IU/");
script_xref(name:"URL", value:"https://vincent.bernat.ch/en/blog/2011-ssl-dos-mitigation");
script_xref(name:"URL", value:"https://www.openwall.com/lists/oss-security/2011/07/08/2");
script_tag(name:"summary", value:"The remote SSL/TLS service is prone to a denial of service (DoS)
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if the remote service allows to re-do the same SSL/TLS
handshake (Renegotiation) over an existing / already established SSL/TLS connection.");
script_tag(name:"insight", value:"The flaw exists because the remote SSL/TLS service does not
properly restrict client-initiated renegotiation within the SSL and TLS protocols.
Note: The referenced CVEs are affecting OpenSSL and Mozilla Network Security Services (NSS) but
both are in a DISPUTED state with the following rationale:
> It can also be argued that it is the responsibility of server deployments, not a security
library, to prevent or limit renegotiation when it is inappropriate within a specific environment.
Both CVEs are still kept in this VT as a reference to the origin of this flaw.");
script_tag(name:"impact", value:"The flaw might make it easier for remote attackers to cause a
DoS (CPU consumption) by performing many renegotiations within a single connection.");
script_tag(name:"affected", value:"Every SSL/TLS service which does not properly restrict
client-initiated renegotiation.");
script_tag(name:"solution", value:"Users should contact their vendors for specific patch information.
A general solution is to remove/disable renegotiation capabilities altogether from/in the affected
SSL/TLS service.");
script_tag(name:"qod_type", value:"remote_analysis");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
# nb: Available since GOS 21.04.9 / openvas-scanner 21.4.4
if( ! defined_func( "socket_ssl_do_handshake" ) )
exit( 0 );
include("ssl_funcs.inc");
include("list_array_func.inc");
include("misc_func.inc");
include("mysql.inc");
if( ! port = tls_ssl_get_port() )
exit( 0 );
if( ! get_kb_item( "tls/supported/" + port ) )
exit( 0 );
# nb: We're not using get_supported_tls_versions() from ssl_func.inc here on purpose because we want
# to only check the fixed / defined list of affected protocols below.
#
# nb: TLSv1.3 generally doesn't support renegotiation according to:
# https://wiki.openssl.org/index.php/TLS1.3#Renegotiation
transports[ENCAPS_SSLv3] = "SSLv3";
transports[ENCAPS_TLSv1] = "TLSv1.0";
transports[ENCAPS_TLSv11] = "TLSv1.1";
transports[ENCAPS_TLSv12] = "TLSv1.2";
# nb: Used later for doing the reporting
info = make_array();
# nb: Number of tries before the remote service is determined as vulnerable. From
# https://orchilles.com/ssl-renegotiation-dos/:
# F5 has an iRule for this issue which doesn't allow more than 5 renegotiations per 60 second.
# so we're just trying 10 times just to be sure...
num_tries = 10;
# nb: If SNI is supported we need to fork on each host name on our own. This is done because
# otherwise socket_negotiate_ssl() would fork internally and after we had called open_ssl_socket()
# which would cause issues with failed connections / socket communication. The fork on the available
# host names needs to be done before doing any socket operation (e.g. opening a socket).
if( get_kb_item( "sni/" + port + "/supported" ) )
get_host_name();
foreach transport_num( keys( transports ) ) {
if( ! soc = open_ssl_socket( port:port ) )
continue;
# nb: socket_negotiate_ssl() is "upgrading" the socket and the socket number stays the same if
# successful so we only need to check it like this. Furthermore if no SSL/TLS connection could be
# estabilshed socket_negotiate_ssl() will close the passed socket internally so we don't need to
# close it when doing the continue here.
if( ! socket_negotiate_ssl( socket:soc, transport:transport_num ) )
continue;
count = 0;
for( i = 0; i < num_tries; i++ ) {
status = socket_ssl_do_handshake( socket:soc );
# nb: From the function description:
# 1 on success, less than 0 on handshake error. Null on nasl error.
if( status == 1 )
count++;
}
close( soc );
if( count >= num_tries ) {
transport_name = transports[transport_num];
VULN = TRUE;
info[transport_name] = num_tries;
}
}
if( VULN ) {
report = 'The following indicates that the remote SSL/TLS service is affected:\n\n';
report += text_format_table( array:info, sep:" | ", columnheader:make_list( "Protocol Version", "Successful re-done SSL/TLS handshakes (Renegotiation) over an existing / already established SSL/TLS connection" ) );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );