SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.117761");
  script_version("2024-02-02T05:06:11+0000");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:11 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"creation_date", value:"2021-10-29 08:24:03 +0000 (Fri, 29 Oct 2021)");
  script_cve_id("CVE-2011-1473", "CVE-2011-5094"); # nb: See the note on the Disputed state below...
  script_name("SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)");
  script_category(ACT_ATTACK); # nb: Might be already seen as an attack by remote systems.
  script_family("SSL and TLS");
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_dependencies("gb_ssl_sni_supported.nasl", "gb_tls_version_get.nasl", "gb_starttls_pop3.nasl", "gb_starttls_imap.nasl",
                      "gb_starttls_ftp.nasl", "gb_starttls_smtp.nasl", "gb_postgres_tls_support.nasl", "gb_starttls_ldap.nasl",
                      "gb_starttls_nntp.nasl", "gb_starttls_xmpp.nasl", "gb_starttls_mysql.nasl", "gb_starttls_irc.nasl",
                      "gb_starttls_rdp.nasl");
  script_mandatory_keys("ssl_tls/port");

  script_xref(name:"URL", value:"https://web.archive.org/web/20211201133213/https://orchilles.com/ssl-renegotiation-dos/");
  script_xref(name:"URL", value:"https://mailarchive.ietf.org/arch/msg/tls/wdg46VE_jkYBbgJ5yE4P9nQ-8IU/");
  script_xref(name:"URL", value:"https://vincent.bernat.ch/en/blog/2011-ssl-dos-mitigation");
  script_xref(name:"URL", value:"https://www.openwall.com/lists/oss-security/2011/07/08/2");

  script_tag(name:"summary", value:"The remote SSL/TLS service is prone to a denial of service (DoS)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if the remote service allows to re-do the same SSL/TLS
  handshake (Renegotiation) over an existing / already established SSL/TLS connection.");

  script_tag(name:"insight", value:"The flaw exists because the remote SSL/TLS service does not
  properly restrict client-initiated renegotiation within the SSL and TLS protocols.

  Note: The referenced CVEs are affecting OpenSSL and Mozilla Network Security Services (NSS) but
  both are in a DISPUTED state with the following rationale:

  > It can also be argued that it is the responsibility of server deployments, not a security
  library, to prevent or limit renegotiation when it is inappropriate within a specific environment.

  Both CVEs are still kept in this VT as a reference to the origin of this flaw.");

  script_tag(name:"impact", value:"The flaw might make it easier for remote attackers to cause a
  DoS (CPU consumption) by performing many renegotiations within a single connection.");

  script_tag(name:"affected", value:"Every SSL/TLS service which does not properly restrict
  client-initiated renegotiation.");

  script_tag(name:"solution", value:"Users should contact their vendors for specific patch information.

  A general solution is to remove/disable renegotiation capabilities altogether from/in the affected
  SSL/TLS service.");

  script_tag(name:"qod_type", value:"remote_analysis");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

# nb: Available since GOS 21.04.9 / openvas-scanner 21.4.4
if( ! defined_func( "socket_ssl_do_handshake" ) )
  exit( 0 );

include("ssl_funcs.inc");
include("list_array_func.inc");
include("misc_func.inc");
include("mysql.inc");

if( ! port = tls_ssl_get_port() )
  exit( 0 );

if( ! get_kb_item( "tls/supported/" + port ) )
  exit( 0 );

# nb: We're not using get_supported_tls_versions() from ssl_func.inc here on purpose because we want
# to only check the fixed / defined list of affected protocols below.
#
# nb: TLSv1.3 generally doesn't support renegotiation according to:
# https://wiki.openssl.org/index.php/TLS1.3#Renegotiation
transports[ENCAPS_SSLv3] = "SSLv3";
transports[ENCAPS_TLSv1] = "TLSv1.0";
transports[ENCAPS_TLSv11] = "TLSv1.1";
transports[ENCAPS_TLSv12] = "TLSv1.2";

# nb: Used later for doing the reporting
info = make_array();

# nb: Number of tries before the remote service is determined as vulnerable. From
# https://orchilles.com/ssl-renegotiation-dos/:
# F5 has an iRule for this issue which doesn't allow more than 5 renegotiations per 60 second.
# so we're just trying 10 times just to be sure...
num_tries = 10;

# nb: If SNI is supported we need to fork on each host name on our own. This is done because
# otherwise socket_negotiate_ssl() would fork internally and after we had called open_ssl_socket()
# which would cause issues with failed connections / socket communication. The fork on the available
# host names needs to be done before doing any socket operation (e.g. opening a socket).
if( get_kb_item( "sni/" + port + "/supported" ) )
  get_host_name();

foreach transport_num( keys( transports ) ) {

  if( ! soc = open_ssl_socket( port:port ) )
    continue;

  # nb: socket_negotiate_ssl() is "upgrading" the socket and the socket number stays the same if
  # successful so we only need to check it like this. Furthermore if no SSL/TLS connection could be
  # estabilshed socket_negotiate_ssl() will close the passed socket internally so we don't need to
  # close it when doing the continue here.
  if( ! socket_negotiate_ssl( socket:soc, transport:transport_num ) )
    continue;

  count = 0;
  for( i = 0; i < num_tries; i++ ) {
    status = socket_ssl_do_handshake( socket:soc );
    # nb: From the function description:
    # 1 on success, less than 0 on handshake error. Null on nasl error.
    if( status == 1 )
      count++;
  }

  close( soc );

  if( count >= num_tries ) {
    transport_name = transports[transport_num];
    VULN = TRUE;
    info[transport_name] = num_tries;
  }
}

if( VULN ) {
  report  = 'The following indicates that the remote SSL/TLS service is affected:\n\n';
  report += text_format_table( array:info, sep:" | ", columnheader:make_list( "Protocol Version", "Successful re-done SSL/TLS handshakes (Renegotiation) over an existing / already established SSL/TLS connection" ) );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );