(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update

{"result": {"cve": [{"id": "CVE-2009-3555", "type": "cve", "title": "CVE-2009-3555", "description": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "published": "2009-11-09T12:30:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-03T12:55:50"}], "openssl": [{"id": "OPENSSL:CVE-2009-3555", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2009-3555)", "description": "Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation.", "published": "2009-11-05T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.openssl.org/news/vulnerabilities.html", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:22:35"}], "f5": [{"id": "F5:K10737", "type": "f5", "title": "SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "description": "", "published": "2009-11-06T03:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K10737", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-06-08T10:18:58"}, {"id": "SOL10737", "type": "f5", "title": "SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "description": "A Man in the Middle attack allows an attacker to inject an arbitrary amount of chosen plain text into the application protocol stream data during a secure session renegotiation that uses SSL version 3.x or TLS version 1.x. This may provide an attacker the ability to perform arbitrary actions on affected websites with user's credentials. This vulnerability does not allow one to decrypt the intercepted network communication.\n\nInformation about this advisory is available at the following locations:\n\n**Note**: These links take you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555>\n\n**Note**: F5 thanks Marsh Ray, who originally identified and reported this vulnerability.\n\nThe IETF has adopted as [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>) a new extension to the TLS standard that addresses this issue. F5 Product Development has implemented this new extension beginning in BIG-IP versions 10.2.3 and 11.0.0.\n\n**Important**: When session renegotiation is disabled, some browsers may log an informational message that appears similar to the following example to the console, when connecting to F5 products:\n\nServer does not support RFC 5746, see CVE-2009-3555\n\nAlthough the message implies that the F5 product to which the browser is connecting is vulnerable to this attack, all vulnerable F5 Products have been patched to disable SSL/TLS renegotiation, and some have been further enhanced to allow explicit control over renegotiation, thus mitigating this attack. For more information regarding completed and planned updates related to this vulnerability, refer to the following table. Note that ID 223836 specifically addresses this error message.\n\nF5 Product Development is tracking this issue as follows:\n\nCR / ID | Description | Affected products | Included in \n---|---|---|--- \nCR132165 / \n \nID 213305 | Introduce the **<disable|enable>** parameter to the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command to control on a per-connection basis how TMM should respond to SSL 3.0/TLS 1.0 renegotiation requests. \n\n\n**Important**: Client-side session renegotiation is still enabled, by default, in versions prior to 10.1.0. In these versions, you must apply an iRule using the **SSL::renegotiate disable **command to each virtual server configuration you wish to protect from this vulnerability. Refer to the mitigation section, following, for more information.\n\n**Note**: For more information, refer to the DevCentral wiki page for the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command.\n\n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEngineering Hotfix available for: \nEnterprise Manager 1.8 \nCR132166 / \n \nID 213306 | Patch OpenSSL to disable midstream session renegotiation. This patch protects the Configuration utility and iControl against this vulnerability. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132167 / \n \nID 213307 | Enable midstream session renegotiation for the **big3d **and **gtmd**. This CR is a companion to CR132166, re-enabling mid-stream session renegotiation for the **big3d **and **gtmd** processes, which maintain long-lived iQuery-over-SSL connections that are renegotiated daily. These connections are mutually authenticated using 2-way SSL authentication prior to exchanging application traffic and, thus, are not vulnerable to the man-in-the-middle attacks described in this Solution. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132170 / \n \nID 213308 | Introduce a Client SSL / ServerSSL profile option to control whether midstream session renegotiation is allowed. In versions 10.1.0 - 10.2.2, the default setting for the Client SSL profile is **disabled**, and the default setting for the Server SSL profile is **enabled**. **Note**: BIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM | BIG-IP 10.1.0 and later \n \nCR132172 / \n \nID 223836 | Implement [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>), an extension to the TLS standard for secure midstream session renegotiation. **Note**: For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 10.2.3 \nBIG-IP 11.0.0 and later \n \nCR132177 / \nID 295760\n\nand\n\nCR132177-1 / \nID 294172\n\n| Patch OpenSSL to disable midstream session renegotiation. | FirePass | \n\nFirePass 7.0.0 and later \nFirePass 6.1.0 HF1 * \nFirePass 6.0.3 hotfix-132177-1 \nFirePass 6.0.2 hotfix-132177-1 \nFirePass 5.5.2 hotfix-132177-1 \nFirePass 5.5.1 hotfix-132177-1 \nFirePass 5.5 hotfix-132177-1 \n \nImportant: For version 6.1.0, the \nfix for this ID was not included in \nHF3 or HF4. Install the latest \ncumulative hotfix. \n \nID 37053 | Patch or upgrade Apache Tomcat to disable session renegotiation. | ARX | ARX 6.2.0 \n \n \nIf a named hotfix has been issued for your software version, you may download the referenced hotfix or later versions of the hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nIf an engineering hotfix has been issued for your software version, you should contact [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>), and reference this Solution number and the associated CR number to request the hotfix.\n\nFor a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\nFor information about installing version 10.x hotfixes, refer to SOL10025: Managing BIG-IP product hotfixes (10.x).\n\n**Mitigation steps for BIG-IP LTM, ASM, PSM, Link Controller, WebAccelerator, or WOM SSL virtual servers**\n\nYou can use the Client SSL profile Renegotiation setting or an iRule to disable client-side session renegotiation for virtual servers. Refer to the following section that applies to your version:\n\n**Note**: Applications that require session renegotiation are inherently vulnerable to the attack. Only removal of the renegotiation requirement in the application itself will eliminate the vulnerability. If session renegotiation is disabled by any of the vulnerability mitigation steps described later, without modifying the application, client connections will be dropped. For example, IE 5.0 clients accessing applications which use SGC (Server Gated Cryptography) certificates are known to require renegotiation, and their connections would be disrupted by such a configuration.\n\n**Important**: Any mitigation action that re-enables session re-negotiation on patched vulnerable versions may re-expose your F5 system to this vulnerability. In some cases, iRule logic can be used to control this behavior. Refer to the following sections for details regarding your product and version.\n\n**BIG-IP versions 10.1.0 and later**\n\nBIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. SSL Renegotiation setting is **Enabled,** by default, in the SSL profiles, however, the system requires secure renegotiation of SSL connections. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension.\n\nIn BIG-IP version 10.1.0, the Renegotiation setting was added to the BIG-IP Client session and Server SSL profiles as a result of ID 213308 (formerly CR132180). In versions 10.1.0 - 10.2.2, the Renegotiation setting is **Disabled **by default in the Client SSL profile. Virtual servers using a Client SSL profile with the Renegotiation setting configured to **Disabled **are protected from this vulnerability.\n\nIf necessary, you can selectively enable renegotiation using the **SSL::renegotiate** iRules command on a virtual server that has renegotiation disabled in its Client SSL profile. For example, an iRule similar to the following enables renegotiation only for clients within a single Class C subnet:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nif { [IP::addr [IP::client_addr] equals 192.168.222.0/24] }{ \nSSL::renegotiate enable \n} \n}\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, and 10.1.0 through 10.2.x**\n\nTo mitigate the vulnerability, a BIG-IP system administrator may apply iRules similar to the following to each SSL virtual server. This sample iRule uses the **SSL::renegotiate** command to disable client-side session renegotiation, which prevents the BIG-IP system from processing a secondary session renegotiation request:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nSSL::renegotiate disable \n}\n\nThe **<enable|disable>**parameter was added to the **SSL::renegotiate** command in versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, 10.1.x, and 10.2.0 as a result of ID 213305 (formerly CR132165). In versions prior to 10.1.0, all virtual servers with a Client SSL profile applied will, by default, still accept session renegotiation.\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.4.x, 9.3.x prior to 9.3.1 HF8, and 10.0.x prior to 10.0.1 HF3**\n\nTo mitigate the vulnerability in versions that do not include the **SSL::renegotiate** command, apply an iRule similar to the following to each SSL virtual server. The iRule resets the connection if client-side SSL renegotiation is attempted.\n\nwhen CLIENT_ACCEPTED { \n# initialize TLS/SSL handshake count for this connection \nset sslhandshakecount 0 \n} \nwhen CLIENTSSL_HANDSHAKE priority 1 { \n# a handshake just occurred \nincr sslhandshakecount \n# is this the first handshake in this connection? \nif { $sslhandshakecount > 1 } { \n# log (rate limited) the event (to /var/log/ltm) \nlog \"\\\\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[TCP::remote_port]\\\\]:TLS/SSL renegotiation\" \n# if not, close the clientside connection \nreject \n} \n} \n\n\n**Note**: This example was provided by F5 DevCentral poster Lupo. The original post is available at the following location:\n\n[mitigating the TLS client-initiated renegotiation MITM attack](<http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=86456&view=topic>)\n\nA separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n", "published": "2009-11-05T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-05-30T21:02:08"}], "cert": [{"id": "VU:120541", "type": "cert", "title": "SSL and TLS protocols renegotiation vulnerability", "description": "### Overview\n\nA vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.\n\n### Description\n\nThe Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the [Network Working Group](<https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt>): \n\n_The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data._ \n \nThis issue affects SSL version 3.0 and newer and TLS version 1.0 and newer. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences. \n \n--- \n \n### Solution\n\nUsers should contact vendors for specific patch information. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nBarracuda Networks| | 05 Nov 2009| 17 Dec 2009 \nDebian GNU/Linux| | 05 Nov 2009| 11 Nov 2009 \nGnuTLS| | 05 Nov 2009| 11 Nov 2009 \nHewlett-Packard Company| | 05 Nov 2009| 17 Dec 2009 \nIBM Corporation| | 05 Nov 2009| 11 Nov 2009 \nMcAfee| | 05 Nov 2009| 11 Nov 2009 \nSun Microsystems, Inc.| | 05 Nov 2009| 06 Nov 2009 \nCryptlib| | 05 Nov 2009| 11 Nov 2009 \nForce10 Networks, Inc.| | 05 Nov 2009| 22 Jul 2011 \nlibgcrypt| | 05 Nov 2009| 11 Nov 2009 \nRedback Networks, Inc.| | 05 Nov 2009| 11 Nov 2009 \nSafeNet| | 05 Nov 2009| 19 Nov 2009 \n3com Inc| | 05 Nov 2009| 05 Nov 2009 \nACCESS| | 05 Nov 2009| 05 Nov 2009 \nAlcatel-Lucent| | 05 Nov 2009| 05 Nov 2009 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23120541 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://extendedsubset.com/?p=8>\n * <http://www.links.org/?p=780>\n * <http://www.links.org/?p=786>\n * <http://www.links.org/?p=789>\n * <http://blogs.iss.net/archive/sslmitmiscsrf.html>\n * <http://www.ietf.org/mail-archive/web/tls/current/msg03948.html>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=533125>\n * <http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html>\n * <http://cvs.openssl.org/chngview?cn=18790>\n * <http://www.links.org/files/no-renegotiation-2.patch>\n * <http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html>\n * <https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt>\n * <http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html>\n\n### Credit\n\nThanks to Marsh Ray of PhoneFactor for reporting this vulnerability. This issue was also independently discovered and publicly disclosed by Martin Rex of SAP.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n * CVE IDs: [CVE-2009-3555](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555>)\n * Date Public: 05 Nov 2009\n * Date First Published: 11 Nov 2009\n * Date Last Updated: 22 Jul 2011\n * Document Revision: 35\n\n", "published": "2009-11-11T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/120541", "cvelist": ["CVE-2009-3555", "CVE-2009-3555"], "lastseen": "2016-02-03T09:13:26"}], "ubuntu": [{"id": "USN-927-5", "type": "ubuntu", "title": "nspr update", "description": "USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR \nneeded to use the new NSS.\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds support for the new \nnew renegotiation extension and will use it when the server supports it.", "published": "2010-06-29T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.ubuntu.com/usn/usn-927-5", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-01T08:28:28"}, {"id": "USN-990-2", "type": "ubuntu", "title": "Apache vulnerability", "description": "USN-860-1 introduced a partial workaround to Apache that disabled client \ninitiated TLS renegotiation in order to mitigate [CVE-2009-3555](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2009-3555>). USN-990-1 \nintroduced the new RFC5746 renegotiation extension in openssl, and \ncompletely resolves the issue.\n\nAfter updating openssl, an Apache server will allow both patched and \nunpatched web browsers to connect, but unpatched browsers will not be able \nto renegotiate. This update introduces the new SSLInsecureRenegotiation \ndirective for Apache that may be used to re-enable insecure renegotiations \nwith unpatched web browsers. For more information, please refer to: \nhttp://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotiation\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds backported support \nfor the new RFC5746 renegotiation extension and will use it when both the \nclient and the server support it.", "published": "2010-09-21T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.ubuntu.com/usn/usn-990-2", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-01T08:28:27"}, {"id": "USN-927-1", "type": "ubuntu", "title": "NSS vulnerability", "description": "Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds support for the new \nnew renegotiation extension and will use it when the server supports it.", "published": "2010-04-09T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.ubuntu.com/usn/usn-927-1", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-01T08:28:57"}, {"id": "USN-927-6", "type": "ubuntu", "title": "NSS vulnerability", "description": "USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the \ncorresponding updates for Ubuntu 9.04.\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds support for the new \nnew renegotiation extension and will use it when the server supports it.", "published": "2010-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.ubuntu.com/usn/usn-927-6", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-01T08:29:18"}, {"id": "USN-990-1", "type": "ubuntu", "title": "OpenSSL vulnerability", "description": "Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds backported support \nfor the new RFC5746 renegotiation extension and will use it when both the \nclient and the server support it.\n\nATTENTION: After applying this update, a patched server will allow both \npatched and unpatched clients to connect, but unpatched clients will not be \nable to renegotiate. For more information, please refer to the following: \nhttp://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATION", "published": "2010-09-21T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.ubuntu.com/usn/usn-990-1", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-01T08:28:51"}, {"id": "USN-927-4", "type": "ubuntu", "title": "nss vulnerability", "description": "USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides \nthe corresponding updates for Ubuntu 8.04 LTS.\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds support for the new \nnew renegotiation extension and will use it when the server supports it.", "published": "2010-06-29T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.ubuntu.com/usn/usn-927-4", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-01T08:29:31"}], "openvas": [{"id": "OPENVAS:66583", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-13250 (proftpd)", "description": "The remote host is missing an update to proftpd\nannounced via advisory FEDORA-2009-13250.", "published": "2009-12-30T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66583", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-12-12T15:25:30"}, {"id": "OPENVAS:66270", "type": "openvas", "title": "Slackware Advisory SSA:2009-320-01 openssl ", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-320-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66270", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-02T06:29:09"}, {"id": "OPENVAS:880611", "type": "openvas", "title": "CentOS Update for nspr CESA-2010:0165 centos5 i386", "description": "Check for the Version of nspr", "published": "2011-08-09T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880611", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T20:41:51"}, {"id": "OPENVAS:861798", "type": "openvas", "title": "Fedora Update for nss FEDORA-2010-3905", "description": "Check for the Version of nss", "published": "2010-03-31T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861798", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T20:40:11"}, {"id": "OPENVAS:880612", "type": "openvas", "title": "CentOS Update for openssl097a CESA-2010:0164 centos5 i386", "description": "Check for the Version of openssl097a", "published": "2011-08-09T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880612", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T20:41:58"}, {"id": "OPENVAS:800466", "type": "openvas", "title": "Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)", "description": "This host installed with TLS/SSL protocol which is prone to Spoofing\n Vulnerability", "published": "2010-02-11T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=800466", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-03-13T13:13:02"}, {"id": "OPENVAS:830893", "type": "openvas", "title": "Mandriva Update for mandriva-release MDVA-2010:069 (mandriva-release)", "description": "Check for the Version of mandriva-release", "published": "2010-02-19T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830893", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T20:40:07"}, {"id": "OPENVAS:122382", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0164", "description": "Oracle Linux Local Security Checks ELSA-2010-0164", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=122382", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-11-16T16:43:34"}, {"id": "OPENVAS:900247", "type": "openvas", "title": "Remote Code Execution Vulnerabilities in SChannel (980436)", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS10-049.", "published": "2010-08-11T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=900247", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-02T06:30:12"}, {"id": "OPENVAS:66562", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-12305 (tomcat-native)", "description": "The remote host is missing an update to tomcat-native\nannounced via advisory FEDORA-2009-12305.", "published": "2009-12-30T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66562", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-12-12T15:25:29"}], "centos": [{"id": "CESA-2010:0165", "type": "centos", "title": "nspr, nss security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0165\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016601.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016602.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016607.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016608.html\n\n**Affected packages:**\nnspr\nnspr-devel\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0165.html", "published": "2010-03-28T16:36:50", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016602.html", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-12-05T19:59:48"}, {"id": "CESA-2010:0164", "type": "centos", "title": "openssl097a security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0164\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016595.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016596.html\n\n**Affected packages:**\nopenssl097a\n\n**Upstream details at:**\n", "published": "2010-03-27T18:44:36", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016595.html", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-12-05T20:06:19"}, {"id": "CESA-2010:0166", "type": "centos", "title": "gnutls security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0166\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016587.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016588.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-utils\n\n**Upstream details at:**\n", "published": "2010-03-26T22:48:08", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016587.html", "cvelist": ["CVE-2009-2409", "CVE-2009-3555"], "lastseen": "2016-12-05T19:58:53"}, {"id": "CESA-2010:0167", "type": "centos", "title": "gnutls security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0167\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016605.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016606.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0167.html", "published": "2010-03-28T21:02:51", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016605.html", "cvelist": ["CVE-2010-0731", "CVE-2009-3555"], "lastseen": "2016-12-05T20:05:45"}, {"id": "CESA-2010:0162", "type": "centos", "title": "openssl security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0162\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016593.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016594.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\n", "published": "2010-03-27T18:30:13", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016593.html", "cvelist": ["CVE-2009-3245", "CVE-2009-3555", "CVE-2010-0433"], "lastseen": "2016-12-05T20:00:53"}, {"id": "CESA-2010:0163", "type": "centos", "title": "openssl security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0163\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016580.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016581.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016609.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016610.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0163.html", "published": "2010-03-25T23:38:39", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016580.html", "cvelist": ["CVE-2009-2409", "CVE-2009-0590", "CVE-2009-3555"], "lastseen": "2016-12-05T20:08:15"}], "nessus": [{"id": "FEDORA_2009-13250.NASL", "type": "nessus", "title": "Fedora 12 : proftpd-1.3.2c-1.fc12 (2009-13250)", "description": "This update addresses CVE-2009-3555 (SSL/TLS renegotiation vulnerability), mitigating the problem by refusing all client-initiated SSL/TLS session renegotiations. This update to the latest maintenance release also fixes a number of bugs recorded in the proftpd bug tracker: - SSL/TLS renegotiation vulnerability (CVE-2009-3555, bug 3324) - Failed database transaction can cause mod_quotatab to loop (bug 3228) - Segfault in mod_wrap (bug 3332) - <Directory> sections can have <Limit> problems (bug 3337) - mod_wrap2 segfaults when a valid user retries the USER command (bug 3341) - mod_auth_file handles 'getgroups' request incorrectly (bug 3347) - Segfault caused by scrubbing zero- length portion of memory (bug 3350) Finally, the behaviour of the MLSD FTP command (used in many modern FTP clients to list directories) is fixed for the case when the FTP server's configuration disallows its usage (using a <Limit> clause) in some but not all places (#544002).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-12-28T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43604", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:25:57"}, {"id": "FEDORA_2010-1127.NASL", "type": "nessus", "title": "Fedora 12 : nss-3.12.5-8.fc12 (2010-1127)", "description": "Update to 3.12.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-01T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47232", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:26:32"}, {"id": "UBUNTU_USN-990-2.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : apache2 vulnerability (USN-990-2)", "description": "USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555.\nUSN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue.\n\nAfter updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. For more information, please refer to:\nhttp://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotia tion\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-09-22T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49644", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:24:49"}, {"id": "AIX_SSL_ADVISORY.NASL", "type": "nessus", "title": "AIX OpenSSL Advisory : ssl_advisory.asc", "description": "The version of OpenSSL running on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source.\n\n - A remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow an attacker to issue HTTP requests or take action impersonating the user, among other consequences.\n\nPlease note that the recommended fixes will disable all session renegotiation.", "published": "2014-04-16T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73566", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:23:57"}, {"id": "SUSE_11_0_LIBFREEBL3-100407.NASL", "type": "nessus", "title": "openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0100-1)", "description": "Mozilla NSS was updated to version 3.12.6.\n\nThis fixes all currently known issues in mozilla-nss, and also implements the new TLS/SSL renegotiation handling (CVE-2009-3555).", "published": "2010-04-13T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=45492", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:25:04"}, {"id": "HPSMH_6_1_0_102.NASL", "type": "nessus", "title": "HP System Management Homepage < 6.1.0.102 / 6.1.0-103 Multiple Vulnerabilities", "description": "According to the web server banner, the version of HP System Management Homepage (SMH) running on the remote host is potentially affected by the following vulnerabilities :\n\n - Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext by a man-in-the-middle. (CVE-2009-3555)\n\n - An unspecified vulnerability in version 2.0.18 of the Namazu component, used by the Windows version of SMH.", "published": "2010-05-19T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=46677", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-10-28T01:26:42"}, {"id": "UBUNTU_USN-927-4.NASL", "type": "nessus", "title": "Ubuntu 8.04 LTS : nss vulnerability (USN-927-4)", "description": "USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS.\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-06-30T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47159", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:24:26"}, {"id": "SSL_RENEGOTIATION.NASL", "type": "nessus", "title": "SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection", "description": "The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake.\nAn unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.", "published": "2009-11-24T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=42880", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-06-13T08:38:35"}, {"id": "MANDRIVA_MDVSA-2010-069.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : nss (MDVSA-2010:069)", "description": "A vulnerability has been found and corrected in nss :\n\nThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue (CVE-2009-3555).\n\nAdditionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes.\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers.\n\nThis update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack.", "published": "2010-04-09T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=45449", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:25:53"}, {"id": "SUSE_JAVA-1_4_2-IBM-7036.NASL", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7036)", "description": "IBM Java 1.4.2 was updated to version U13 FP 4 iFixes to fix the SSL renegotiation flaw reported as CVE-2009-3555, as well as SAP installer related bugs.", "published": "2012-05-17T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59119", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:24:34"}], "cisco": [{"id": "CISCO-SA-20091105-CVE-2009-3555", "type": "cisco", "title": "Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability", "description": "Multiple Transport Layer Security (TLS) implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack.\n\nThe vulnerability exists during a TLS renegotiation process. If an attacker can intercept traffic from a client to a TLS server, the attacker could stage a rogue TLS server to intercept that traffic and appear to authenticate the client to what the client thinks is the desired TLS server. The attacker is then able to authenticate to the legitimate TLS server and thus stage a man-in-the-middle attack. However, the attacker would not be able to view the contents of the session and would only be able to inject data or requests into it.\n\nProof-of-concept code that exploits this vulnerability is publicly available.\n\nOpenSSL has confirmed this vulnerability in a changelog and released updated software.\n\n\nTo exploit this vulnerability, the attacker must be able to intercept traffic from a TLS client to a TLS server. In many cases, this may require the attacker to have access to a network that is adjacent to the targeted user's system. Another possibility would be for the attacker to have access to a network that is adjacent to a legitimate TLS server.\n\nThis vulnerability is likely to affect multiple implementations of TLS.", "published": "2009-11-05T19:53:52", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-17T21:03:31"}, {"id": "CISCO-SA-20091109-TLS", "type": "cisco", "title": "Transport Layer Security Renegotiation Vulnerability", "description": "", "published": "2009-11-09T13:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-05-13T12:31:01"}], "redhat": [{"id": "RHSA-2010:0164", "type": "redhat", "title": "(RHSA-2010:0164) Moderate: openssl097a security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll openssl097a users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to take\neffect, all services linked to the openssl097a library must be restarted,\nor the system rebooted.", "published": "2010-03-25T04:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0164", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-04T11:17:55"}, {"id": "RHSA-2010:0165", "type": "redhat", "title": "(RHSA-2010:0165) Moderate: nss security update", "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library\nlinking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the following\nKnowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages, which\nupdate NSS to version 3.12.6. This erratum also updates the NSPR packages\nto the version required by NSS 3.12.6. All running applications using the\nNSS library must be restarted for this update to take effect.", "published": "2010-03-25T04:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0165", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-04T11:17:50"}, {"id": "RHSA-2010:0166", "type": "redhat", "title": "(RHSA-2010:0166) Moderate: gnutls security update", "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthe CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nDan Kaminsky found that browsers could accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. GnuTLS\nnow disables the use of the MD2 algorithm inside signatures by default.\n(CVE-2009-2409)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted, or\nthe system rebooted.", "published": "2010-03-25T04:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0166", "cvelist": ["CVE-2009-2409", "CVE-2009-3555"], "lastseen": "2016-09-04T11:17:41"}, {"id": "RHSA-2010:0167", "type": "redhat", "title": "(RHSA-2010:0167) Moderate: gnutls security update", "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthe CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA flaw was found in the way GnuTLS extracted serial numbers from X.509\ncertificates. On 64-bit big endian platforms, this flaw could cause the\ncertificate revocation list (CRL) check to be bypassed; cause various\nGnuTLS utilities to crash; or, possibly, execute arbitrary code.\n(CVE-2010-0731)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted, or\nthe system rebooted.", "published": "2010-03-25T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0167", "cvelist": ["CVE-2010-0731", "CVE-2009-3555"], "lastseen": "2016-09-04T11:17:38"}, {"id": "RHSA-2009:1579", "type": "redhat", "title": "(RHSA-2009:1579) Moderate: httpd security update", "description": "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", "published": "2009-11-11T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1579", "cvelist": ["CVE-2009-3094", "CVE-2009-3555", "CVE-2009-3095"], "lastseen": "2016-09-04T11:17:55"}], "oraclelinux": [{"id": "ELSA-2010-0165", "type": "oraclelinux", "title": "nss security update", "description": "nspr:\n[4.8.4-1]\n- Update to NSPR 4.8.4\nnss:\n[3.12.6-1.0.1.el5_4]\n- Update clean.gif in the nss-3.12.6-stripped.tar.bz2 tarball\n[3.12.6-1]\n- Update to 3.12.6\n[3.12.5.99-1.2]\n- Fix an unsatified tools runtime dependency\n[3.12.5.99-1.1]\n- Preserve file attributes and include some test cleanup\n[3.12.5.99-1]\n- Update to NSS_3_12_6_RC1\n[3.12.3.99.3-1.el5_3.4]\n- CVE-2009-3555 (bug 543536) ", "published": "2010-03-25T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0165.html", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-04T11:16:09"}, {"id": "ELSA-2010-0164", "type": "oraclelinux", "title": "openssl097a security update", "description": "[0.9.7a-9.2]\n- CVE-2009-3555 - support the secure renegotiation RFC (#533125) ", "published": "2010-03-25T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0164.html", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-04T11:16:37"}, {"id": "ELSA-2010-0167", "type": "oraclelinux", "title": "gnutls security update", "description": "[1.0.20-4.0.1.el4_8.7]\n- Bump release to resolve ULN up2date issue\n[1.0.20-4.7]\n- fix crash in the gnutls-cli tool needed for testing\n[1.0.20-4.5]\n- fix safe renegotiation in SSL3 protocol\n[1.0.20-4.4]\n- implement safe renegotiation - CVE-2009-3555 (#533125) ", "published": "2010-03-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0167.html", "cvelist": ["CVE-2010-0731", "CVE-2009-3555"], "lastseen": "2016-09-04T11:16:51"}, {"id": "ELSA-2010-0166", "type": "oraclelinux", "title": "gnutls security update", "description": "[1.4.1-3.8]\n- fix safe renegotiation on SSL3 protocol\n[1.4.1-3.7]\n- implement safe renegotiation - CVE-2009-3555 (#533125)\n- do not allow MD2 in certificate signatures by default - CVE-2009-2409\n (#510197) ", "published": "2010-03-25T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0166.html", "cvelist": ["CVE-2009-2409", "CVE-2009-3555"], "lastseen": "2016-09-04T11:16:32"}, {"id": "ELSA-2010-0163", "type": "oraclelinux", "title": "openssl security update", "description": "[0.9.7a-43.17.5]\n- do not disable SSLv2 in the renegotiation patch - SSLv2 does\n not support renegotiation\n- allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT\n[0.9.7a-43.17.4]\n- mention the RFC5746 in the renegotiation fix doc\n[0.9.7a-43.17.3]\n- CVE-2009-3555 - support the secure renegotiation RFC (#533125)\n- CVE-2009-2409 - drop MD2 from the default algorithm list (#510197)\n- CVE-2009-0590 - crash when printing incorrect asn1 strings (#492304) ", "published": "2010-03-25T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0163.html", "cvelist": ["CVE-2009-2409", "CVE-2009-0590", "CVE-2009-3555"], "lastseen": "2016-09-04T11:16:59"}], "hackerone": [{"id": "H1:5617", "type": "hackerone", "title": "Slack: TLS1/SSLv3 Renegotiation Vulnerability", "description": "URL: http://www.slack.com\r\n\r\nVulnerability description\r\nA flaw in the design of the TLS v. 1/SSL v. 3 (TLS/SSL) handshake process was discovered in 2009, and RFC 5746 (Feb. 2010) was released to update the protocol specification. Since then, most system manufacturers have released patches to fix this flaw. Still, as of June 2011 approximately half of the systems using TLS/SSL on the Internet have not implemented the patches needed to close this security hole. This vulnerability affects the secure transport of HTTP, IMAP, SMTP, and other protocols that rely on TLS/SSL. Industry representatives and security researchers who have looked into the problem note that sites with the TLS patch may still be vulnerable to this attack, known as the TLS renegotiation Man-In-The-Middle attack (TLS Renego MITM). DigiCert is taking a proactive approach to this problem by contacting its customers to advise them of this potential vulnerability in their systems. At some point in the future, connectivity problems may occur because of server non-compliance with RFC 5746.\r\n\r\nA vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer.\r\nThis vulnerability affects Web Server. \r\nDiscovered by: TLS1_SSL3_Renegotiation. \r\n\r\nAttack details\r\nJust to provide you with a brief overview, the typical TLS/SSL handshake process involves the following:\r\n\r\nclient hello (highest TLS/SSL version supported, random number, suggested ciphers, suggested compression methods and, if the client is attempting renegotiation, previous session ID)\r\nserver hello (TLS/SSL version, random number, cipher suite and compression chosen and, if server is attempting renegotiation, previous session ID)\r\nserver sends TLS/SSL certificate\r\nserver hello done\r\n\r\nclient key exchange (preMasterSecret exchange and MasterSecret calculation)\r\nclient change cipher spec\r\nclient finished (hash and MAC of previous handshake messages)\r\n\r\nserver change cipher spec\r\nserver finished\r\n\r\nGET /secure HTTP/1.1\\r\\n...\r\n\r\n(For more information, see Wikipedia's article on TLS handshakes).\r\n\r\nUsing the TLS Renego MITM vulnerability, an attacker can either form a TLS connection to the server first, before the client (for example, on a compromised machine in response to the client\u2019s attempt at connection) or can use session renegotiation to effectuate the attack. Even mutual certificate-based client authentication connections are vulnerable to the TLS Renego MITM attack. More details on how various attack scenarios play out are provided in RFC 5746 and related discussions provided here and here.\r\n\r\n\r\n\r\nThe impact of this vulnerability\r\nA remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences.\r\n\r\nHow to fix this vulnerability\r\n\r\nThe TLS/SSL specification in RFC 5746 applies to both full handshakes and session resumption handshakes. Because pre-existing TLS/SSL specifications required systems to ignore a ClientHello extension if they did not understand it, RFC 5746 specifies that the ClientHello either contain an empty \u201crenegotiation_info\" extension or a Signaling Cipher Suite Value (SCSV) as a pseudo cipher suite with the same semantics as an empty \"renegotiation_info\" extension. When a client receives the ServerHello, it must check to see if the server supports the \"renegotiation_info\" extension. Assuming that secure renegotiation is supported per RFC 5746, then for TLS renegotiation, the client can send the \"renegotiation_info\" extension. If the server does not respond in accordance with RFC 5746, the client MUST abort the renegotiation handshake. Similarly, if a client does not respond in accordance with RFC 5746, then the server MUST abort the renegotiation handshake.\r\n\r\nFor backward compatibility, a compliant client will be configurable for either allowing insecure renegotiation or aborting an attempt to renegotiate. However, because some TLS servers do not support renegotiation at all there will be a transition period where problems will be encountered. From a server side, if the server does not receive the \"renegotiation_info\" extension or the SCSV, then RFC 5746 specifies that the \u201csecure_renegotiation\u201d flag be set to FALSE. Thereafter, if a ClientHello for renegotiation contains an empty \u201crenegotiation_info\" extension or the SCSV, then the server MUST abort the handshake.\r\n\r\nWeb references\r\nTLS1/SSLv3 Renegotiation Vulnerability \r\nCVE-2009-3555 \r\nVU#120541 \r\n", "published": "2014-04-02T13:01:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/5617", "cvelist": ["CVE-2009-3555"], "lastseen": "2017-01-15T19:01:07"}], "nginx": [{"id": "NGINX:CVE-2009-3555", "type": "nginx", "title": "The renegotiation vulnerability in SSL protocol", "description": "The renegotiation vulnerability in SSL protocol\nSeverity: major\nCVE-2009-3555\nNot vulnerable: 0.8.23+, 0.7.64+\nVulnerable: 0.1.0-0.8.22", "published": "2009-11-09T12:30:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://nginx.org/en/security_advisories.html", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-26T17:22:32"}], "exploitdb": [{"id": "EDB-ID:10071", "type": "exploitdb", "title": "Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability", "description": "Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability. CVE-2009-3555. Remote exploits for multiple platform", "published": "2009-11-10T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/10071/", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-02-01T11:51:16"}, {"id": "EDB-ID:10579", "type": "exploitdb", "title": "TLS Renegotiation Vulnerability PoC", "description": "TLS Renegotiation Vulnerability PoC Exploit. CVE-2009-3555. Remote exploits for multiple platform", "published": "2009-12-21T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/10579/", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-02-01T12:46:47"}], "packetstorm": [{"id": "PACKETSTORM:84112", "type": "packetstorm", "title": "TLS Renegotiation Exploit", "description": "", "published": "2009-12-21T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/84112/TLS-Renegotiation-Exploit.html", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-12-05T22:15:34"}], "suse": [{"id": "SUSE-SA:2009:057", "type": "suse", "title": "man-in-the-middle attack in openssl", "description": "The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.\n#### Solution\nThere is no work-around known. Please install the update. Moblin packages will be released later.", "published": "2009-11-18T09:50:39", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-04T12:25:49"}, {"id": "SUSE-SA:2010:020", "type": "suse", "title": "remote denial of service, man in the middle in openssl", "description": "The openSSL library was updated to add support for the new RFC5746 TLS renegotiation feature to address vulnerabilities tracked as CVE-2009-3555, backported from openssl 0.9.8m.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2010-04-06T16:55:06", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00000.html", "cvelist": ["CVE-2009-3245", "CVE-2009-3555"], "lastseen": "2016-09-04T11:30:36"}], "slackware": [{"id": "SSA-2009-320-01", "type": "slackware", "title": "openssl", "description": "New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/openssl-0.9.8k-i486-3_slack13.0.txz: Rebuilt.\n Patched to disable SSL renegotiation.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n (* Security fix *)\npatches/packages/openssl-solibs-0.9.8k-i486-3_slack13.0.txz: Rebuilt.\n Patched to disable SSL renegotiation.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-4_slack11.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack11.0.tgz\n\nUpdated packages for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-4_slack12.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.0.tgz\n\nUpdated packages for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8h-i486-4_slack12.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.1.tgz\n\nUpdated packages for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8i-i486-4_slack12.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8i-i486-4_slack12.2.tgz\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8k-i486-3_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8k-i486-3_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8k-x86_64-3_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8k-x86_64-3_slack13.0.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8l-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8l-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-0.9.8l-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-0.9.8l-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 packages:\n662fa4e1a24aba53e5a05850b27d5c16 openssl-0.9.8h-i486-4_slack11.0.tgz\nb08b28f848b64df600a958268dd6a350 openssl-solibs-0.9.8h-i486-4_slack11.0.tgz\n\nSlackware 12.0 packages:\n6cdad3839394c5d81f56b7812f38e1d2 openssl-0.9.8h-i486-4_slack12.0.tgz\ncd44b602ada795dd60c2e0a5b113a235 openssl-solibs-0.9.8h-i486-4_slack12.0.tgz\n\nSlackware 12.1 packages:\nf07db73dcfc7d0f09796199591805685 openssl-0.9.8h-i486-4_slack12.1.tgz\n8ad915a9a85bf049da8593f3966fa155 openssl-solibs-0.9.8h-i486-4_slack12.1.tgz\n\nSlackware 12.2 packages:\n71e904cdd763254146c3d17cb67dabd9 openssl-0.9.8i-i486-4_slack12.2.tgz\n3350b268966c39f884df46b839cbc216 openssl-solibs-0.9.8i-i486-4_slack12.2.tgz\n\nSlackware 13.0 packages:\nbf569bd9e2b6f6d12feb9926a2f4228c openssl-0.9.8k-i486-3_slack13.0.txz\ne9042a6460ee448bcb32dee4f090be74 openssl-solibs-0.9.8k-i486-3_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n068a889c7120f569be44e7ffde9169d1 openssl-0.9.8k-x86_64-3_slack13.0.txz\n7602b43d1e51a121e1f4a33919be48bf openssl-solibs-0.9.8k-x86_64-3_slack13.0.txz\n\nSlackware -current packages:\n98f992b68c19070a6edeb0d4a6a0f559 openssl-solibs-0.9.8l-i486-1.txz\n\nSlackware x86_64 -current packages:\nc62ac6d683a8ed6f94da8c7555810d81 openssl-solibs-0.9.8l-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-0.9.8k-i486-3_slack13.0.txz openssl-solibs-0.9.8k-i486-3_slack13.0.txz", "published": "2009-11-16T13:42:36", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-09-07T19:54:49"}, {"id": "SSA-2010-067-01", "type": "slackware", "title": "httpd", "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix security issues.\n\nmod_ssl: A partial fix for the TLS renegotiation prefix injection attack\n by rejecting any client-initiated renegotiations.\n\nmod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent\n when request headers indicate a request body is incoming; not a case of\n HTTP_INTERNAL_SERVER_ERROR.\n\nmod_isapi: Do not unload an isapi .dll module until the request processing\n is completed, avoiding orphaned callback pointers.\n [This is the most serious flaw, but does not affect Linux systems]\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/httpd-2.2.15-i486-1_slack13.0.txz: Upgraded.\n This update addresses a few security issues.\n mod_ssl: A partial fix for the TLS renegotiation prefix injection attack\n by rejecting any client-initiated renegotiations.\n mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent\n when request headers indicate a request body is incoming; not a case of\n HTTP_INTERNAL_SERVER_ERROR.\n mod_isapi: Do not unload an isapi .dll module until the request processing\n is completed, avoiding orphaned callback pointers.\n [This is the most serious flaw, but does not affect Linux systems]\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.15-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.15-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.15-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.15-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.15-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.15-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.15-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n16cec75d359c8ce94cf363a8ba5ca5aa httpd-2.2.15-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n1dedbfa17735c9d61ab552b6d6a4c452 httpd-2.2.15-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nfa725cd74a40c4e647f6dbc0af7760fc httpd-2.2.15-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n768cb6af77170bb51c9303dc87b17138 httpd-2.2.15-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n96be84be6907b5f370a815c874bb7a80 httpd-2.2.15-x86_64-1_slack13.0.txz\n\nSlackware -current package:\n6aac4a1e47c8292634cfcfcadfd81a1c httpd-2.2.15-i486-1.txz\n\nSlackware x86_64 -current package:\necdc430b9b3901e8138cf83a7e41fe09 httpd-2.2.15-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg httpd-2.2.15-x86_64-1_slack13.0.txz\n\nThen, restart apache httpd:\n > sh /etc/rc.d/rc.httpd stop\n > sh /etc/rc.d/rc.httpd start\n\nNote that using the "restart" option might not work, as the parent httpd\nprocess continues to run and may be unable to load the new httpd modules.\nTherefore, using "stop" and then "start" is recommended.", "published": "2010-03-08T14:39:33", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.565682", "cvelist": ["CVE-2010-0425", "CVE-2010-0408", "CVE-2009-3555"], "lastseen": "2016-09-07T19:54:46"}], "seebug": [{"id": "SSV-67231", "type": "seebug", "title": "TLS Renegotiation Vulnerability PoC", "description": "Summary: \nTransport Layer Security Protocol TLS is to ensure that the Internet communication application and its user's privacy Protocol.< br/>Apache HTTP Server 2.2.14 and earlier version, OpenSSL 0.9.8 l before version, GnuTLS 2.8.5 and prior versions, Mozilla Network Security Services (NSS) 3.12.4 and earlier version, multiple Cisco products, and other products of the TLS Protocol and SSL Protocol in the presence of session negotiation in plaintext injection vulnerability. Since the TLS Protocol and SSL Protocol implementation module is not appropriate will then negotiate with the existing connection Association, MiTM attacker can send an unauthenticated request, the data is injected into the TLS and SSL Protocol to protect the HTTP session and the other type of session.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-67231", "cvelist": ["CVE-2009-3555"], "lastseen": "2016-07-29T08:23:19"}], "vulnerlab": [{"id": "VULNERLAB:967", "type": "vulnerlab", "title": "Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability", "description": "Since Seamonkey is using Mozilla Thunderbird at the backend for its mail client, It is prone to the same Persistent vulnerability \r\nthat i had reported earlier to Mozilla Security Team. \r\n\r\nI will include the details again in this advisory for your reference and ease. \r\n\r\nBasically , attaching a debugger with the seamonkey binary file, it was initially noticed that malicious java-script tags were being \r\nfiltered / blocked. By default, HTML tags like <script> and <iframe> are blocked in Seamonkey and get filtered immediately upon \r\ninsertion however, While drafting a new email message, attackers can easily bypass the current input filters by encoding their \r\npayloads with base64 encryption and using the <object> tag and insert malicious scripts / code eg. (script / frame) within the \r\nemails and send it to the victims. The exploit gets triggered once the victim decides to reply back and clicks on the `Reply` or `Forward` Buttons.\r\n\r\nAfter successfully bypassing the input filters, an attacker can inject persistent script code while writing a new email and send \r\nit to victims. Interestingly the payload gets filtered during the initial viewing mode however if the victim clicks on Reply or \r\nForward, the exploit gets executed successfully. For a POC i will be including multiple examples in this advisory for your review. \r\nI was able to run multiple scripts generating strange behaviour on the application which can be seen in the debugging errors \r\nwhich I have attached along with this report.\r\n\r\nThese sort of vulnerabilities can result in multiple attack vectors on the client end which may eventually result in complete \r\ncompromise of the end user system. The persistent code injection vulnerability is located within the main application. Exploitation \r\nof this persistent application vulnerability requires a low or medium user interaction. Successful exploitation of the vulnerability \r\nmay result in malicious script code being executed in the victims browser resulting in script code injection, persistent phishing, \r\nClient side redirects and similar client side attacks.", "published": "2014-01-29T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.vulnerability-lab.com/get_content.php?id=967", "cvelist": ["CVE-2013-6674", "CVE-2009-3555"], "lastseen": "2016-01-31T10:33:18"}], "debian": [{"id": "DSA-2141", "type": "debian", "title": "openssl -- SSL/TLS insecure renegotiation protocol design flaw", "description": "DSA-2141 consists of three individual parts, which can be viewed in the mailing list archive: [DSA 2141-1](<https://lists.debian.org/debian-security-announce/2011/msg00001.html>) (openssl), [DSA 2141-2](<https://lists.debian.org/debian-security-announce/2011/msg00002.html>) (nss), [DSA 2141-3](<https://lists.debian.org/debian-security-announce/2011/msg00003.html>) (apache2), and [DSA 2141-4](<https://lists.debian.org/debian-security-announce/2011/msg00006.html>) (lighttpd). This page only covers the first part, openssl.\n\n * [CVE-2009-3555](<https://security-tracker.debian.org/tracker/CVE-2009-3555>)\n\nMarsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue.\n\nIf openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation.\n\nThis version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable.\n\nCurrently we are not aware of other software with similar compatibility problems.\n\n * [CVE-2010-4180](<https://security-tracker.debian.org/tracker/CVE-2010-4180>)\n\nIn addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite.\n\nFor the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny11.\n\nFor the unstable distribution (sid), and the testing distribution (squeeze), this problem has been fixed in version 0.9.8o-4.\n\nWe recommend that you upgrade your openssl package.\n\nFurther information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: [https://www.debian.org/security/](<../../security/>)", "published": "2011-01-06T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2141", "cvelist": ["CVE-2010-4180", "CVE-2009-3555"], "lastseen": "2016-09-02T18:31:11"}, {"id": "DSA-2626", "type": "debian", "title": "lighttpd -- several issues", "description": "Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd.\n\n * [CVE-2009-3555](<https://security-tracker.debian.org/tracker/CVE-2009-3555>)\n\nMarsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions. This issue is solved in lighttpd by disabling client initiated renegotiation by default. \n\nThose users that do actually need such renegotiations, can reenable them via the new ssl.disable-client-renegotiation parameter.\n\n * [CVE-2012-4929](<https://security-tracker.debian.org/tracker/CVE-2012-4929>)\n\nJuliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed CRIME, allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update disables compression.\n\nFor the stable distribution (squeeze), these problems have been fixed in version 1.4.28-2+squeeze1.2.\n\nFor the testing distribution (wheezy), and the unstable distribution (sid) these problems have been fixed in version 1.4.30-1.\n\nWe recommend that you upgrade your lighttpd packages.", "published": "2013-02-17T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2626", "cvelist": ["CVE-2012-4929", "CVE-2009-3555"], "lastseen": "2016-09-02T18:27:57"}, {"id": "DSA-1934", "type": "debian", "title": "apache2 -- multiple issues", "description": "A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. [CVE-2009-3555](<https://security-tracker.debian.org/tracker/CVE-2009-3555>) has been assigned to this vulnerability.\n\nAs a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use.\n\nNOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate):\n\n * The \"SSLVerifyClient\" directive is used in a Directory or Location context.\n * The \"SSLCipherSuite\" directive is used in a Directory or Location context.\n\nAs a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level.\n\nA complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue.\n\nIn addition, this update fixes the following issues in Apache's mod_proxy_ftp:\n\n * [CVE-2009-3094](<https://security-tracker.debian.org/tracker/CVE-2009-3094>)\n\nInsufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.\n\n * [CVE-2009-3095](<https://security-tracker.debian.org/tracker/CVE-2009-3095>)\n\nInsufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server.\n\nThe oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11.\n\nFor the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release (Debian 5.0.4).\n\nFor the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed in version 2.2.14-2.\n\nThis advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages.\n\nUpdated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available.\n\nWe recommend that you upgrade your apache2 and apache2-mpm-itk packages.", "published": "2009-11-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1934", "cvelist": ["CVE-2009-3094", "CVE-2009-3555", "CVE-2009-3095"], "lastseen": "2016-09-02T18:24:26"}], "gentoo": [{"id": "GLSA-201110-05", "type": "gentoo", "title": "GnuTLS: Multiple vulnerabilities", "description": "### Background\n\nGnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. \n\n### Description\n\nMultiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority or to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, allowing for further exploitation. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GnuTLS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/gnutls-2.10.0\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 6, 2010. It is likely that your system is already no longer affected by this issue.", "published": "2011-10-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201110-05", "cvelist": ["CVE-2009-2730", "CVE-2009-3555"], "lastseen": "2016-09-06T19:46:23"}, {"id": "GLSA-201311-13", "type": "gentoo", "title": "OpenVPN: Multiple vulnerabilities", "description": "### Background\n\nOpenVPN is a multi-platform, full-featured SSL VPN solution. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to recover plaintext from an encrypted communication. Another vulnerability could allow remote attacker perform a Man-in-the-Middle attack. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenVPN users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/openvpn-2.3.1\"", "published": "2013-11-20T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201311-13", "cvelist": ["CVE-2013-2061", "CVE-2009-3555"], "lastseen": "2016-09-06T19:46:57"}]}}