CVE-2009-3555

Properties

Published:
08.11.2009
Updated:
31.03.2010
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
Product:
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls
gnu: gnutls

Vulnerability description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

References:

CERT-VN: http://www.kb.cert.org/vuls/id/120541
BID: http://www.securityfocus.com/bid/36935
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
MISC: https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
MISC: https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=533125
MISC: https://bugzilla.mozilla.org/show_bug.cgi?id=526689
XF: http://xforce.iss.net/xforce/xfdb/54158
VUPEN: http://www.vupen.com/english/advisories/2010/0173
VUPEN: http://www.vupen.com/english/advisories/2010/0086
VUPEN: http://www.vupen.com/english/advisories/2009/3587
VUPEN: http://www.vupen.com/english/advisories/2009/3521
VUPEN: http://www.vupen.com/english/advisories/2009/3484
VUPEN: http://www.vupen.com/english/advisories/2009/3354
VUPEN: http://www.vupen.com/english/advisories/2009/3353
VUPEN: http://www.vupen.com/english/advisories/2009/3220
VUPEN: http://www.vupen.com/english/advisories/2009/3205
VUPEN: http://www.vupen.com/english/advisories/2009/3165
VUPEN: http://www.vupen.com/english/advisories/2009/3164
MISC: http://www.tombom.co.uk/blog/?p=85
SECTRACK: http://www.securitytracker.com/id?1023428
SECTRACK: http://www.securitytracker.com/id?1023427
SECTRACK: http://www.securitytracker.com/id?1023426
SECTRACK: http://www.securitytracker.com/id?1023411
SECTRACK: http://www.securitytracker.com/id?1023275
SECTRACK: http://www.securitytracker.com/id?1023274
SECTRACK: http://www.securitytracker.com/id?1023273
SECTRACK: http://www.securitytracker.com/id?1023272
SECTRACK: http://www.securitytracker.com/id?1023271
SECTRACK: http://www.securitytracker.com/id?1023270
SECTRACK: http://www.securitytracker.com/id?1023243
SECTRACK: http://www.securitytracker.com/id?1023219
SECTRACK: http://www.securitytracker.com/id?1023218
SECTRACK: http://www.securitytracker.com/id?1023217
SECTRACK: http://www.securitytracker.com/id?1023216
SECTRACK: http://www.securitytracker.com/id?1023215
SECTRACK: http://www.securitytracker.com/id?1023212
SECTRACK: http://www.securitytracker.com/id?1023211
SECTRACK: http://www.securitytracker.com/id?1023210
SECTRACK: http://www.securitytracker.com/id?1023209
SECTRACK: http://www.securitytracker.com/id?1023208
SECTRACK: http://www.securitytracker.com/id?1023207
SECTRACK: http://www.securitytracker.com/id?1023206
SECTRACK: http://www.securitytracker.com/id?1023205
SECTRACK: http://www.securitytracker.com/id?1023204
SECTRACK: http://www.securitytracker.com/id?1023163
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/508130/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/508075/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/507952/100/0/threaded
MISC: http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2010-0167.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2010-0155.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2010-0119.html
CONFIRM: http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
MLIST: http://www.openwall.com/lists/oss-security/2009/11/23/10
MLIST: http://www.openwall.com/lists/oss-security/2009/11/20/1
MLIST: http://www.openwall.com/lists/oss-security/2009/11/07/3
MLIST: http://www.openwall.com/lists/oss-security/2009/11/06/3
MLIST: http://www.openwall.com/lists/oss-security/2009/11/05/5
MLIST: http://www.openwall.com/lists/oss-security/2009/11/05/3
MISC: http://www.links.org/?p=789
MISC: http://www.links.org/?p=786
MISC: http://www.links.org/?p=780
CONFIRM: http://www.ingate.com/Relnote.php?ver=481
MLIST: http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
MLIST: http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
MISC: http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
DEBIAN: http://www.debian.org/security/2009/dsa-1934
CISCO: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
MISC: http://www.betanews.com/article/1257452450
CONFIRM: http://www.arubanetworks.com/support/alerts/aid-020810.txt
AIXAPAR: http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
CONFIRM: http://www-01.ibm.com/support/docview.wss?uid=swg24025312
CONFIRM: http://wiki.rpath.com/Advisories:rPSA-2009-0155
CONFIRM: http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
CONFIRM: http://sysoev.ru/nginx/patch.cve-2009-3555.txt
CONFIRM: http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
CONFIRM: http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
CONFIRM: http://support.citrix.com/article/CTX123359
CONFIRM: http://support.avaya.com/css/P8/documents/100070150
CONFIRM: http://support.apple.com/kb/HT4004
SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
SECTRACK: http://securitytracker.com/id?1023148
GENTOO: http://security.gentoo.org/glsa/glsa-200912-01.xml
SECUNIA: http://secunia.com/advisories/38687
SECUNIA: http://secunia.com/advisories/38484
SECUNIA: http://secunia.com/advisories/38241
SECUNIA: http://secunia.com/advisories/38056
SECUNIA: http://secunia.com/advisories/38020
SECUNIA: http://secunia.com/advisories/38003
SECUNIA: http://secunia.com/advisories/37859
SECUNIA: http://secunia.com/advisories/37675
SECUNIA: http://secunia.com/advisories/37656
SECUNIA: http://secunia.com/advisories/37640
SECUNIA: http://secunia.com/advisories/37604
SECUNIA: http://secunia.com/advisories/37504
SECUNIA: http://secunia.com/advisories/37501
SECUNIA: http://secunia.com/advisories/37320
SECUNIA: http://secunia.com/advisories/37292
SECUNIA: http://secunia.com/advisories/37291
FULLDISC: http://seclists.org/fulldisclosure/2009/Nov/139
OSVDB: http://osvdb.org/62210
OSVDB: http://osvdb.org/60972
OSVDB: http://osvdb.org/60521
OPENBSD: http://openbsd.org/errata46.html#004_openssl
OPENBSD: http://openbsd.org/errata45.html#010_openssl
MLIST: http://marc.info/?l=cryptography&m=125752275331877&w=2
MLIST: http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
SUSE: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
MLIST: http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
APPLE: http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
CONFIRM: http://kbase.redhat.com/faq/docs/DOC-20491
HP: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
HP: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
MISC: http://extendedsubset.com/Renegotiating_TLS.pdf
MISC: http://extendedsubset.com/?p=8
MISC: http://clicky.me/tlsvuln
CONFIRM: http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
MISC: http://blogs.iss.net/archive/sslmitmiscsrf.html
MISC: http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html