Újabb információk láttak napvilágot az SSLv3 / TLS opció újraegyeztetési hibáról. Érdemes teljes rendszerben gondolkodni, pl. SSL load balancer használata esetén hiába frissíti valaki a szervert, a load balancer és a kliens közbeni útvonal továbbra is támadható. A hibákra már exploit-ok is megjelentek, sőt elérhető már egy draft RFC is, ami a protokoll hibát zárná le (a jelenlegi workaround az, hogy egy az egyben tiltják az opció újraegyeztetést).
--- Begin Message ---Dear List, I updated the whitepaper with a lot of new information, some leveraging the vulnerability in other ways that certainly increase the effectiveness and impact of this vulnerability. A brief warning to those that think they are safe because they don't accept client-side renegotiations (server + openssl). I came across major websites where the SSL loadbalancer in front of the HTTPS servers were vulnerable. Although the servers were patched it still was possible to perform the attacks (The loadbalancer merged both sessions and handed them as one to the webserver) Updates : -------- - Added a simple s_client testcase - Analysis of FTPS (vendors are encouraged to assess) - HTTPS : Injecting arbritary _responses_ into the stream - HTTPS : Downgrading HTTPS to HTTP and performing an active mitm (Discovered by Frank Heidt but details witheld, rediscovered by Thierry Zoller for this paper) With this new information G-SEC encourages Vendors and customers to reevaluate the impact of this vulnerability on their products. Brief explanations : ^^^^^^^^^^^^^^^^^^^^ HTTPS : Injecting arbritary _responses_ into the stream ------------------------------------------------------- The attacker injects a TRACE command, by doing so the attacker can indirectly control the content that is send from the server to the victim over HTTPS Downgrading HTTPS to HTTP and performing an active mitm ------------------------------------------------------- This attack leverages the known SSLStrip attack to also work on establised SSL connections. SSLstrip had the limitation that it required a user to access over HTTP in order to rewrite the html code to perform active mitm. This attack over the TLS renegotiation vulnerability now allows (if certain conditions are met) to downgrade EXISTING SSL connections to perform an SSLstrip attack. Proof of concept files ^^^^^^^^^^^^^^^^^^^^^^ G-SEC provides 2 proof of concept files : - ssl-trace.c : using TRACE to inject (partialy) arbritary content into the encrypted stream - ssl-302.c : Injecting a GET command to a 302 page redirecting the client to HTTP Whitepaper : http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html POC files : http://www.g-sec.lu/tls-ssl-proof-of-concept.html ------- This paper explains the vulnerability for a broader audience and summarizes the information that is currently available. The document is prone to updates and is believed to be accurate by the time of writing. Post: http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html Direct Download http://clicky.me/tlsvuln Disclaimer Information is believed to be accurate by the time of writing. As this vulnerability has complex implications this document is prone to revisions in the future. Thierry ZOLLER - G-SEC http://www.g-sec.lu Principal Security Consultant
--- End Message ---
--- Begin Message ---BID 36935 ERRATA: The previous trace POC was renamed to 36935-3.c on securityfocus and had a small error in it. It is now fixed and available here. I'd like to ask repositories to update. File available here: http://www.g-sec.lu/ssl-trace-poc.c Original Paper: http://www.g-sec.lu/practicaltls.pdf Regards, Thierry Zoller
--- End Message ---
--- Begin Message ---Information about a vulnerability in the TLS protocol was published in the beginning of November 2009. Attackers can take advantage of that vulnerability to inject arbitrary prefixes into a network connection protected by TLS. This can result in severe vulnerabilities, depending on the application layer protocol used over TLS. RedTeam Pentesting used the Python module "TLS Lite" to develop proof of concept code that exploits this vulnerability. It is published at http://www.redteam-pentesting.de/publications/tls-renegotiation to raise awareness for the vulnerability and its potential impact. Furthermore, it shall give interested persons the opportunity to analyse applications employing TLS for further vulnerabilities. -- RedTeam Pentesting GmbH Tel.: +49 241 963-1300 Dennewartstr. 25-27 Fax : +49 241 963-1304 52068 Aachen http://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. OverbeckAttachment: pgpLjn2B8Joez.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Also, can you change this: "Transport Layer Security (TLS) Renegotiation Indication Extension, IETF draft standard that addresses the vulnerability." To: "Transport Layer Security (TLS) Renegotiation Indication Extension, IETF TLS Working Group draft that addresses the vulnerability." Where "IETF TLS Working Group" is hyperlinked to http://www.ietf.org/dyn/wg/charter/tls-charter.html That would help people who do not have a clue who the IETF or the TLS WG or that both are open standards forums. Thanks, Barry > -----Original Message----- > From: RedTeam Pentesting GmbH [mailto:release@redteam-pentesting.de] > Sent: Monday, December 21, 2009 5:04 AM > To: bugtraq@securityfocus.com > Subject: TLS Renegotiation Vulnerability: Proof of Concept Code > (Python) > > Information about a vulnerability in the TLS protocol was published in > the > beginning of November 2009. Attackers can take advantage of that > vulnerability > to inject arbitrary prefixes into a network connection protected by > TLS. This > can result in severe vulnerabilities, depending on the application > layer > protocol used over TLS. > > RedTeam Pentesting used the Python module "TLS Lite" to develop proof > of concept > code that exploits this vulnerability. It is published at > > http://www.redteam-pentesting.de/publications/tls-renegotiation > > to raise awareness for the vulnerability and its potential impact. > Furthermore, > it shall give interested persons the opportunity to analyse > applications > employing TLS for further vulnerabilities. > > -- > RedTeam Pentesting GmbH Tel.: +49 241 963-1300 > Dennewartstr. 25-27 Fax : +49 241 963-1304 > 52068 Aachen http://www.redteam-pentesting.de/ > Germany Registergericht: Aachen HRB 14004 > Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
--- End Message ---
--- Begin Message ---I created a Camtasia Movie some time ago "exploiting" the vulnerability by injecting "/user/profile/E1/" into the first ssl request to "/" http://www.hacking-lab.com/download/ This can help others to understand the vulnerability. Regards Ivan -----Original Message----- From: Barry Raveendran Greene [mailto:bgreene@senki.org] Sent: Monday, December 21, 2009 9:16 PM To: 'RedTeam Pentesting GmbH'; bugtraq@securityfocus.com Subject: RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python) Also, can you change this: "Transport Layer Security (TLS) Renegotiation Indication Extension, IETF draft standard that addresses the vulnerability." To: "Transport Layer Security (TLS) Renegotiation Indication Extension, IETF TLS Working Group draft that addresses the vulnerability." Where "IETF TLS Working Group" is hyperlinked to http://www.ietf.org/dyn/wg/charter/tls-charter.html That would help people who do not have a clue who the IETF or the TLS WG or that both are open standards forums. Thanks, Barry > -----Original Message----- > From: RedTeam Pentesting GmbH [mailto:release@redteam-pentesting.de] > Sent: Monday, December 21, 2009 5:04 AM > To: bugtraq@securityfocus.com > Subject: TLS Renegotiation Vulnerability: Proof of Concept Code > (Python) > > Information about a vulnerability in the TLS protocol was published in > the > beginning of November 2009. Attackers can take advantage of that > vulnerability > to inject arbitrary prefixes into a network connection protected by > TLS. This > can result in severe vulnerabilities, depending on the application > layer > protocol used over TLS. > > RedTeam Pentesting used the Python module "TLS Lite" to develop proof > of concept > code that exploits this vulnerability. It is published at > > http://www.redteam-pentesting.de/publications/tls-renegotiation > > to raise awareness for the vulnerability and its potential impact. > Furthermore, > it shall give interested persons the opportunity to analyse > applications > employing TLS for further vulnerabilities. > > -- > RedTeam Pentesting GmbH Tel.: +49 241 963-1300 > Dennewartstr. 25-27 Fax : +49 241 963-1304 > 52068 Aachen http://www.redteam-pentesting.de/ > Germany Registergericht: Aachen HRB 14004 > Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
--- End Message ---