The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

security announce CVE-2009-3555

TLS, OpenSSL, GnuTLS: vulnerability of the renegotiation

Synthesis of the vulnerability

A remote attacker can use a vulnerability of TLS in order to insert plain text data during a renegotiation via a man-in-the-middle attack.
Severity of this announce: 2/4.
Creation date: 10/11/2009.
Références of this computer vulnerability: 1021653, 111046, 273029, 273350, 274990, 6898371, 6898539, 6898546, 6899486, 6899619, 6900117, 977377, AID-020810, BID-36935, c01945686, c01963123, c02079216, CERTA-2011-ALE-005, CERTFR-2017-AVI-392, CERTFR-2019-AVI-325, cisco-sa-20091109-tls, CTX123248, CTX123359, CVE-2009-3555, DSA-1934-1, DSA-2141-1, DSA-2141-2, DSA-2141-4, DSA-2626-1, DSA-3253-1, FEDORA-2009-12229, FEDORA-2009-12305, FEDORA-2009-12606, FEDORA-2009-12750, FEDORA-2009-12775, FEDORA-2009-12782, FEDORA-2009-12968, FEDORA-2009-13236, FEDORA-2009-13250, FEDORA-2010-1127, FEDORA-2010-3905, FEDORA-2010-3929, FEDORA-2010-3956, FEDORA-2010-5357, FEDORA-2010-8742, FEDORA-2010-9487, FEDORA-2010-9518, FG-IR-17-137, FreeBSD-SA-09:15.ssl, HPSBUX02482, HPSBUX02498, HPSBUX02517, JSA10939, KB25966, MDVSA-2009:295, MDVSA-2009:323, MDVSA-2009:337, MDVSA-2010:069, MDVSA-2010:076, MDVSA-2010:076-1, MDVSA-2010:089, MDVSA-2013:019, NetBSD-SA2010-002, openSUSE-SU-2010:1025-1, openSUSE-SU-2010:1025-2, openSUSE-SU-2011:0845-1, PM04482, PM04483, PM04534, PM04544, PM06400, PSN-2011-06-290, PSN-2012-11-767, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0119-01, RHSA-2010:0130-01, RHSA-2010:0155-01, RHSA-2010:0162-01, RHSA-2010:0163-01, RHSA-2010:0164-01, RHSA-2010:0165-01, RHSA-2010:0166-01, RHSA-2010:0167-01, SOL10737, SSA:2009-320-01, SSA:2010-067-01, SSRT090249, SSRT090264, SSRT100058, SUSE-SA:2009:057, SUSE-SA:2010:020, SUSE-SR:2010:008, SUSE-SR:2010:012, SUSE-SR:2011:008, SUSE-SU-2011:0847-1, TLSA-2009-30, TLSA-2009-32, VIGILANCE-VUL-9181, VMSA-2010-0015, VMSA-2010-0015.1, VMSA-2010-0019, VMSA-2010-0019.1, VMSA-2010-0019.2, VMSA-2010-0019.3, VU#120541.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Transport Layer Security (TLS) is a cryptographic protocol for network transport.

When opening a connection using TLS, a negotiation mechanism allows the client and server to agree on the encryption algorithm to use.

The protocol allows for renegotiation at any time during the connection. However, the handling of those renegotiations has a vulnerability.

A remote attacker can therefore exploit this vulnerability in order to insert plain text data via a man-in-the-middle attack.
Full Vigil@nce bulletin... (Free trial)

This threat impacts software or systems such as Apache httpd, ArubaOS, BES, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco CSS, IOS by Cisco, IOS XR Cisco, IronPort Email, IronPort Management, Cisco Router, Secure ACS, Cisco CallManager, Cisco CUCM, Cisco IP Phone, WebNS, XenApp, XenDesktop, XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, FortiOS, FreeBSD, HP-UX, AIX, WebSphere AS Traditional, IVE OS, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, Mandriva Linux, Mandriva NF, IIS, Windows 2000, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, NSS, NetBSD, NetScreen Firewall, ScreenOS, NLD, OES, OpenBSD, OpenSolaris, OpenSSL, openSUSE, Oracle Directory Server, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Trusted Solaris, ProFTPD, SSL protocol, RHEL, Slackware, Sun AS, SUSE Linux Enterprise Desktop, SLES, TurboLinux, Unix (platform) ~ not comprehensive, ESX.

Our Vigil@nce team determined that the severity of this computer threat is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a specialist ability can exploit this cybersecurity bulletin.

Solutions for this threat

OpenSSL: version 0.9.8l.
Version 0.9.8l is corrected (the TLS renegotiation is disabled):
  http://www.openssl.org/source/

OpenSSL: patch.
A patch is available in information sources.

NSS: version 3.12.5.
Version 3.12.5 is corrected:
  https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_5_RTM/src/

Apache httpd: version 2.0.64.
The version 2.0.64 is corrected:
  http://httpd.apache.org/download.cgi

GnuTLS: temporary patch.
A not tested/verified patch is available:
  http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3944

AIX: patch for OpenSSL.
A patch is available:
  https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp
    openssl.0.9.8.1102.tar.Z
    openssl-fips.12.9.8.1102.tar.Z
    openssl.0.9.8.805.tar.Z

Apache httpd: patch for mod_ssl.
A patch is available (the TLS renegotiation is disabled).

ArubaOS: corrected versions.
Following version is corrected:
  2.5.6.24
  3.3.2.23
  3.3.3.2
  3.4.0.7
  3.4.1.1
  RN 3.1.4
The Aruba announce indicates workarounds.

BlackBerry Enterprise Server: patch for Apache Tomcat.
A patch is available:
  http://www.blackberry.com/go/serverdownloads
  Interim Security Software Update 12/04/2011

Blue Coat: solution for TLS renegotiation.
Blue Coat will propose a solution.

Cisco: solution for TLS renegotiation.
The Cisco announce indicates vulnerable products and their solutions.

Citrix Online Plug-ins: corrected version.
The following version is corrected:
  Citrix Online Plug-in for Windows: version 11.0.150 or 11.2
  Citrix Online Plug-in for Mac: version 11.0
  Citrix Receiver for iPhone: version 1.0.3

Citrix: solution for TLS renegotiation.
The solution is indicated in information sources.

Debian: new apache2 packages.
New packages are available:
Debian GNU/Linux 4.0 alias etch (oldstable):
  http://security.debian.org/pool/updates/main/a/apache2/apache2*_2.2.3-4+etch11_*.deb
Debian GNU/Linux 5.0 alias lenny (stable):
  http://security.debian.org/pool/updates/main/a/apache2/apache2*_2.2.9-10+lenny6_*.deb

Debian: new apache2 packages.
New packages are available:
  apache2 2.2.9-10+lenny9

Debian: new lighttpd packages (13/01/2011).
New packages are available:
  lighttpd 1.4.19-5+lenny2

Debian: new lighttpd packages (18/02/2013).
New packages are available:
  lighttpd 1.4.28-2+squeeze1.2

Debian: new nss packages.
New packages are available:
  nss 3.12.3.1-0lenny3

Debian: new openssl packages.
New packages are available:
  openssl 0.9.8g-15+lenny11

Debian: new pound packages.
New packages are available:
  Debian 7: pound 2.6-2+deb7u1
  Debian 8: pound 2.6-6+deb8u1

F5 BIG-IP: solution for TLS renegotiation.
The F5 announce indicates vulnerable products and their solutions.

Fedora 11: new openssl packages.
New packages are available:
  openssl-0.9.8n-1.fc11

Fedora 12: new httpd packages.
New packages are available:
  httpd-2.2.14-1.fc12

Fedora 12: new nss-util packages.
New packages are available:
  nss-util-3.12.5-1.fc12.1

Fedora 12: new openssl packages.
New packages are available:
  openssl-1.0.0-4.fc12

Fedora: new gnutls packages.
New packages are available:
  gnutls-2.8.6-2.fc12
  gnutls-2.8.6-2.fc13

Fedora: new nginx packages.
New packages are available:
  nginx-0.7.64-1.fc10
  nginx-0.7.64-1.fc11
  nginx-0.7.64-1.fc12

Fedora: new nss 3.12.5 packages.
New packages are available:
  nss-3.12.5-8.fc12

Fedora: new nss 3.12.6 packages.
New packages are available:
  nss-3.12.6-1.2.fc11
  nss-3.12.6-1.2.fc12
  nss-3.12.6-1.2.fc13

Fedora: new proftpd packages.
New packages are available:
  proftpd-1.3.2c-1.fc11
  proftpd-1.3.2c-1.fc12

Fedora: new tomcat-native packages.
New packages are available:
  tomcat-native-1.1.18-1.fc11
  tomcat-native-1.1.18-1.fc12

FortiOS: fixed versions for SSL Renegotiation.
Fixed versions are indicated in information sources.

FreeBSD: patch for ssl.
A patch is available:
# fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch
# fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch.asc

HP-UX: Apache B.2.0.59.13.
Version Apache B.2.0.59.13 is corrected.

HP-UX: OpenSSL version A.00.09.08n.
A new version is available:
HP-UX B.11.11 : revision A.00.09.08n.001
HP-UX B.11.23 : revision A.00.09.08n.002
HP-UX B.11.31 : revision A.00.09.08n.003

HP-UX: patch for OpenSSL.
A patch is available:
http://software.hp.com/
  HP-UX B.11.11 : OpenSSL_A.00.09.08l.001_HP-UX_B.11.11_32+64.depot
  HP-UX B.11.23 : OpenSSL_A.00.09.08l.002_HP-UX_B.11.23_IA-PA.depot
  HP-UX B.11.31 : OpenSSL_A.00.09.08l.003_HP-UX_B.11.31_IA-PA.depot

Juniper: corrected versions for TLS renegotiation.
The Following versions are corrected:
  IDPOS: 5.1R1
  IVEOS: 7.1R1
  UAC: 4.1R1
  JUNOS: 11.1R1
  ScreenOS: 5.4r18, 6.2r7, 6.3r4
  AAA SBR EE/GE: 6.16
  AAA SBR Carrier: 7.2.4, 7.3.0

Juniper NSM, NSMXpress: versions 2010.3s7, 2011.4s4, 2012.1.
Versions 2010.3s7, 2011.4s4 and 2012.1 are fixed:
  http://www.juniper.net/support/products/nsm/2012.1/

Mandriva 2008.0: new apache packages.
New packages are available:
  apache-2.2.6-8.3mdv2008.0

Mandriva C4: new gnutls packages.
New packages are available:
  gnutls-1.0.25-2.6.20060mlcs4

Mandriva: new apache packages.
New packages are available:
Mandriva Linux 2009.0:
apache-2.2.9-12.5mdv2009.0
Mandriva Linux 2009.1:
apache-2.2.11-10.6mdv2009.1
Mandriva Linux 2010.0:
apache-2.2.14-1.1mdv2010.0
Corporate 3.0:
apache2-2.0.48-6.24.C30mdk
Corporate 4.0:
apache-2.2.3-1.9.20060mlcs4
Mandriva Enterprise Server 5:
apache-2.2.9-12.5mdvmes5
Multi Network Firewall 2.0:
apache2-2.0.48-6.24.C30mdk

Mandriva: new gnutls packages.
New packages are available:
  gnutls-2.4.1-2.8mdvmes5.2

Mandriva: new nss packages.
New packages are available:
Mandriva Linux 2008.0:
  nspr-4.8.4-0.1mdv2008.0
  nss-3.12.6-0.1mdv2008.0
Mandriva Linux 2009.0:
  nspr-4.8.4-0.1mdv2009.0
  nss-3.12.6-0.1mdv2009.0
Mandriva Linux 2009.1:
  nspr-4.8.4-0.1mdv2009.1
  nss-3.12.6-0.1mdv2009.1
Mandriva Linux 2010.0:
  nspr-4.8.4-0.1mdv2010.0
  nss-3.12.6-0.1mdv2010.0
Mandriva Enterprise Server 5:
  nspr-4.8.4-0.1mdvmes5.1
  nss-3.12.6-0.1mdvmes5

Mandriva: new openssl packages.
New packages are available:
  Mandriva Linux 2008.0: openssl-0.9.8e-8.6mdv2008.0
  Mandriva Linux 2009.0: openssl-0.9.8h-3.7mdv2009.0
  Mandriva Linux 2009.1: openssl-0.9.8k-1.5mdv2009.1
  Mandriva Linux 2010.0: openssl-0.9.8k-5.2mdv2010.0
  Corporate 4.0: openssl-0.9.7g-2.12.20060mlcs4
  Mandriva Enterprise Server 5: openssl-0.9.8h-3.7mdv2009.0
  Multi Network Firewall 2.0: openssl-0.9.7c-3.13.C30mdk

Mandriva: new proftpd packages.
New packages are available:
Mandriva Linux 2008.0: proftpd-1.3.2-0.3mdv2008.0
Mandriva Linux 2009.0: proftpd-1.3.2-0.4mdv2009.0
Mandriva Linux 2009.1: proftpd-1.3.2-4.3mdv2009.1
Mandriva Linux 2010.0: proftpd-1.3.2b-1.2mdv2010.0
Corporate 4.0: proftpd-1.3.2-0.4.20060mlcs4
Mandriva Enterprise Server 5: proftpd-1.3.2-0.4mdvmes5

NetBSD: patch for TLS.
A patch is available in information sources.

OpenBSD: patch for openssl.
A patch is available:
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/010_openssl.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/004_openssl.patch

openSUSE: new gnutls packages (07/12/2010).
New packages are available:
  openSUSE 11.1 : gnutls-2.4.1-24.8.1
  openSUSE 11.2 : gnutls-2.4.1-26.6.1
  openSUSE 11.3 : gnutls-2.8.6-2.3.1

openSUSE: new gnutls packages (23/12/2010).
New packages are available:
  openSUSE 11.1 : gnutls-2.4.1-24.10.1
  openSUSE 11.2 : gnutls-2.4.1-26.8.1
  openSUSE 11.3 : gnutls-2.8.6-2.5.1

ProFTPD: version 1.3.2c.
Version 1.3.2c contains a workaround, if the underlying TLS library is not corrected:
  ftp://ftp.proftpd.org/distrib/source

RHEL 3, 4: new openssl packages.
New packages are available:
Red Hat Enterprise Linux version 3: openssl-0.9.7a-33.26
Red Hat Enterprise Linux version 4: openssl-0.9.7a-43.17.el4_8.5

RHEL 3, 5: new httpd packages.
New packages are available:
Red Hat Enterprise Linux version 3: httpd-2.0.46-77.ent
Red Hat Enterprise Linux version 5: httpd-2.2.3-31.el5_4.2

RHEL 3E, 4E, 5S: new java-1.4.2-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 3 Extras: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3
Red Hat Enterprise Linux version 4 Extras: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4
Red Hat Enterprise Linux version 5 Supplementary: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5

RHEL 4, 5, JBoss EWS: new httpd packages.
New packages are available:
JBoss Enterprise Web Server 1.0.0 for RHEL 4 :
  httpd22-2.2.10-25.1.ep5.el4
JBoss Enterprise Web Server 1.0.0 for RHEL 5 :
  httpd-2.2.10-11.ep5.el5

RHEL 4, 5: new JBoss Enterprise Web Server packages.
New packages are available, as indicated in information sources.

RHEL 4, 5: new nss packages.
New packages are available:
Red Hat Enterprise Linux version 4:
  nspr-4.8.4-1.1.el4_8
  nss-3.12.6-1.el4_8
Red Hat Enterprise Linux version 5:
  nspr-4.8.4-1.el5_4
  nss-3.12.6-1.el5_4

RHEL 4E, 5S: new java-1.5.0-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras:
  java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4
Red Hat Enterprise Linux version 5 Supplementary:
  java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5

RHEL 4: new gnutls packages.
New packages are available:
Red Hat Enterprise Linux version 4: gnutls-1.0.20-4.el4_8.7

RHEL 4: new httpd packages.
New packages are available:
Red Hat Enterprise Linux version 4: httpd-2.0.52-41.ent.6

RHEL 5: new gnutls packages.
New packages are available:
Red Hat Enterprise Linux 5 : gnutls-1.4.1-3.el5_4.8

RHEL 5: new openssl097a packages.
New packages are available:
Red Hat Enterprise Linux version 5:
  openssl097a-0.9.7a-9.el5_4.2

RHEL 5: new openssl packages.
New packages are available:
Red Hat Enterprise Linux 5 : openssl-0.9.8e-12.el5_4.6

Slackware: new httpd packages.
New packages are available:
Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.15-i486-1_slack12.0.tgz
Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.15-i486-1_slack12.1.tgz
Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.15-i486-1_slack12.2.tgz
Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.15-i486-1_slack13.0.txz
Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.15-x86_64-1_slack13.0.txz

Slackware: new openssl packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-4_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-4_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8h-i486-4_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8i-i486-4_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8k-i486-3_slack13.0.txz

Solaris: patch for Apache.
A patch is available:
OpenSolaris snv_111b :
  6972023
  6937352
  6864797
  6935576
  6936032
  6882208
  6857346
  6841115
  6838652
  6844352

Solaris: patch for NSS.
A patch is available:
SPARC Platform
  Solaris 8 :patch 119209-22
  Solaris 9 : patch 119211-22
  Solaris 10 : patch 119213-21
  OpenSolaris : build snv_130
x86 Platform
  Solaris 9 : patch 119212-22
  Solaris 10 : patch 119214-21
  OpenSolaris : build snv_130

Solaris: temporary SSL patch.
A patch is available:
SPARC Platform
  Solaris 10 : patches 143140-04 + 145102-01
  OpenSolaris : build snv_129
x86 Platform
  Solaris 10 : patch 141525-10
  OpenSolaris : build snv_129

Steel Belted Radius Carrier Edition: versions 8.4R14 and 8.5R5.
Versions 8.4R14 and 8.5R5 are fixed.

Sun: solution for TLS renegotiation.
Updates and patches are available in information sources.

SUSE: new compat-openssl097g packages.
New packages are available, as indicated in information sources.

SUSE: new libtiff packages (03/05/2011).
New packages are available, as indicated in information sources.

SUSE: new openssl packages (06/04/2010).
New packages are available, as indicated in information sources.

SUSE: new openssl packages (8/11/2009).
New packages are available, as indicated in information sources.

SUSE: new packages (07/04/2010).
New packages are available, as indicated in information sources.

SUSE: new packages (25/05/2010).
New packages are available, as indicated in information sources.

Turbolinux: new httpd packages (08/12/2009).
New packages are available:
Turbolinux Appliance Server 3.0, 11 Server, Client 2008
  httpd-2.2.6-16
Turbolinux Appliance Server 2.0, 10 Server:
  httpd-2.0.51-40
Turbolinux FUJI:
  httpd-2.0.54-26

Turbolinux: new openssl packages.
New packages are available:
Turbolinux Client 2008:
  openssl-0.9.8h-4
Turbolinux Appliance Server 3.0, 11 Server:
  openssl-0.9.8e-7
Turbolinux FUJI:
  openssl-0.9.8-15
Turbolinux Appliance Server 2.0, 10 Server:
  openssl-0.9.7d-17

VMware ESX 4: patch for Service Console.
A patch is available:
ESX 4.0 :
  http://bit.ly/adhjEu
  http://kb.vmware.com/kb/1025321
ESX 4.1 :
  http://bit.ly/a3Ffw8
  http://kb.vmware.com/kb/1027027

VMware ESX: patch.
A patch is available:
ESX 4.1
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-275-20110420-062017/ESX410-201104001.zip
  http://kb.vmware.com/kb/1035110
ESX 4.0
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574144/ESX400-201103001.zip
  http://kb.vmware.com/kb/1032822
ESX 3.5 :
  http://download3.vmware.com/software/vi/ESX350-201012408-SG.zip
  http://kb.vmware.com/kb/1029999
  http://download3.vmware.com/software/vi/ESX350-201012409-SG.zip
  http://kb.vmware.com/kb/1030000
  http://download3.vmware.com/software/vi/ESX350-201012401-SG.zip
  http://kb.vmware.com/kb/1029993
ESX 3.0.3 :
  http://download3.vmware.com/software/vi/ESX303-201102402-SG.zip
  http://kb.vmware.com/kb/1031238

WebSphere AS: patch for TLS/SSL.
A patch is available in information sources.

Windows, IIS: workaround for TLS renegotiation.
The Microsoft announce lists impacted products and workarounds.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.