Quicklinks: Home | Contact |

Subscribe to the RSS feed in case you are interested in updates

  • Updated 17:50 GMT+1 / 05.2009 - added Mitigation / Impact 
  • Updated 16:40 GMT+1 / 06.2009 - added IETF draft 
  • Updated 14:35 GMT+1 / 07.2009 - added SSLTLS Test Tool 
  • Updated 16:34 GMT+1 / 07.2009 - added OpenSSL patch 
  • Updated 13:00 GMT+1 / 09.2009 - added GNUTLS patch 
  • Updated 19:40 GMT+1 / 09.2009 - added Mikestoolbox.net testing TLS renegotiation support 
  • Updated 21:29 GMT+1 / 09.2009 - added Apache patch, Mozilla Bug ID, Redhat Bug ID, Mozilla patch disabling tls renegotiation, Tomcat mitigation 
  • Updated 21:00 GMT+1 / 12.2009 - added a whitepaper trying to explain the vulnerability and it's implications to a broader audience

After some in-house tests, we can confirm that the vulnerability presented at http://www.extendedsubset.com/ indeed real and should pose a significant threat to most. The vulnerability has been discovered by Marsh Ray, Steve Dispensa and Martin Rex.

We are currently looking into possible mitigations and will update this blog post regularly with more information regarding said vulnerability.


Impacts :
Currently known to exist
  • In general an attacker positioned in the middle of a connection may inject arbritary content into the beginning of an authenticated stream it will be interesting to see what potential impact this vulnerability has within each of the applications / protocols supporting it. IMAPS, FTPSSL, POP3 etc
  • For web servers - Attackers (if in the middle) can inject data into a segment that is authenticated to the web server, the web server will merge those requests and process them. (GET requests are trivially exploitable, POST are not known to be)  
Posted by Thierry Zoller


    At 19 November, 2009 10:06 khorben said...

    I think it's OpenSSL 0.9.8l (ell), not 0.9.81; the link itself is correct though.


    Post a Comment