CVE-2009-3555 OpenSSL need to be updated to close TLS MITM attack

Bug #484417 reported by Benjamin
278
This bug affects 4 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Low
Unassigned
Lucid
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: openssl

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

http://isc.sans.org/diary.html?storyid=7582

 Changes between 0.9.8k and 0.9.8l [5 Nov 2009]

  *) Disable renegotiation completely - this fixes a severe security
     problem (CVE-2009-3555) at the cost of breaking all
     renegotiation. Renegotiation can be re-enabled by setting
     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
     run-time. This is really not recommended unless you know what
     you're doing.
     [Ben Laurie]

CVE References

Benjamin (bercovitz)
visibility: private → public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

While OpenSSL does need to be updated, it requires a protocol change to fix properly. At this time, Ubuntu is waiting on the protocol changes discussed by the IETF to be formalized before patching OpenSSL. In the meantime, since there are known attacks against the HTTPS protocol, Apache was updated to disallow client initiated TLS renegotiations in http://www.ubuntu.com/usn/USN-860-1.

Changed in openssl (Ubuntu):
status: New → Confirmed
Changed in openssl (Ubuntu):
importance: Undecided → Low
Revision history for this message
Florent Georges (fgeorges) wrote :

  Hi,

  I need to re-enable renegotiation (at least temporarily) because it is needed by svnsync (Subversion over HTTPS). Unfortunately I do not understand the above comment about re-enabling it. Do you have any pointer ?

  Regards,

--
Florent Georges

Revision history for this message
Lukas Koranda (lkoranda) wrote :

Hi,
we need the following to properly fix that issue.

Fixed in 0.9.8m [25 Feb 2010] that follows http://tools.ietf.org/html/rfc5746
  *) Implement RFC5746. Re-enable renegotiation but require the extension
     as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
     turns out to be a bad idea. It has been replaced by
     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
     SSL_CTX_set_options(). This is really not recommended unless you
     know what you are doing.
     [Eric Rescorla <email address hidden>, Ben Laurie, Steve Henson]

It should be better to switch to 0.9.8n [24 Mar 2010]
Ideally to switch directly to 1.0.0 [29 Mar 2010] to avoid many security issues and reestablish SSL security in Ubuntu, otherwise there will high risk when using ubuntu server edition with services like Apache, Postfix etc...

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Lukas, other than this issue, openssl in Ubuntu has no open security issues. We backport security fixes and openssl security in Ubuntu is fine. 0.9.8n (or backported patches) is being evaluated for inclusion in Ubuntu, but the issue is quite complicated. For more information, please see (along with the References) http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3555.html

Revision history for this message
Lukas Koranda (lkoranda) wrote :

Jamie, you are definitely right. I would like to clarify it now. To fix latest reported vulnerabilities it should be fine to update to 0.9.8n or backport patches. I'll be happy with that, because this is enough for use with Apache httpd 2.2.15 (or again backported patches) But there is also good oportunity to switch directly to 1.0.0. in Lucid to take a lot of enhancements which indirectly improves security.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Updated have now been released for stable releases, and openssl in Maverick is already fixed.

http://www.ubuntu.com/usn/usn-990-1

Changed in openssl (Ubuntu):
status: Confirmed → Fix Released
Changed in openssl (Ubuntu Lucid):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers