Windows Schannel Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Windows Schannel

Vendors: Microsoft

Windows Schannel Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks

SecurityTracker Alert ID: 1024299

SecurityTracker URL: http://securitytracker.com/id/1024299

CVE Reference: CVE-2009-3555 (Links to External Site)

Updated: Sep 2 2010

Original Entry Date: Aug 10 2010

Impact: Modification of user information

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7, 2008 R2; and prior service packs

Description: A vulnerability was reported in Windows Schannel. A remote user can conduct a man-in-the-middle attack on SSL session renegotiation.

A remote user with the ability to conduct a man-in-the-middle attack can exploit a flaw in the underlying SSL/TLS protocol to inject arbitrary plain text into the exchange between the client and the server, with the arbitrary data as a prefix to the session.

The vulnerability resides in the TLS 1.0 or later and SSLv3 protocols.

Marsh Ray of PhoneFactor and Martin Rex independently reported this vulnerability.

[Editor's note: The flaw resides in the protocol and not in the protocol implementation. Some vendors are implementing a temporary workaround that prohibits session renegotiation until the protocol itself can be modified. Several protocol implementations are affected, including OpenSSL, GnuTLS, Network Security Services, and Java Secure Socket Extension.]

Impact: A remote user can with the ability to conduct a man-in-the-middle attack can inject arbitrary plain text data into the exchange, preceding the session data.

Solution: The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=FF00381C-E74B-48E5-9DD9-34DBEDD906A2

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=EAFFA70C-6F2B-4E66-B1BC-64BDBBBCD34F

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=F76D68DF-97E5-489C-A5F6-0C378C1F62AE

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=4543BCF0-3505-407B-A5A9-6250ECE6FBAC

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=9EF992C3-96E9-4533-B844-07424A6054B3

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=ACA69406-F795-4398-968F-959FE3A74E89

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E2835ED1-5CA6-4347-8FF1-E694B1AC49FF

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=6E0253D4-F0C0-4F28-BA08-6907C2FCB339

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=A96891FF-8771-47B3-81BB-8640ADB6C098

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3B16A422-0EE9-4EAB-9CFE-E7688FFA0D76

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=71716507-7080-4102-991E-6AFC7CC377D5

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=C457D8EC-83B7-446F-B77C-E47D4187E616

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=C9AEEA25-CA14-4B42-9018-A27C9D8899C4

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=B7C2E91F-CA8A-4237-99C8-CA53C91CF73E

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-049.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-049.mspx (Links to External Site)

Cause: Authentication error

Underlying OS:

Message History: None.

Source Message Contents

Date: Tue, 10 Aug 2010 18:13:42 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-049.mspx


Microsoft Security Bulletin MS10-049 - Critical: Vulnerabilities in SChannel could allow Remote Code Execution (980436)

CVE-2009-3555

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC