Cisco Application Control Engine Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
|
SecurityTracker Alert ID: 1023205 |
SecurityTracker URL: http://securitytracker.com/id/1023205
|
CVE Reference:
CVE-2009-3555
(Links to External Site)
|
Date: Nov 20 2009
|
Impact:
Modification of user information
|
Vendor Confirmed: Yes Exploit Included: Yes
|
|
Description:
A vulnerability was reported in Cisco Application Control Engine (ACE). A remote user can conduct a man-in-the-middle attack on SSL session renegotiation.
A remote user with the ability to conduct a man-in-the-middle attack can exploit a flaw in the underlying SSL/TLS protocol to inject arbitrary plain text into the exchange between the client and the server, with the arbitrary data as a prefix to the session.
The vulnerability resides in the TLS 1.0 or later and SSLv3 protocols.
The following Cisco ACE products are affected:
Cisco ACE 4700 Series Application Control Engine Appliances
Cisco ACE Application Control Engine Module
Cisco ACE GSS 4400 Series Global Site Selector Appliances
Cisco ACE Web Application Firewall
Marsh Ray of PhoneFactor and Martin Rex independently reported this vulnerability.
[Editor's note: The flaw resides in the protocol and not in the protocol implementation. Some vendors are implementing a temporary workaround that prohibits session renegotiation until the protocol itself can be modified. Several protocol implementations are affected, including OpenSSL, GnuTLS, Network Security Services, and Java Secure Socket Extension.]
|
Impact:
A remote user can with the ability to conduct a man-in-the-middle attack can inject arbitrary plain text data into the exchange, preceding the session data.
|
Solution:
No solution was available at the time of this entry.
The vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml (Links to External Site)
|
Cause:
Authentication error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|