Think you have a false positive on this rule?

Sid 1-20437

Message

MALWARE-TOOLS THC SSL renegotiation DOS attempt

Summary

DISPUTED OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.

Impact

CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2011-1473:

CVSS base score 5.0

CVSS impact score 2.9

CVSS exploitability score 10.0

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

CVE-2011-5094:

CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Detailed information

CVE-2011-1473: DISPUTED OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.

CVE-2011-5094: DISPUTED Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSLENABLERENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.

Affected systems

  • openssl openssl 0.9.8k
  • openssl openssl 0.9.8m
  • openssl openssl 0.9.8n
  • openssl openssl 0.9.8o
  • openssl openssl 0.9.8p
  • openssl openssl 0.9.8r
  • openssl openssl 0.9.8s
  • openssl openssl 0.9.8t
  • openssl openssl 0.9.8u
  • openssl openssl 0.9.8v
  • openssl openssl 0.9.8w
  • openssl openssl 0.9.8x
  • mozilla networksecurityservices 3.2
  • mozilla networksecurityservices 3.2.1
  • mozilla networksecurityservices 3.3
  • mozilla networksecurityservices 3.3.1
  • mozilla networksecurityservices 3.3.2
  • mozilla networksecurityservices 3.4
  • mozilla networksecurityservices 3.4.1
  • mozilla networksecurityservices 3.4.2
  • mozilla networksecurityservices 3.5
  • mozilla networksecurityservices 3.6
  • mozilla networksecurityservices 3.6.1
  • mozilla networksecurityservices 3.7
  • mozilla networksecurityservices 3.7.1
  • mozilla networksecurityservices 3.7.2
  • mozilla networksecurityservices 3.7.3
  • mozilla networksecurityservices 3.7.5
  • mozilla networksecurityservices 3.7.7
  • mozilla networksecurityservices 3.8
  • mozilla networksecurityservices 3.9
  • mozilla networksecurityservices 3.11.2
  • mozilla networksecurityservices 3.11.3
  • mozilla networksecurityservices 3.11.4
  • mozilla networksecurityservices 3.11.5

Ease of attack

CVE-2011-1473:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2011-5094:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • www.thc.org/thc-ssl-dos/