Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (UNIX)  >   Solaris Vendors:   Sun
Solaris Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
SecurityTracker Alert ID:  1023224
SecurityTracker URL:
CVE Reference:   CVE-2009-3555   (Links to External Site)
Updated:  Jun 24 2010
Original Entry Date:  Nov 21 2009
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 10, OpenSolaris
Description:   A vulnerability was reported in Solaris. A remote user can conduct a man-in-the-middle attack on SSL session renegotiation.

A remote user with the ability to conduct a man-in-the-middle attack can exploit a flaw in the underlying SSL/TLS protocol to inject arbitrary plain text into the exchange between the client and the server, with the arbitrary data as a prefix to the session.

OpenSSL on Solaris is affected.

The vulnerability resides in the TLS 1.0 or later and SSLv3 protocols.

The specific impact of this protocol flaw depends on the application using SSL/TLS.

Marsh Ray of PhoneFactor and Martin Rex independently reported this vulnerability.

[Editor's note: The flaw resides in the protocol and not in the protocol implementation. Some vendors are implementing a temporary workaround that prohibits session renegotiation until the protocol itself can be modified. Several protocol implementations are affected, including OpenSSL, GnuTLS, Network Security Services, and Java Secure Socket Extension.]

Impact:   A remote user can with the ability to conduct a man-in-the-middle attack can inject arbitrary plain text data into the exchange, preceding the session data.
Solution:   Sun has issued a fix for Solaris OpenSSL.

SPARC Platform

* Solaris 10 with patches 143140-04 or later and 145102-01 or later
* OpenSolaris based upon builds snv_129 or later

x86 Platform

* Solaris 10 with patch 141525-10 or later
* OpenSolaris based upon builds snv_129 or later

The vendor's advisory is available at:

[Editor's note: Sun has also issued a fix for Network Security Services and Java Enterprise System, as described in Alert ID 1023261 and Sun Alert 273350.]

Vendor URL: (Links to External Site)
Cause:   Authentication error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC