CVE-2011-3389
Published: 16 November 2011
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
From the Ubuntu Security Team
Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data.
Notes
Author | Note |
---|---|
mdeslaur | in natty+, NetX and the plugin moved to the icedtea-web package |
jdstrand | this is not a lighttpd issue, however dsa-2368 disabled CBC ciphers by default. Ignoring as this is a configuration issue. |
sbeattie | openssl contains a countermeasure since openssl 0.9.8d, though it can be disabled with the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option (which is included in SSL_OP_ALL). Need to search through openssl user that enable the option. |
tyhicks | All versions of gnutls in supported releases have TLS 1.1 and 1.2 support. TLS 1.1 and 1.2 are not affected by this attack. Upstream advised applications to use 1.1 and 1.2 in GNUTLS-SA-2011-1. Additionally, DTLS 1.0 can be used or RC4 can be used with TLS 1.0 if TLS 1.1 or 1.2 are not viable options. |
jdstrand | arcticdog blog points out that users of SSL_OP_ALL should be updated to use 'SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' to not be vulnerable to this attack |
mdeslaur | removing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS will break compatibility with certain SSL implementations, which is why it's included in SSL_OP_ALL in the first place. Since the BEAST attack is only practical in web browsers where you can run arbitrary code, and current web browsers are already fixed, modifying other software in the archive to enable the work around will break compatibility with no added security benefit. |
Priority
Status
Package | Release | Status |
---|---|---|
gnutls26 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
icedtea-web Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
upstream |
Needs triage
|
|
lighttpd Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
|
|
maverick |
Ignored
|
|
natty |
Ignored
|
|
oneiric |
Ignored
|
|
precise |
Ignored
|
|
quantal |
Ignored
|
|
upstream |
Released
(1.4.30-1)
|
|
Patches: vendor: http://www.debian.org/security/2011/dsa-2368 |
||
openjdk-6 Launchpad, Ubuntu, Debian |
hardy |
Released
(6b27-1.12.3-0ubuntu1~08.04.1)
|
lucid |
Released
(6b20-1.9.10-0ubuntu1~10.04.2)
|
|
maverick |
Released
(6b20-1.9.10-0ubuntu1~10.10.2)
|
|
natty |
Released
(6b22-1.10.4-0ubuntu1~11.04.1)
|
|
oneiric |
Released
(6b23~pre11-0ubuntu1.11.10)
|
|
precise |
Not vulnerable
(6b23~pre11-1ubuntu2)
|
|
quantal |
Not vulnerable
(6b23~pre11-1ubuntu2)
|
|
upstream |
Needs triage
|
|
openjdk-6b18 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(6b18-1.8.10-0ubuntu1~10.04.2)
|
|
maverick |
Released
(6b18-1.8.10-0ubuntu1~10.10.2)
|
|
natty |
Released
(6b18-1.8.10-0ubuntu1~11.04.1)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Released
(7~b147-2.0-0ubuntu0.11.10.1)
|
|
precise |
Released
(7~b147-2.0-1ubuntu1)
|
|
quantal |
Released
(7~b147-2.0-1ubuntu1)
|
|
upstream |
Needs triage
|
|
openssl Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(countermeasure in place)
|
lucid |
Not vulnerable
(countermeasure in place)
|
|
maverick |
Not vulnerable
(countermeasure in place)
|
|
natty |
Not vulnerable
(countermeasure in place)
|
|
oneiric |
Not vulnerable
(countermeasure in place)
|
|
precise |
Not vulnerable
(countermeasure in place)
|
|
quantal |
Not vulnerable
(countermeasure in place)
|
|
upstream |
Needs triage
|
|
sun-java5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
sun-java6 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
(removed from archive)
|
|
maverick |
Does not exist
(removed from archive)
|
|
natty |
Does not exist
(removed from archive)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|