Bugtraq mailing list archives

RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python)

From: "Ivan Buetler" <ivan.buetler () csnc ch>
Date: Wed, 23 Dec 2009 08:20:36 +0100

I created a Camtasia Movie some time ago "exploiting" the vulnerability
by injecting "/user/profile/E1/" into the first ssl request to "/" 

http://www.hacking-lab.com/download/

This can help others to understand the vulnerability. 


Regards
Ivan



-----Original Message-----
From: Barry Raveendran Greene [mailto:bgreene () senki org] 
Sent: Monday, December 21, 2009 9:16 PM
To: 'RedTeam Pentesting GmbH'; bugtraq () securityfocus com
Subject: RE: TLS Renegotiation Vulnerability: Proof of Concept Code
(Python)

Also, can you change this:

"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF
draft standard that addresses the vulnerability."

To:

"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF
TLS
Working Group draft that addresses the vulnerability."

Where "IETF TLS Working Group" is hyperlinked to
http://www.ietf.org/dyn/wg/charter/tls-charter.html

That would help people who do not have a clue who the IETF or the TLS WG
or
that both are open standards forums.

Thanks,

Barry

-----Original Message-----
From: RedTeam Pentesting GmbH [mailto:release () redteam-pentesting de]
Sent: Monday, December 21, 2009 5:04 AM
To: bugtraq () securityfocus com
Subject: TLS Renegotiation Vulnerability: Proof of Concept Code
(Python)

Information about a vulnerability in the TLS protocol was published in
the
beginning of November 2009. Attackers can take advantage of that
vulnerability
to inject arbitrary prefixes into a network connection protected by
TLS. This
can result in severe vulnerabilities, depending on the application
layer
protocol used over TLS.

RedTeam Pentesting used the Python module "TLS Lite" to develop proof
of concept
code that exploits this vulnerability. It is published at

http://www.redteam-pentesting.de/publications/tls-renegotiation

to raise awareness for the vulnerability and its potential impact.
Furthermore,
it shall give interested persons the opportunity to analyse
applications
employing TLS for further vulnerabilities.

--
RedTeam Pentesting GmbH                    Tel.: +49 241 963-1300
Dennewartstr. 25-27                        Fax : +49 241 963-1304
52068 Aachen                    http://www.redteam-pentesting.de/
Germany                         Registergericht: Aachen HRB 14004
Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck

Current thread:

TLS Renegotiation Vulnerability: Proof of Concept Code (Python) RedTeam Pentesting GmbH (Dec 21)
- RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python) Barry Raveendran Greene (Dec 22)
  - RE: TLS Renegotiation Vulnerability: Proof of Concept Code (Python) Ivan Buetler (Dec 23)