1
PublicDateAtUSN: 2011-11-16
2
Candidate: CVE-2011-3389
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
6
https://usn.ubuntu.com/usn/usn-1263-1
7
http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/
9
The SSL protocol, as used in certain configurations in Microsoft Windows
10
and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and
11
other products, encrypts data by using CBC mode with chained initialization
12
vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP
13
headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session,
14
in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API,
15
(2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a
18
Juliano Rizzo and Thai Duong discovered that the block-wise AES
19
encryption algorithm block-wise as used in TLS/SSL was vulnerable
20
to a chosen-plaintext attack. This could allow a remote attacker to
21
view confidential data.
23
mdeslaur> in natty+, NetX and the plugin moved to the icedtea-web package
24
jdstrand> this is not a lighttpd issue, however dsa-2368 disabled CBC ciphers
25
by default. Ignoring as this is a configuration issue.
26
sbeattie> openssl contains a countermeasure since openssl 0.9.8d,
27
though it can be disabled with the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
28
option (which is included in SSL_OP_ALL). Need to search through
29
openssl user that enable the option.
30
tyhicks> All versions of gnutls in supported releases have TLS 1.1 and 1.2
31
support. TLS 1.1 and 1.2 are not affected by this attack. Upstream advised
32
applications to use 1.1 and 1.2 in GNUTLS-SA-2011-1. Additionally, DTLS 1.0
33
can be used or RC4 can be used with TLS 1.0 if TLS 1.1 or 1.2 are not viable
35
jdstrand> arcticdog blog points out that users of SSL_OP_ALL should be updated
36
to use 'SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' to not be
37
vulnerable to this attack
38
mdeslaur> removing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS will break
39
compatibility with certain SSL implementations, which is why it's
40
included in SSL_OP_ALL in the first place. Since the BEAST attack is only
41
practical in web browsers where you can run arbitrary code, and current
42
web browsers are already fixed, modifying other software in the archive
43
to enable the work around will break compatibility with no added security
47
Discovered-by: Juliano Rizzo and Thai Duong
51
upstream_sun-java6: needs-triage
52
hardy_sun-java6: ignored (reached end of life)
53
lucid_sun-java6: DNE (removed from archive)
54
maverick_sun-java6: DNE (removed from archive)
55
natty_sun-java6: DNE (removed from archive)
56
oneiric_sun-java6: DNE
57
precise_sun-java6: DNE
58
quantal_sun-java6: DNE
62
upstream_sun-java5: needs-triage
63
hardy_sun-java5: ignored (upstream sun-java5 is EoL)
65
maverick_sun-java5: DNE
67
oneiric_sun-java5: DNE
68
precise_sun-java5: DNE
69
quantal_sun-java5: DNE
73
upstream_openjdk-6: needs-triage
74
hardy_openjdk-6: released (6b27-1.12.3-0ubuntu1~08.04.1)
75
lucid_openjdk-6: released (6b20-1.9.10-0ubuntu1~10.04.2)
76
maverick_openjdk-6: released (6b20-1.9.10-0ubuntu1~10.10.2)
77
natty_openjdk-6: released (6b22-1.10.4-0ubuntu1~11.04.1)
78
oneiric_openjdk-6: released (6b23~pre11-0ubuntu1.11.10)
79
precise_openjdk-6: not-affected (6b23~pre11-1ubuntu2)
80
quantal_openjdk-6: not-affected (6b23~pre11-1ubuntu2)
81
devel_openjdk-6: not-affected (6b23~pre11-1ubuntu2)
84
upstream_openjdk-6b18: needs-triage
85
hardy_openjdk-6b18: DNE
86
lucid_openjdk-6b18: released (6b18-1.8.10-0ubuntu1~10.04.2)
87
maverick_openjdk-6b18: released (6b18-1.8.10-0ubuntu1~10.10.2)
88
natty_openjdk-6b18: released (6b18-1.8.10-0ubuntu1~11.04.1)
89
oneiric_openjdk-6b18: ignored (superceded by openjdk-6)
90
precise_openjdk-6b18: DNE
91
quantal_openjdk-6b18: DNE
92
devel_openjdk-6b18: DNE
95
upstream_openjdk-7: needs-triage
98
maverick_openjdk-7: DNE
100
oneiric_openjdk-7: released (7~b147-2.0-0ubuntu0.11.10.1)
101
precise_openjdk-7: released (7~b147-2.0-1ubuntu1)
102
quantal_openjdk-7: released (7~b147-2.0-1ubuntu1)
103
devel_openjdk-7: released (7~b147-2.0-1ubuntu1)
107
upstream_gnutls26: not-affected
109
lucid_gnutls26: not-affected
110
maverick_gnutls26: not-affected
111
natty_gnutls26: not-affected
112
oneiric_gnutls26: not-affected
113
precise_gnutls26: not-affected
114
quantal_gnutls26: not-affected
115
devel_gnutls26: not-affected
118
upstream_openssl: needs-triage
119
hardy_openssl: not-affected (countermeasure in place)
120
lucid_openssl: not-affected (countermeasure in place)
121
maverick_openssl: not-affected (countermeasure in place)
122
natty_openssl: not-affected (countermeasure in place)
123
oneiric_openssl: not-affected (countermeasure in place)
124
precise_openssl: not-affected (countermeasure in place)
125
quantal_openssl: not-affected (countermeasure in place)
126
devel_openssl: not-affected (countermeasure in place)
129
upstream_icedtea-web: needs-triage
130
hardy_icedtea-web: DNE
131
lucid_icedtea-web: not-affected
132
maverick_icedtea-web: DNE
133
natty_icedtea-web: not-affected
134
oneiric_icedtea-web: not-affected
135
precise_icedtea-web: not-affected
136
quantal_icedtea-web: not-affected
137
devel_icedtea-web: not-affected
140
vendor: http://www.debian.org/security/2011/dsa-2368
141
upstream_lighttpd: released (1.4.30-1)
142
hardy_lighttpd: ignored (reached end-of-life)
143
lucid_lighttpd: ignored
144
maverick_lighttpd: ignored
145
natty_lighttpd: ignored
146
oneiric_lighttpd: ignored
147
precise_lighttpd: ignored
148
quantal_lighttpd: ignored
149
devel_lighttpd: ignored