Your submission was sent successfully! Close

CVE-2011-3389

Published: 16 November 2011

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

From the Ubuntu security team

Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data.

Notes

AuthorNote
mdeslaur
in natty+, NetX and the plugin moved to the icedtea-web package
jdstrand
this is not a lighttpd issue, however dsa-2368 disabled CBC ciphers
by default. Ignoring as this is a configuration issue.
sbeattie
openssl contains a countermeasure since openssl 0.9.8d,
though it can be disabled with the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
option (which is included in SSL_OP_ALL). Need to search through
openssl user that enable the option.
tyhicks
All versions of gnutls in supported releases have TLS 1.1 and 1.2
support. TLS 1.1 and 1.2 are not affected by this attack. Upstream advised
applications to use 1.1 and 1.2 in GNUTLS-SA-2011-1. Additionally, DTLS 1.0
can be used or RC4 can be used with TLS 1.0 if TLS 1.1 or 1.2 are not viable
options.
jdstrand
arcticdog blog points out that users of SSL_OP_ALL should be updated
to use 'SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' to not be
vulnerable to this attack
mdeslaur
removing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS will break
compatibility with certain SSL implementations, which is why it's
included in SSL_OP_ALL in the first place. Since the BEAST attack is only
practical in web browsers where you can run arbitrary code, and current
web browsers are already fixed, modifying other software in the archive
to enable the work around will break compatibility with no added security
benefit.
Priority

Low

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

upstream Not vulnerable

icedtea-web
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

upstream Needs triage

lighttpd
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Ignored

maverick Ignored

natty Ignored

oneiric Ignored

precise Ignored

quantal Ignored

upstream
Released (1.4.30-1)
Patches:
vendor: http://www.debian.org/security/2011/dsa-2368
openjdk-6
Launchpad, Ubuntu, Debian
hardy
Released (6b27-1.12.3-0ubuntu1~08.04.1)
lucid
Released (6b20-1.9.10-0ubuntu1~10.04.2)
maverick
Released (6b20-1.9.10-0ubuntu1~10.10.2)
natty
Released (6b22-1.10.4-0ubuntu1~11.04.1)
oneiric
Released (6b23~pre11-0ubuntu1.11.10)
precise Not vulnerable
(6b23~pre11-1ubuntu2)
quantal Not vulnerable
(6b23~pre11-1ubuntu2)
upstream Needs triage

openjdk-6b18
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (6b18-1.8.10-0ubuntu1~10.04.2)
maverick
Released (6b18-1.8.10-0ubuntu1~10.10.2)
natty
Released (6b18-1.8.10-0ubuntu1~11.04.1)
oneiric Ignored
(superceded by openjdk-6)
precise Does not exist

quantal Does not exist

upstream Needs triage

openjdk-7
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric
Released (7~b147-2.0-0ubuntu0.11.10.1)
precise
Released (7~b147-2.0-1ubuntu1)
quantal
Released (7~b147-2.0-1ubuntu1)
upstream Needs triage

openssl
Launchpad, Ubuntu, Debian
hardy Not vulnerable
(countermeasure in place)
lucid Not vulnerable
(countermeasure in place)
maverick Not vulnerable
(countermeasure in place)
natty Not vulnerable
(countermeasure in place)
oneiric Not vulnerable
(countermeasure in place)
precise Not vulnerable
(countermeasure in place)
quantal Not vulnerable
(countermeasure in place)
upstream Needs triage

sun-java5
Launchpad, Ubuntu, Debian
hardy Ignored
(upstream sun-java5 is EoL)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

sun-java6
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end of life)
lucid Does not exist
(removed from archive)
maverick Does not exist
(removed from archive)
natty Does not exist
(removed from archive)
oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage