19 December 2011
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0120 Novell Access Manager and CVE-2011-3389: "Beast Attack Vulnerability" 19 December 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Novell Access Manager 3.1 Operating System: Linux variants Impact/Access: Access Privileged Data -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Resolution: Mitigation CVE Names: CVE-2011-3389 Member content until: Wednesday, January 18 2012 Reference: ASB-2011.0092 ASB-2011.0071.2 ESB-2011.1041 ESB-2011.0979 OVERVIEW Novell has published a document detailing possible defenses against the BEAST vulnerability.  IMPACT The BEAST vulnerability could allow man-in-the-middle attackers to obtain session cookies from HTTPS requests.  MITIGATION In the Linux Access Gateway appliance (LAG) the only mitigation is to ensure that clients are using a patched browser.  In the Linux Access Gateway service (MAG), the proxy services configuration files can be edited to specify the appropriate SSL directives. Novell has reported this mitigation to its engineers.  REFERENCES  Novell Access Manager and CVE-2011-3389: "Beast Attack Vulnerability" http://www.novell.com/support/viewContent.do?externalId=7009901  CVE-2011-3389 http://support.novell.com/security/cve/CVE-2011-3389.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTu7e5e4yVqjM2NGpAQK1HRAApk3R6g9WY6/cedL+xsmLpupHiZUUsYX1 GpjOWDBOUCYjqdHzWFLvDweIcQqZeE6AAZIZYKE4qBgWmeJ21lRWIxXNXg9GkeBM b9Rj4GhBT/Jnm5lTkYDYM0a7XHO27SuE6C6nyEl9NSdhs023Gg8DAUDXP6qbP10i NUhlXqhDpWDKHw1ewGi6BQkpTv9bysuYSe9qLnvpqb/7eK8JUD5it3G5wuJu303F kVsuFuR+L9/wwZeWJasynpZ2WLNdZZxQ48Nn5tqNk4q0uKog56sblrRR3am9Dsut 0CJLu+m8Acf+RN47ZI1UBY6kzfAtAQie9X3bppThCbnI1IWBL6Of19izrSkKd1Jp SBQz25qwxiy1aXqrDe3Lzr13RIbz7bsShXJWCsxv6xFJG2hAjqoAVScsbmSNhPSB XO36XIFeddmrpF/rLVQ0wuZqL2HWFybW2kFbFHsd75Ps1a3yJHwQzhGYSOfTCA9t iJQ6PqaSBiU7bwmlPTbBHgdnYxAq51XxspGRlpPz+1QFNa5oT0qLk9BmhjNw3c62 W5gLkJXhF2jPX5grBBG3upmNhxwRQJQ0e6McKlh+dKI1cNERoqNZb9u8BpPlsvTH RtR77MLvOxDIf1Kn51FU/rU5orOaSEGd4fXCQKZOrnWJsRTYp8n83NlOW3CUs/jy 6X3NrwbhEls= =BqeE -----END PGP SIGNATURE-----