-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2010.0036.2
         OpenSSL TLS renegotiation man in the middle vulnerability
                              3 February 2010

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenSSL TLS
Publisher:         NetBSD
Operating System:  NetBSD
Impact/Access:     Unauthorised Access            -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2009-3555  

Reference:         ASB-2009.1125.2

Original Bulletin: 
   http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2010-002.txt.asc

Revision History:  February  3 2010: Fixed build instructions
                   January  14 2010: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


		 NetBSD Security Advisory 2010-002
		 =================================

Topic:		OpenSSL TLS renegotiation man in the middle vulnerability


Version:	NetBSD-current:		affected prior to 2009-12-04
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			openssl package prior to 0.9.8l


Severity:	Information disclosure


Fixed:		NetBSD-current:		Dec 03, 2009
		NetBSD-5-0 branch:	Jan 12, 2010
		NetBSD-5 branch:	Jan 12, 2010
		NetBSD-4-0 branch:	Jan 12, 2010
		NetBSD-4 branch:	Jan 12, 2010
		pkgsrc 2009Q4:		openssl-0.9.8l corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.



Abstract
========

An error in the OpenSSL TLS session renegotiation allows a remote
attacker to intercept communication and conduct a Man-in-the-Middle
attack on TLS sessions.

This vulnerability has been assigned CVE-2009-3555 and CERT
Vulnerability Note VU#120541.


Technical Details
=================

A design problem exists in the renegotiation feature for TLS sessions as
implemented by the version of OpenSSL shipped with NetBSD.  As session
renegotiation handshakes are not properly associated with an existing
connection, an unauthenticated attacker can initiate a renegotiation in
order to allow a man-in-the-middle attack, which may allow the attacker
to inject plaintext into the communication.


Solutions and Workarounds
=========================

The solution to this problem is to disable TLS session renegotiation for
now by applying the provided patches or updating NetBSD to a version
including the fix.

The following instructions describe how to upgrade your OpenSSL
binaries by updating your source tree and rebuilding and installing
a new version of OpenSSL.

* NetBSD-current:

	Systems running NetBSD-current dated from before 2009-12-04
	should be upgraded to NetBSD-current dated 2009-12-04 or later.

	The following files/directories need to be updated from the
	netbsd-current CVS branch (aka HEAD):
		crypto/external/bsd/openssl/dist/ssl/s3_lib.c
		crypto/external/bsd/openssl/dist/ssl/s3_pkt.c
		crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
		crypto/external/bsd/openssl/dist/ssl/ssl_locl.h

	To update from CVS, re-build, and re-install OpenSSL:
		# cd src
		# cvs update -d -P crypto/external/bsd/openssl/dist/ssl
		# cd lib/libcrypt
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install
		# cd ../../crypto/external/bsd/openssl/lib/libcrypto
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install
		# cd ../libssl
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install

* NetBSD 5.*:

	Systems running NetBSD 5.* sources dated from before
	2010-01-12 09:30 UTC should be upgraded from NetBSD 5.* sources
	dated 2010-01-12 09:30 UTC or later.

	The following files/directories need to be updated from the
	netbsd-5 or netbsd-5-0 branches:
		crypto/dist/openssl/ssl/s3_lib.c
		crypto/dist/openssl/ssl/s3_pkt.c
		crypto/dist/openssl/ssl/s3_srvr.c
		crypto/dist/openssl/ssl/ssl_locl.h

	To update from CVS, re-build, and re-install OpenSSL:

		# cd src
		# cvs update -r <branch_name> -d -P crypto/dist/openssl/ssl
		# cd lib/libcrypt
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install
		# cd ../libcrypto
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install
		# cd ../libssl
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install

* NetBSD 4.*:

	Systems running NetBSD 4.* sources dated from before
	2010-01-12 09:30 UTC should be upgraded from NetBSD 4.* sources
	dated 2010-01-12 09:30 UTC or later.

	The following files/directories need to be updated from the
	netbsd-4 or netbsd-4-0 branches:
		crypto/dist/openssl/ssl/s3_lib.c
		crypto/dist/openssl/ssl/s3_pkt.c
		crypto/dist/openssl/ssl/s3_srvr.c
		crypto/dist/openssl/ssl/ssl_locl.h

	To update from CVS, re-build, and re-install OpenSSL:

		# cd src
		# cvs update -r <branch_name> -d -P crypto/dist/openssl/ssl
		# cd lib/libcrypt
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install
		# cd ../libcrypto
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install
		# cd ../libssl
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install


Thanks To
=========

Marsh Ray, PhoneFactor and Martin Rex for discovering and reporting the issue,
and Christos Zoulas for fixing it.


Revision History
================

	2010-01-12	Initial release
	2010-01-15	Fixed build instructions
	2010-01-23	Fixed build instructions for HEAD again


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2010-002.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.

Copyright 2010, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2010-002.txt,v 1.4 2010/01/23 14:43:50 tonnerre Exp $

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (NetBSD)

iQIcBAEBAgAGBQJLWw3iAAoJEAZJc6xMSnBuCeMP/RrlI7CXqffUkYmMvzeae9Nw
PxGIuh+mUOQNqZFH9Nk3jGbnu/XbSLI+zzEXfpQq9yhIQoX4CWLthezfzH/DG/nj
GndTlk3rzw90FXqKVgefZaO+rAAgiliNyld9/eCRldop3jy+18vfyToFtAO7gSNi
UTcL/2WDLSK8+TLjBiGHTftDolKNKRfIu0Eo5V5AP0UrkpZ7EyV6GQPLRy4896Ub
ThIXM5xgFDv4PzCwIpkfLVZdgrHVwN6nzRnC8eoGLPkV4zFbOT5CZ/wXg7GbQChA
4PCFgc0FC4m2jdNuqUMXLa3THlPlWrXE+uXBKjnO1JKyitAgrn5bEPDY/BVr9L5n
5IJdanNZmQQljtCx3G4MsP8ozqFXTP20f4XiaEnJg3uJ76RzLK58Bt+G41lEXDuf
5ZBFkpSqiv9oPoz/AYZU4qOcSoQLW5BAV4nW4lDRUEYUBILPFhyt2HXnxoBfJpjk
VBeqMKRx90jC/vkRuv7QA9sIeMCJjwvaA1DwhAw9P+gLpSPxjp/inOE0P/1wFhq3
JIMjRZnBihCwQVH+Jn3gJ5u9zYheFrRUZarxvsyUHEyeObmP5Up0TaUGG1SU4yoE
iLLh32CxTAhXcwDcbMvx06jgS0K93eJk44fUoVmZ4LlxVC0bVWsfbiw3fSWdBhEP
xgD+Oxw9QYi9pci5dDcO
=gbh2
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFLaPPE/iFOrG6YcBERAsJ1AKCGDuspf69bMlv5cU3IllpFqND5qgCeOpxs
l5aAXDY+trEAZl/wx1G+uyk=
=Vtth
-----END PGP SIGNATURE-----