This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
SSL:OPENSSL-MITM-SEC-BYPASS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
SSL
|
Keywords |
OpenSSL ChangeCipherSpec MITM Security Bypass
|
Release Date |
2014/06/11
|
Update Number |
2386
|
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
SSL: OpenSSL ChangeCipherSpec MITM Security Bypass
This signature detects attempts to exploit a known security-bypass vulnerability against OpenSSL. A successful exploitation would provide an attacker the ability to decrypt traffic and inject plaintext into a TLS connection.
Extended Description
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Affected Products
- Fedoraproject fedora 19
- Fedoraproject fedora 20
- Filezilla-project filezilla_server 0.9.21
- Filezilla-project filezilla_server 0.9.22
- Filezilla-project filezilla_server 0.9.26
- Filezilla-project filezilla_server 0.9.27
- Filezilla-project filezilla_server 0.9.28
- Filezilla-project filezilla_server 0.9.29
- Filezilla-project filezilla_server 0.9.30
- Filezilla-project filezilla_server 0.9.31
- Filezilla-project filezilla_server 0.9.32
- Filezilla-project filezilla_server 0.9.33
- Filezilla-project filezilla_server 0.9.34
- Filezilla-project filezilla_server 0.9.35
- Filezilla-project filezilla_server 0.9.36
- Filezilla-project filezilla_server 0.9.37
- Filezilla-project filezilla_server 0.9.38
- Filezilla-project filezilla_server 0.9.39
- Filezilla-project filezilla_server 0.9.40
- Filezilla-project filezilla_server 0.9.41
- Filezilla-project filezilla_server 0.9.42
- Filezilla-project filezilla_server 0.9.43
- Filezilla-project filezilla_server 0.9.44
- Filezilla-project filezilla_server 0.9.6
- Openssl openssl -
- Openssl openssl 0.9.1c
- Openssl openssl 0.9.2b
- Openssl openssl 0.9.3
- Openssl openssl 0.9.3a
- Openssl openssl 0.9.4
- Openssl openssl 0.9.5
- Openssl openssl 0.9.5a
- Openssl openssl 0.9.6
- Openssl openssl 0.9.6a
- Openssl openssl 0.9.6b
- Openssl openssl 0.9.6c
- Openssl openssl 0.9.6d
- Openssl openssl 0.9.6e
- Openssl openssl 0.9.6f
- Openssl openssl 0.9.6g
- Openssl openssl 0.9.6h
- Openssl openssl 0.9.6i
- Openssl openssl 0.9.6j
- Openssl openssl 0.9.6k
- Openssl openssl 0.9.6l
- Openssl openssl 0.9.6m
- Openssl openssl 0.9.7
- Openssl openssl 0.9.7a
- Openssl openssl 0.9.7b
- Openssl openssl 0.9.7c
- Openssl openssl 0.9.7d
- Openssl openssl 0.9.7e
- Openssl openssl 0.9.7f
- Openssl openssl 0.9.7g
- Openssl openssl 0.9.7h
- Openssl openssl 0.9.7i
- Openssl openssl 0.9.7j
- Openssl openssl 0.9.7k
- Openssl openssl 0.9.7l
- Openssl openssl 0.9.7m
- Openssl openssl 0.9.8
- Openssl openssl 0.9.8a
- Openssl openssl 0.9.8b
- Openssl openssl 0.9.8c
- Openssl openssl 0.9.8d
- Openssl openssl 0.9.8e
- Openssl openssl 0.9.8f
- Openssl openssl 0.9.8g
- Openssl openssl 0.9.8h
- Openssl openssl 0.9.8i
- Openssl openssl 0.9.8j
- Openssl openssl 0.9.8k
- Openssl openssl 0.9.8l
- Openssl openssl 0.9.8m
- Openssl openssl 0.9.8n
- Openssl openssl 0.9.8o
- Openssl openssl 0.9.8p
- Openssl openssl 0.9.8q
- Openssl openssl 0.9.8r
- Openssl openssl 0.9.8s
- Openssl openssl 0.9.8t
- Openssl openssl 0.9.8u
- Openssl openssl 0.9.8v
- Openssl openssl 0.9.8w
- Openssl openssl 0.9.8x
- Openssl openssl 0.9.8y
- Openssl openssl 0.9.8z
- Openssl openssl 1.0.0
- Openssl openssl 1.0.0a
- Openssl openssl 1.0.0b
- Openssl openssl 1.0.0c
- Openssl openssl 1.0.0d
- Openssl openssl 1.0.0e
- Openssl openssl 1.0.0f
- Openssl openssl 1.0.0g
- Openssl openssl 1.0.0h
- Openssl openssl 1.0.0i
- Openssl openssl 1.0.0j
- Openssl openssl 1.0.0k
- Openssl openssl 1.0.0l
- Openssl openssl 1.0.1
- Openssl openssl 1.0.1a
- Openssl openssl 1.0.1b
- Openssl openssl 1.0.1c
- Openssl openssl 1.0.1d
- Openssl openssl 1.0.1e
- Openssl openssl 1.0.1f
- Openssl openssl 1.0.1g
- Opensuse opensuse 13.1
- Opensuse opensuse 13.2
- Redhat enterprise_linux 4
- Redhat enterprise_linux 5
- Redhat enterprise_linux 6.0
- Redhat jboss_enterprise_application_platform 5.2.0
- Redhat jboss_enterprise_application_platform 6.2.3
- Redhat jboss_enterprise_web_platform 5.2.0
- Redhat jboss_enterprise_web_server 2.0.1
- Redhat storage 2.1
References