Closed Bug 780846 Opened 13 years ago Closed 2 years ago

nss: repeated SSL renegotiation DoS (CVE-2011-5094)

Categories

(NSS :: Libraries, defect, P3)

Product:

Component:

Version:

3.13.5

Type:

defect

Priority:

P3

Severity:

S4

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: thoger, Unassigned)

Details

Reporter

Description

•

13 years ago

Not really a new issue, rather a new NSS-specific CVE CVE-2011-5094 assigned recently for what was previously tracked as CVE-2011-1473 for OpenSSL. Both CVEs are noted as "disputed". An SSL client can take advantage of SSL handshake being more expensive on the server side and make SSL server use excessive amount of CPU time by repeatedly renegotiating SSL session. This may offer some advantage compared to attack using only initial handshakes over new connections when server rate limits TCP connections. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473 http://www.thc.org/thc-ssl-dos/ http://www.ietf.org/mail-archive/web/tls/current/msg07553.html http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html Note that as of CVE-2009-3555 fix, this can be mitigated using SSL_ENABLE_RENEGOTIATION option using SSL_RENEGOTIATE_NEVER if application does not use renegotiation. This mitigation can be enabled without modifying application using the NSS_SSL_ENABLE_RENEGOTIATION environment variable values 0 or n. Filing this as proper NSS upstream bug for future reference.

Updated

•

3 years ago

Severity: normal → S3

Benjamin Beurdouche [:beurdouche]

Updated

•

2 years ago

Severity: S3 → S4

Status: UNCONFIRMED → RESOLVED

Closed: 2 years ago

Priority: -- → P3

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.