copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
By Operating...
»
UNIX (all)
»
Solaris
» AA-2009.0145 -- [Win][UNIX/Linux][Mac][OSX] -- HTTPS...
AA-2009.0145 -- [Win][UNIX/Linux][Mac][OSX] -- HTTPS: Multiple Vulnerabilities
Date:
19 June 2009
References
:
ESB-2009.1296
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AA-2009.0145 AUSCERT Advisory [Win][UNIX/Linux][Mac][OSX] HTTPS: Multiple Vulnerabilities 19 June 2009 - --------------------------------------------------------------------------- AusCERT Advisory Summary ------------------------ Product: HTTPS Operating System: UNIX variants (UNIX, Linux, OSX) Windows Mac OS X Impact: Provide Misleading Information Reduced Security Access: Remote/Unauthenticated CVE Names: CVE-2009-2057 CVE-2009-2058 CVE-2009-2059 CVE-2009-2060 CVE-2009-2061 CVE-2009-2062 CVE-2009-2063 CVE-2009-2064 CVE-2009-2065 CVE-2009-2066 CVE-2009-2067 CVE-2009-2068 CVE-2009-2069 CVE-2009-2070 CVE-2009-2071 CVE-2009-2072 CVE-2009-2074 CVE-2009-2075 CVE-2009-2076 CVE-2009-2077 Member content until: Friday, July 17 2009 OVERVIEW: A research paper from Microsoft has identified security risks affecting all major browsers and many websites when communicating via a proxy server. [1] IMPACT: Microsoft Internet Explorer, Opera, and Google Chrome are open to man-in-the-middle attacks when displaying a certificate for a CONNECT response page from a proxy server, spoofing an arbitrary https site by letting a browser obtain a valid certificate, then sending the browser a crafted 502 response page upon a subsequent request. Apple Safari, however, does not require a cached certificate to display a padlock icon for an https site when given a crafted CONNECT response page. The vulnerabilities are: CVE-2009-2069 Microsoft Internet Explorer before 8 CVE-2009-2070 Opera CVE-2009-2071 Google Chrome before 1.0.154.53 CVE-2009-2072 Apple Safari Microsoft Internet Explorer, Apple Safari, Opera and Google Chrome are vulnerable to an "SSL tampering attack", whereby the browser is compromised via a man-in-the-middle attack through the injection of arbitrary web script by modifying a CONNECT response. The vulnerabilities are: CVE-2009-2057 Microsoft Internet Explorer before 8 CVE-2009-2058 Apple Safari before 3.2.2 CVE-2009-2059 Opera, possibly before 9.25 CVE-2009-2060 Google Chrome before 1.0.154.53 Mozilla Firefox, Apple Safari and Opera, are vulnerable to a man-in-the-middle attack via the injection of arbitrary web script into an https site by modifying a CONNECT response. The vulnerabilities are: CVE-2009-2061 Mozilla Firefox before 3.0.10 CVE-2009-2062 Apple Safari before 3.2.2 CVE-2009-2063 Opera, possibly before 9.25 Mozilla Firefox, Opera, Microsoft Internet Explorer, Google Chrome and Apple Safari are vulnerable to a man-in-the-middle attack by the injection of arbitrary web script, in an https site, by modifying an http page to include an https iframe that references a script file on an http site. The vulnerabilities are: CVE-2009-2064 Microsoft Internet Explorer 8 CVE-2009-2065 Mozilla Firefox 3.0.10, and possibly other versions CVE-2009-2066 Apple Safari CVE-2009-2067 Opera CVE-2009-2068 Google Chrome MITIGATION: Many of these browsers have patches available and some are in the process of being patched. Please refer to the vendors' websites for updates. Fixes are available for the following: CVE-2009-2058 Apple Safari before 3.2.2 CVE-2009-2059 Opera, possibly before 9.25 CVE-2009-2060 Google Chrome before 1.0.154.53 CVE-2009-2061 Mozilla Firefox before 3.0.10 CVE-2009-2062 Apple Safari before 3.2.2 CVE-2009-2063 Opera, possibly before 9.25 CVE-2009-2065 Mozilla Firefox 3.0.10, and possibly other versions CVE-2009-2071 Google Chrome before 1.0.154.53 Please see the Microsoft Research page for further details on the investigation of this vulnerability. [1] Further details regarding the individual CVEs can be found on the NIST website. [2] REFERENCES: [1] Microsoft Research http://research.microsoft.com/apps/pubs/default.aspx?id=79323 [2] National Vulnerability Database http://web.nvd.nist.gov AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFKOyCwNVH5XJJInbgRAoRMAJ9zHNP2GLdTzwyCfqLWK257rWRavACeMOtd cQweudO/JtKSRiPLIaiW2AY= =GtzG -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=33&it=11176