Описание
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| sun-java6 | removed | package | ||
| sun-java6 | no-dsa | lenny | package | |
| sun-java6 | no-dsa | squeeze | package | |
| openjdk-6 | fixed | 6b23~pre11-1 | package | |
| openjdk-7 | fixed | 7~b147-2.0-1 | package | |
| iceweasel | not-affected | package | ||
| chromium-browser | fixed | 15.0.874.106~r107270-1 | package | |
| chromium-browser | end-of-life | squeeze | package | |
| lighttpd | fixed | 1.4.30-1 | package | |
| curl | fixed | 7.24.0-1 | package | |
| python2.6 | fixed | 2.6.8-0.1 | package | |
| python2.6 | no-dsa | squeeze | package | |
| python2.7 | fixed | 2.7.3~rc1-1 | package | |
| python3.1 | unfixed | package | ||
| python3.1 | no-dsa | squeeze | package | |
| python3.2 | fixed | 3.2.3~rc1-1 | package | |
| cyassl | removed | package | ||
| gnutls26 | removed | package | ||
| gnutls28 | unfixed | package | ||
| haskell-tls | unfixed | package | ||
| matrixssl | removed | package | ||
| matrixssl | no-dsa | squeeze | package | |
| matrixssl | no-dsa | wheezy | package | |
| bouncycastle | fixed | 1.49+dfsg-1 | package | |
| bouncycastle | no-dsa | squeeze | package | |
| bouncycastle | no-dsa | wheezy | package | |
| nss | fixed | 3.13.1.with.ckbi.1.88-1 | package | |
| polarssl | unfixed | package | ||
| tlslite | removed | package | ||
| tlslite | no-dsa | wheezy | package | |
| pound | fixed | 2.6-2 | package | |
| erlang | fixed | 1:15.b-dfsg-1 | package | |
| erlang | no-dsa | squeeze | package | |
| asterisk | fixed | 1:13.7.2~dfsg-1 | package | |
| asterisk | fixed | 1:11.13.1~dfsg-2+deb8u1 | jessie | package |
| asterisk | no-dsa | wheezy | package | |
| asterisk | end-of-life | squeeze | package |
Примечания
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
strictly speaking this is no lighttpd issue, but lighttpd adds a workaround
http://curl.haxx.se/docs/adv_20120124B.html
http://bugs.python.org/issue13885
python3.1 is fixed starting 3.1.5
No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0
No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2
matrixssl fix this upstream in 3.2.2
No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9
https://bugzilla.mozilla.org/show_bug.cgi?id=665814
https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab
No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases
Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.
http://downloads.digium.com/pub/security/AST-2016-001.html
https://issues.asterisk.org/jira/browse/ASTERISK-24972
patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
all versions vulnerable, backport required for wheezy
EPSS
Связанные уязвимости
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS