Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5819
Views
0
Helpful
10
Replies

53491 - SSL / TLS Renegotiation DoS "nessus"

Archil Sokhadze
Level 1
Level 1

‎10-25-2012 08:27 AM - edited ‎03-18-2019 12:02 AM

custumer is telling me that they have found  vulerability on vcs-expressway .

Results Details

5061/tcp


53491 - SSL / TLS Renegotiation DoS[-/+]

Synopsis

The remote service allows repeated renegotiation of TLS / SSL connections.

Description

The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition.

See Also

http://orchilles.com/2011/03/ssl-renegotiation-dos.html
http://www.ietf.org/mail-archive/web/tls/current/msg07553.html

Solution

Contact the vendor for specific patch information.

Ports

tcp/5061


The remote host is vulnerable to renegotiation DoS over TLSv1 / SSLv3.



what can i answer ? what are solutions ?

Labels:
0 Helpful
10 Replies 10

Archil Sokhadze
Level 1
Level 1

‎10-26-2012 04:46 AM

is there any solution ?

0 Helpful

gubadman
Level 3
Level 3
In response to Archil Sokhadze

‎10-26-2012 05:04 AM

Please see the following post -

https://supportforums.cisco.com/message/3653726#3653726

Thanks,

Guy

0 Helpful

Archil Sokhadze
Level 1
Level 1
In response to gubadman

‎10-26-2012 05:34 AM

test was performed with "nessus"   on vcs X7.2  , so if it was fixed why it's still showing up ?

0 Helpful

gubadman
Level 3
Level 3
In response to Archil Sokhadze

‎10-26-2012 05:39 AM

Can you provide a current published CVE for this?

0 Helpful

Archil Sokhadze
Level 1
Level 1
In response to gubadman

‎10-26-2012 05:43 AM

CVE

CVE-2011-1473
0 Helpful

gubadman
Level 3
Level 3
In response to Archil Sokhadze

‎10-26-2012 05:58 AM

thanks, I've emailed one of the security guys in the development team to get their thoughts on this.

0 Helpful

Archil Sokhadze
Level 1
Level 1
In response to gubadman

‎10-26-2012 06:01 AM

thanks , if there will be some news about this case please write in this discussion.

0 Helpful

Paula Talamo
Cisco Employee
Cisco Employee
In response to Archil Sokhadze

‎10-26-2012 09:33 AM

Hello Archil,

Thank you for visiting the support community and thank you to Guy for jumping in to help answer.  The better channel to direct such questions is to the PSIRT team reachable at psirt@cisco.com as they have a dedicated team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks.  Additional information and further contact details are available here: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Thank you,

Paula

0 Helpful

John Faltys
Level 1
Level 1

‎03-07-2013 03:24 PM

Have you received an answer on this?
Thanks

0 Helpful

Archil Sokhadze
Level 1
Level 1
In response to John Faltys

‎03-08-2013 01:22 AM

answer was :

---------------------------

There is no upstream fix for CVE-2011-1473 in the third-party OpenSSL library as yet.

More information about this bug can be found at: http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html

In particular, the section "Is this a flaw with SSL/TLS?" discusses how this is not a significant risk (with the obvious caveat this is from a third-party security writer).

I don’t expect it to be fix anytime soon as even Redhat still has its own bug open (https://bugzilla.redhat.com/show_bug.cgi?id=707065).

0 Helpful
Customers Also Viewed These Support Documents