OSVDB ID: 60521

Title: Ingate Firewall/SIParator SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection

Info

Disclosure

Nov 26, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 26, 2009

Description

Classification

Location: Remote / Network Access
Attack Type: Cryptographic, Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Upgrade to version 4.8.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

CVE ID: 2009-3555 (see also: NVD)
Bugtraq ID: 36935
Secunia Advisory ID: 37504 37512 37545 37619 37653 37668 37669 37859 37861 37968 38069 38241 38483 38813 39207 39210 39216 39294 39317 39956 39967 43091 49035 49966 51766
Vendor Specific News/Changelog Entry: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034817.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035949.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041887.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00008.html
http://www-01.ibm.com/support/docview.wss?uid=swg1PK96157
http://www-01.ibm.com/support/docview.wss?uid=swg1PM02614
http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
http://www.ingate.com/Relnote.php?ver=481
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01360.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01418.html
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03405642
http://support.apple.com/kb/HT4004
http://www.gentoo.org/security/en/glsa/glsa-200912-01.xml
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-11-767
Packet Storm: http://packetstormsecurity.org/files/111920/HP-Security-Bulletin-HPSBOV02762-SSRT100825.html
Mail List Post: http://seclists.org/bugtraq/2012/Apr/114
RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2010-0011.html
https://rhn.redhat.com/errata/RHSA-2010-0337.html
https://rhn.redhat.com/errata/RHSA-2010-0338.html
https://rhn.redhat.com/errata/RHSA-2010-0339.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/60521