Vulnerabilities > CVE-2014-8627 - Cryptographic Issues vulnerability in Polarssl 1.3.8
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-14912.NASL description - Update to 1.2.12 - CVE-2014-8628 (#1159845) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-11-24 plugin id 79395 published 2014-11-24 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79395 title Fedora 19 : polarssl-1.2.12-1.fc19 (2014-14912) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-14912. # include("compat.inc"); if (description) { script_id(79395); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-8627", "CVE-2014-8628"); script_bugtraq_id(70902, 70905); script_xref(name:"FEDORA", value:"2014-14912"); script_name(english:"Fedora 19 : polarssl-1.2.12-1.fc19 (2014-14912)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 1.2.12 - CVE-2014-8628 (#1159845) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1159845" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144811.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c963ba20" ); script_set_attribute( attribute:"solution", value:"Update the affected polarssl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:polarssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"polarssl-1.2.12-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "polarssl"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-14898.NASL description - Update to 1.2.12 - CVE-2014-8628 (#1159845) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-11-24 plugin id 79394 published 2014-11-24 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79394 title Fedora 20 : polarssl-1.2.12-1.fc20 (2014-14898) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-14898. # include("compat.inc"); if (description) { script_id(79394); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-8627", "CVE-2014-8628"); script_bugtraq_id(70902, 70905); script_xref(name:"FEDORA", value:"2014-14898"); script_name(english:"Fedora 20 : polarssl-1.2.12-1.fc20 (2014-14898)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 1.2.12 - CVE-2014-8628 (#1159845) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1159845" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144832.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ba04bc1" ); script_set_attribute( attribute:"solution", value:"Update the affected polarssl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:polarssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"polarssl-1.2.12-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "polarssl"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-689.NASL description polarssl was updated to version 1.3.9 to fix two security issues. These security issues were fixed : - Lowest common hash was selected from signature_algorithms extension in TLS 1.2 (CVE-2014-8627). - Remotely-triggerable memory leak when parsing some X.509 certificates (CVE-2014-8628). last seen 2020-06-05 modified 2014-11-20 plugin id 79348 published 2014-11-20 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79348 title openSUSE Security Update : polarssl (openSUSE-SU-2014:1457-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-689. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(79348); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-8627", "CVE-2014-8628"); script_name(english:"openSUSE Security Update : polarssl (openSUSE-SU-2014:1457-1)"); script_summary(english:"Check for the openSUSE-2014-689 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "polarssl was updated to version 1.3.9 to fix two security issues. These security issues were fixed : - Lowest common hash was selected from signature_algorithms extension in TLS 1.2 (CVE-2014-8627). - Remotely-triggerable memory leak when parsing some X.509 certificates (CVE-2014-8628)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=903671" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=903672" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html" ); script_set_attribute( attribute:"solution", value:"Update the affected polarssl packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolarssl7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolarssl7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polarssl-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"libpolarssl7-1.3.9-4.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libpolarssl7-debuginfo-1.3.9-4.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"polarssl-devel-1.3.9-4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpolarssl7 / libpolarssl7-debuginfo / polarssl-devel"); }NASL family General NASL id POLARSSL_CVE-2014-8627.NASL description PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, allowing remote attackers to conduct downgrade attacks. This plugin sends a list of hash algorithms (SHA512, SHA384, SHA256, SHA224, SHA1, and MD5) in descending order, and checks if the server selects MD5. last seen 2020-06-01 modified 2020-06-02 plugin id 80399 published 2015-01-07 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80399 title PolarSSL Weak Signature Algorithm Negotiation code #TRUSTED a63b12c204006332a94c61c2224e273777ee6b31edf738a967c8ccb44ce08fdf64628ba81906666bdc4985ad20eaf27c85d610a43114d978ff2f316582f0e14ccb30f9be94bcaf7bbccead8d07b8482f1dfe0c4389f2784e91b0d87e3da8012b930a31077e35a81d9658b06f62ea093d3ecfab127129c1ab23754a3e7d158dc4ed590e4205185fc30c58dbedf6da51fef8d3849ba475b4f31981ac0fe85370da45c6184ee0e64fbb9fdf736a8e85885b05b124aacd864dec7da5b0a6c4fa8c31006ea8a0a801b3b85b514dee71ce19824ec583f49d4842c091951849486dd745c9dcd4662072d0797587b7cd3f1506dafbc02b7113247ce831212d2f1f917ca8a1f6aa63f56e759bd5b3ade94c5611b027ce1394e2b1512e6d1ac6735b177eb6215531db9076b585c45899ea6b62ae7da1fe21db859c751d7f797464ae42752d4f1bef01af87ed1ffdc979f487fa9fd6c7c48bfdc76ccf24fa0126b2964e3e8a0b8135b62804de128954f500b645f16e61f986c55914d7913a65dd27a3370304fe75e4d4b73b7456e20f982bea01a9b08546f3ff3ce982ae457202f99e8aa74e27fda9da695000c51c4ecab9ee7357eb60c05ff4f84abf11f40c45a1dcfe3f5c6c245c9f1066aa47334432756373a4a08278c4eb2f8177f079d24fb48dd5c2f56b8a60f9b3f552b5b26f5b003b3ba43ba24fc280526004d5deabb30cf22ac07f # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80399); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2014-8627"); script_bugtraq_id(70902); script_name(english:"PolarSSL Weak Signature Algorithm Negotiation"); script_summary(english:"Attempts to negotiate a weak signature algorithm."); script_set_attribute(attribute:"synopsis", value: "The remote TLS server negotiates a weaker signature algorithm."); script_set_attribute(attribute:"description", value: "PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, allowing remote attackers to conduct downgrade attacks. This plugin sends a list of hash algorithms (SHA512, SHA384, SHA256, SHA224, SHA1, and MD5) in descending order, and checks if the server selects MD5."); script_set_attribute(attribute:"see_also", value:"https://tls.mbed.org/tech-updates/releases/polarssl-1.3.9-released"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1159845"); script_set_attribute(attribute:"solution", value: "Use a PolarSSL version other than 1.3.8."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8627"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/22"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/07"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:polarssl:polarssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"General"); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssl_supported_versions.nasl"); script_require_keys("SSL/Supported"); exit(0); } include("byte_func.inc"); include("ftp_func.inc"); include("global_settings.inc"); include("kerberos_func.inc"); include("ldap_func.inc"); include("misc_func.inc"); include("nntp_func.inc"); include("smtp_func.inc"); include("ssl_funcs.inc"); include("telnet2_func.inc"); include("audit.inc"); ## # Negotiate hash algorithm part of SignatureAndHashAlgorithm # # @param port TLS server port # @param sighash client supported list of SignatureAndHashAlgorithms (encoded) # @remark script exits on function failure ## function get_hash_alg(port, sighash) { local_var ec_list, exts, exts_len, i, soc, version; local_var cipher, cipher_desc, cipherspec, cspeclen, chello; local_var data, hellodone, name, rec, shello, skex; local_var alert; # Create a socket for SSL handshake soc = open_sock_ssl(port); if ( ! soc ) exit(1, "Failed to open an SSL socket on port "+port+"."); # We need to include EC extensions because it seems PolarSSL server # will abort the handshake if a EC-based cipher suite is negotiated # but a EC extension is not offered by the client. # # PolarSSL as of 1.3.9 does not seem to support # explicit_prime and explicit_char2 curve types ec_list = make_list( 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28 ); data = ssl_vldata_put(data:sighash, len:2); exts = tls_ext(type:13, data:data) + tls_ext_ec(ec_list) + tls_ext_ec_pt_fmt(); exts_len = mkword(strlen(exts)); # Signature algorithms extension is only available # in TLS version 1.2 version = TLS_12; # Use ciphersuites that do ephemeral key exchange. # This is to force the server to send a ServerKeyExchange # in which DH/EC parameters are signed with negotiated # SignatureAndHashAlgorithms. cipherspec = NULL; foreach cipher (keys(ciphers)) { if(strlen(ciphers[cipher]) == 2 && 'DHE' >< cipher) { cipherspec += ciphers[cipher]; } } cspeclen = mkword(strlen(cipherspec)); # Send ClientHello chello = client_hello(v2hello:FALSE, version: mkword(version), extensions:exts,extensionslen:exts_len, cipherspec : cipherspec, cspeclen : cspeclen ); send(socket:soc, data: chello); hellodone = shello = skex = NULL; i = 0; while (! hellodone) { # Receive a record from the server. data = recv_ssl(socket:soc, timeout:30); if (isnull(data)) break; # ServerHello if(! shello) { shello = ssl_find( blob:data, 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE, 'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_HELLO ); if (shello) { # Check handshake version returned by the server # signtuare_alorithms extension first supported in TLS 1.2 if (shello['handshake_version'] != TLS_12) { close(soc); exit(0, 'The service listening on port ' + port + ' does not support TLS 1.2.'); } name = cipher_name(id:shello['cipher_spec']); cipher_desc = ciphers_desc[name]; if(! cipher_desc) { close(soc); exit(1, 'Failed to get info about the negotiated cipher suite.'); } } else { alert = ssl_find( blob:data, 'content_type', SSL3_CONTENT_TYPE_ALERT ); if(alert) { close(soc); exit(1, 'Alert received from service listening on port '+ port +': level '+ alert['level'] + ', description code ' + alert['description'] + '.'); } } } # Server Key Exchange. if(! skex) { rec = ssl_find( blob:data, 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE, 'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE ); if (rec['data']) { skex = ssl_parse_srv_kex(blob:rec['data'], cipher:cipher_desc, version: version); if(!skex) { close(soc); exit(1, 'Failed to parse ServerKeyExchange received from service listening on port '+ port +'.'); } } } # Server Hello Done. if(! hellodone) { hellodone = ssl_find( blob:data, 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE, 'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_HELLO_DONE ); if(hellodone) break; } # ServerHelloDone not seen after a higher number of TLS records # Something is very wrong if(i++ > 16) break; } close(soc); # Make sure we got a ServerHelloDone if(! hellodone) { exit(1, 'ServerHelloDone not received from service listening on port '+ port +'.'); } # Make sure we got a ServerKeyExchange # Server uses the negotiated SignatureAndHashAlgorithms # to sign the DH parameters if(! skex) { exit(1, 'ServerKeyExchange not received from service listening on port '+ port +'.'); } if(isnull(skex['hash_alg'])) { exit(1, 'Failed to get the hash algorithm in ServerKeyExchange received from service listening on port '+ port +'.'); } return skex['hash_alg']; } # # MAIN # # Get an SSL port port = get_ssl_ports(fork:TRUE); if (isnull(port)) exit(0, "The host does not appear to have any SSL-based services."); # TLS signature extension is first supported in TLS 1.2 # Make sure remote TLS server supports TLS 1.2 # tls12 = FALSE; list = get_kb_list('SSL/Transport/'+port); if(! isnull(list)) { list = make_list(list); foreach encap (list) { if (encap == COMPAT_ENCAPS_TLSv12) { tls12 = TRUE; break; } } } if(! tls12) exit(0, 'The SSL-based service listening on port '+port+' does not appear to support TLS 1.2.'); sighash_sha = raw_string( 6, 1, # sha512/rsa 5, 1, # sha384/rsa 4, 1, # sha256/rsa 3, 1, # sha224/rsa 2, 1, # sha1/rsa 6, 2, # sha512/dsa 5, 2, # sha384/dsa 4, 2, # sha256/dsa 3, 2, # sha224/dsa 2, 2, # sha1/dsa 6, 3, # sha512/ecdsa 5, 3, # sha384/ecdsa 4, 3, # sha256/ecdsa 3, 3, # sha224/ecdsa 2, 3 # sha1/ecdsa ); # Check if server supports any of SHA hash algoritms hash_alg = get_hash_alg(port:port, sighash: sighash_sha); # If so, check if server selects MD5 even higher hash algoirthms are available if(hash_alg) { # SignatureAndHashAlgorithm list is in descending order. # PolarSSL only uses the Hash part to select the SignatureAndHashAlgorithm. # Vulnerable PolarSSL (1.3.8) will select MD5. # Correct TLS implementations will select highest common hash algorithm sighash = raw_string( 6, 1, # sha512/rsa 5, 1, # sha384/rsa 4, 1, # sha256/rsa 3, 1, # sha224/rsa 2, 1, # sha1/rsa 6, 2, # sha512/dsa 5, 2, # sha384/dsa 4, 2, # sha256/dsa 3, 2, # sha224/dsa 2, 2, # sha1/dsa 6, 3, # sha512/ecdsa 5, 3, # sha384/ecdsa 4, 3, # sha256/ecdsa 3, 3, # sha224/ecdsa 2, 3, # sha1/ecdsa 1, 3, # md5/ecdsa 1, 2, # md5/dsa 1, 1 # md5/rsa ); hash_alg = get_hash_alg(port:port, sighash: sighash); # PolarSSL only negotiates the hash algorithm part # in SignatureAndHashAlgorithms. # # Vulnerable server selects the lowest common hash alg (MD5) if(hash_alg == 1) security_warning(port:port); else exit(0, 'The TLS service listening on port ' + port + ' is not affected.'); } # never reached