Sun Java Secure Socket Extension (JSSE) SSL/TLS handshake denial of service

sun-jsse-ssltls-dos (35333)

Low Risk

Description:

The Sun Java Secure Socket Extension (JSSE) is vulnerable to a denial of service, caused by improper processing of SSL/TLS handshake requests. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to crash a vulnerable system that uses JSSE to listen for SSL/TLS connections.

Platforms Affected:

• BEA, JRockit R27.3.1
• Cisco, Unified CallManager 5.1
• Cisco, Unified CallManager 6.0
• Cisco, Unified Presence Server 6.0
• Gentoo, Linux
• HP, HP-UX B.11.11
• HP, HP-UX B.11.23
• HP, HP-UX B.11.31
• HP, OpenView Operations 7.1
• HP, OpenView Operations 8.0
• Novell, Linux POS 9
• Novell, Open Enterprise Server
• Novell, SLE SDK 10 SP1
• Novell, SUSE Linux Enterprise Desktop 10 SP1
• Novell, SUSE Linux Enterprise Server 10
• Novell, SUSE Linux Enterprise Server 10 SP1
• RedHat, RHEL Desktop Supplementary 5 Client
• RedHat, RHEL Extras 3
• RedHat, RHEL Extras 4
• RedHat, RHEL Supplementary 5 Server
• Sun, JDK 1.5.0 Update10
• Sun, JDK 1.5.0 Update11
• Sun, JDK 1.5.0 Update8
• Sun, JDK 1.5.0 Update7
• Sun, JDK 1.5.0 Update9
• Sun, JDK 1.6.0 Update1
• Sun, JDK 1.6.0
• Sun, JRE 1.4.2 Update11
• Sun, JRE 1.4.2 Update14
• Sun, JRE 1.4.2 Update12
• Sun, JRE 1.4.2 Update13
• Sun, JRE 1.5.0 Update11
• Sun, JRE 1.5.0 Update10
• Sun, JRE 1.5.0 Update9
• Sun, JRE 1.5.0 Update8
• Sun, JRE 1.5.0 Update7
• Sun, JRE 1.6.0 Update1
• Sun, JRE 1.6.0
• Sun, SDK 1.4.2_11
• Sun, SDK 1.4.2_12
• Sun, SDK 1.4.2_13
• Sun, SDK 1.4.2_14
• SuSE, SLE SDK 10
• SuSE, SuSE SLES 9

Remedy:

Refer to Sun Alert ID: 102997 for patch, upgrade, or suggested workaround information. See References.

For Cisco:
Refer to cisco-sr-20070725-jsse for patch, upgrade, or suggested workaround information. See References.

For BEA Jrockit:
Refer to BEA07-178.00 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (BEA JRockit):
Refer to GLSA 200709-15 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Denial of Service

References:

• Apple Web site, About the security content of Java Release 6 for Mac OS X 10.4 at http://docs.info.apple.com/article.html?artnum=307177.
• BEA07-178.00, Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition at https://support.bea.com/application_content/product_portlets/securityadvisories/249.html.
• BugTraq Mailing List, Wed Nov 14 2007 - 10:33:29 CST, [security bulletin] HPSBMA02288 SSRT071465 rev.1 - HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) at http://archives.neohapsis.com/archives/bugtraq/2007-11/0202.html.
• cisco-sr-20070725-jsse, Cisco Security Response: Vulnerability in Java Secure Socket Extension at http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml.
• Sun Alert ID: 102997, Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1.
• ASA-2007-317: Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition (Sun 
• ASA-2007-336: java-1.5.0-sun security update (RHSA-2007-0818)
• ASA-2007-465: java-1.5.0-bea security update (RHSA-2007-0956)
• ASA-2008-116: java-1.4.2-bea security update (RHSA-2008-0100)
• BID-24846: Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
• CVE-2007-3698: The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.
• FrSIRT/ADV-2007-2495: Sun Java Secure Socket Extension SSL/TLS Handshake Denial of Service Issue
• FrSIRT/ADV-2007-2660: Cisco Unified Call Manager Sun JSSE SSL/TLS Handshake Denial of Service Issue
• FrSIRT/ADV-2007-3009: BEA JRockit Multiple Remote Code Execution and Security Bypass Issues
• FrSIRT/ADV-2007-3861: HP OpenView Operations Java Security Bypass and Denial of Service
• FrSIRT/ADV-2007-4224: Apple Security Update Fixes Multiple Java for Mac OS X Vulnerabilities
• GLSA-200709-15: BEA JRockit: Multiple vulnerabilities
• RHSA-2007-0818: Critical: java-1.5.0-sun security update
• RHSA-2007-0956: Moderate: java-1.5.0-bea security update
• RHSA-2007-1086: Moderate: java-1.4.2-bea security update
• RHSA-2008-0100: Moderate: java-1.4.2-bea security update
• RHSA-2008-0132: Critical: java-1.4.2-ibm security update
• SA26015: Java JRE/JDK JSSE DoS and Untrusted Applets Network Security Bypass
• SA26221: Cisco Products Java Secure Socket Extension SSL/TLS Request Denial of Service
• SA26631: BEA JRockit Multiple Vulnerabilities
• SA27635: HP OpenView Operations Java JRE/JDK JSSE DoS and Security Bypass
• SA28115: Mac OS X Java Multiple Vulnerabilities
• SECTRACK ID: 1018357: Java Secure Socket Extension (JSSE) SSL/TLS Handshake Bug Lets Remote Users Deny Service
• SUSE-SA:2008:025: IBM Java security update

Reported:

Jul 10, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page