GnuTLS TLS Session Renegotiation Plaintext Injection Vulnerability

Secunia ID	SA37292
CVE-ID	CVE-2009-3555
Release Date	06 Nov 2009
Criticality	Less Critical
Solution Status	Unpatched
Software	GnuTLS 2.x
Where	From remote
Impact	Manipulation of data This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access. The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries.
Description	A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an error in the TLS protocol while handling session renegotiations. This can be exploited to insert arbitrary plaintext before data sent by a legitimate client in an existing TLS session, via Man-in-the-Middle (MitM) attacks. This is related to: SA37291
Solution	Do not rely on the integrity of incoming TLS data in environments allowing session renegotiation.
Reported by	Independently discovered by Marsh Ray of PhoneFactor and Martin Rex.
Original Advisory	PhoneFactor: http://extendedsubset.com/?p=8 Martin Rex: http://www.ietf.org/mail-archive/web/tls/current/msg03928.html http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html