Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 17 Mar 2015 13:24:31 -0400 (EDT)
Subject: Re: Mono TLS vulnerabilities

Hash: SHA1

> A TLS impersonation attack was discovered in Mono's TLS stack by
> researchers at Inria. During checks on our TLS stack, we have
> discovered two further issues which we have fixed - SSLv2 support, and
> vulnerability to FREAK. These vulnerabilities affect basically every
> Mono version ever released.
> All three issues should be addressed in the following patches:
> These patches should apply to all Mono versions from 3.4.0 or so
> onwards. The EXPORT cipher removal patch requires slight modification
> in order to apply to Mono releases prior to 3.x -
> should work for
> these users. The Impersonation patch requires slight modification to
> apply to Mono releases prior to 3.4 -
> should work

As far as we can tell, this can be interpreted as a request for CVE
IDs for vulnerabilities in Mono, which has its own independent SSL/TLS

The message is about three patches, but the patches are mentioned with
inconsistent terminology. What we think was meant is:

The commit message says "TLS protocol: add handshake state validation"
but this is also referenced as "The Impersonation patch" and "A TLS
impersonation attack was discovered in Mono's TLS stack by researchers
at Inria." Although there isn't a description of what impersonation
vulnerability existed, almost certainly it is "SKIP-TLS ... Mono:
default TLS library vulnerable to client impersonation. Version 3.12.1
prevents the attack" as listed on the web

The commit message says "Remove the EXPORT ciphers and related code
path" - this directly matches "The EXPORT cipher removal patch" but it
is apparently also referenced as "FREAK patch" and "vulnerability to
FREAK." (It is conceivable that
1509226c41d74194c146deb173e752b8d3cdeec4 would also be applicable to
FREAK attacks.)

The commit message says "Remove the client-side SSLv2 fallback," which
apparently matches both "SSLv2 support" and "SSLv2 patch." MITRE does
currently accept reports from authors of SSL/TLS code who want to
characterize their own SSLv2 support, after a recent drop of support,
as a vulnerability (i.e., "These vulnerabilities affect ..." in together with

Use CVE-2015-2318 for the SKIP-TLS issue in

Use CVE-2015-2319 for the FREAK issue in

Use CVE-2015-2320 for b371da6b2d68b4cdd0f21d6342af6c42794f998b.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]
Version: GnuPG v1.4.14 (SunOS)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.