SA142 : Invalid TCP Packet Generation DoS in SSL Visibility

SSL Visibility Appliance Software

0 more products

1402

04 May 2021

07 April 2017

CLOSED

MEDIUM

CVSS v2: 5.0

SUMMARY

 

The SSL Visibility appliance may, under certain circumstances, generate invalid TCP reset (RST) packets to remote SSL servers when terminating an intercepted SSL connection. Some SSL servers may ignore the invalid RST packet received and keep the TCP connection open.  A malicious SSL client, under certain circumstances, can exploit this vulnerability to cause TCP connection pool exhaustion at the SSL server, resulting in denial of service.  The SSL Visibility appliance is not impacted because it correctly releases its TCP connection state.

AFFECTED PRODUCTS

 

SSL Visibility (SSLV)
CVE Affected Version(s) Remediation
All CVEs 4.0 and later Not vulnerable
3.12 Not vulnerable, fixed in 3.12.1.1.
3.11 Upgrade to 3.11.3.1.
3.10 Upgrade to 3.10.4.1.
3.9 Upgrade to later release with fixes.
3.8.4FC Upgrade to later release with fixes.

 

ISSUES

 

CVE-2016-10259
Severity / CVSSv2 Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
References SecurityFocus: BID 97525 / NVD: CVE-2016-10259
Impact Denial of service
Description SSLV may, under certain circumstances, generate invalid TCP RST packets when terminating an intercepted SSL connection.  Some SSL servers may fail to validate the invalid TCP RST packet, ignore it, and keep the TCP connection open.  A malicious SSL client, under certain circumstances, can exploit this vulnerability to create a large number of open TCP connections on the SSL server and cause denial of service through TCP connection pool exhaustion.  The SSL Visibility appliance is not impacted because it correctly releases its TCP connection state.

 

ACKNOWLEDGEMENTS

 

Thanks to the NTT-ME Corporation Security Team for reporting the vulnerability via JPCERT/CC.

REFERENCES

 

JPCERT/CC JVN#91438377 - https://jvn.jp/en/jp/JVN91438377/

REVISION

 

2018-02-23 SA status moved to Final.
2018-02-22 A fix for SSLV 3.10 is available in 3.10.4.1.
2017-11-15 SSLV 3.12 is not vulnerable because a fix is available in 3.12.1.1.
2017-08-02 SSLV 4.1 is not vulnerable.
2017-05-24 Added reference to JPCERT/CC JVN#91438377.
2017-04-07 initial public release