=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN044
_____________________________________________________________________

DATE                : 08/02/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running GnuTLS versions prior to 3.1.7,
                          3.0.28, 2.12.23.

======================================================================
http://www.gnutls.org/security.html
______________________________________________________________________


 Nadhem Alfardan and Kenny Paterson devised an attack that recovers
some bits of the plaintext of a GnuTLS session that utilizes that CBC
ciphersuites, by using timing information.

In order for the attack to work the client must operate as follows. It
connects to a server, it sends some (encrypted) data that will be
intercepted by the attacker, who will terminate the client's connection
abnormally (i.e. the client will receive a premature termination
error). The client should repeat that, multiple times.


Who is affected by this attack?

    Clients that repeatedly reconnect and transfer the same data, after
a TLS fatal error occurs.


How to mitigate the attack?

    Do not enable the CBC ciphersuites, prefer ARCFOUR or GCM modes.
    Upgrade to the latest GnuTLS version (3.1.7, 3.0.28, or 2.12.23).

Write-up by Nikos
*****
http://nikmav.blogspot.be/2013/02/time-is-money-for-cbc-ciphersuites.html

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================