Merge pull request #788 from sdann/mysql_ccs_injection

Fix CCS Injection detection for MySQL (yaSSL)
This commit is contained in:
Dirk Wetter 2017-07-19 18:37:51 +02:00 committed by GitHub
commit fc7a89e659
1 changed files with 6 additions and 1 deletions

View File

@ -9186,7 +9186,7 @@ run_ccs_injection(){
fi fi
ret=0 ret=0
elif [[ "$byte6" == "15" ]] && [[ "${tls_hello_ascii:0:4}" == "1503" ]]; then elif [[ "$byte6" == "15" ]] && [[ "${tls_hello_ascii:0:4}" == "1503" ]]; then
# decyption failed received # decryption failed received
pr_svrty_critical "VULNERABLE (NOT ok)" pr_svrty_critical "VULNERABLE (NOT ok)"
fileout "ccs" "CRITICAL" "CCS: VULNERABLE" "$cve" "$cwe" "$hint" fileout "ccs" "CRITICAL" "CCS: VULNERABLE" "$cve" "$cwe" "$hint"
ret=1 ret=1
@ -9198,6 +9198,11 @@ run_ccs_injection(){
out " - alert description type: $byte6" out " - alert description type: $byte6"
fileout "ccs" "WARN" "CCS: probably not vulnerable but received 0x${byte6} instead of 0x15" "$cve" "$cwe" "$hint" fileout "ccs" "WARN" "CCS: probably not vulnerable but received 0x${byte6} instead of 0x15" "$cve" "$cwe" "$hint"
fi fi
elif [[ $STARTTLS_PROTOCOL == "mysql" ]] && [[ "${tls_hello_ascii:14:12}" == "233038533031" ]]; then
# MySQL community edition (yaSSL) returns a MySQL error instead of a TLS Alert
# Error: #08S01 Bad handshake
pr_done_best "not vulnerable (OK)"
fileout "ccs" "OK" "CCS: not vulnerable" "$cve" "$cwe"
elif [[ "$byte6" == [0-9a-f][0-9a-f] ]] && [[ "${tls_hello_ascii:2:2}" != "03" ]]; then elif [[ "$byte6" == [0-9a-f][0-9a-f] ]] && [[ "${tls_hello_ascii:2:2}" != "03" ]]; then
pr_warning "test failed" pr_warning "test failed"
out ", probably read buffer too small (${tls_hello_ascii:0:14})" out ", probably read buffer too small (${tls_hello_ascii:0:14})"