From owner-freebsd-security@FreeBSD.ORG  Thu Oct 25 13:22:18 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 5A7D621D;
 Thu, 25 Oct 2012 13:22:18 +0000 (UTC)
 (envelope-from wxs@atarininja.org)
Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.49.45])
 by mx1.freebsd.org (Postfix) with ESMTP id 140668FC0A;
 Thu, 25 Oct 2012 13:22:14 +0000 (UTC)
Received: by syn.atarininja.org (Postfix, from userid 1001)
 id EF11F5C34; Thu, 25 Oct 2012 09:22:13 -0400 (EDT)
Date: Thu, 25 Oct 2012 09:22:13 -0400
From: Wesley Shields <wxs@FreeBSD.org>
To: freebsd-security@FreeBSD.org
Subject: [HEADS UP]: CVE-2012-4929 (CRIME)
Message-ID: <20121025132213.GA74946@atarininja.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-ports@FreeBSD.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2012 13:22:18 -0000

I think there is nothing FreeBSD can do about this besides making sure
our users are aware of it. The situation in which this is a problem is
specific but one you should consider if you are using TLS with
compression.

TLS 1.2 and earlier are vulnerable to an attack commonly known as CRIME.
The attack involves TLS sessions using compression where an attacker is
able to inject known plaintext into the stream. Through a series of
guesses and measuring the length of the encrypted text an attacker is
able to determine the plaintext.

The recommended workaround for now is to disable compression on servers
where this may have an impact. As this is a flaw in a protocol and no
one specific implementation please consult the documentation for any
affected services to determine how to turn off TLS compression.

More information is available at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929

-- WXS