Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal...

Michael Meyer mime at gmx.de
Wed Feb 17 20:51:12 CET 2010


*** Simon Josefsson <simon at josefsson.org> wrote:
> Michael Meyer <mime at gmx.de> writes:
 
> Identifying that with confidence requires access to the server to look
> at the actual server system.  Looking at logs and/or the binaries may
> help.

There is a trial version available at
http://www.oracle.com/technology/software/products/ias/htdocs/wls_main.html

I have Oracle WebLogic Server 10.3 (also the trial version) running under a
Microsoft Windows XP.

> I don't think defaulting to insecure mode is a good idea.  

[...]

> Using GnuTLS in known insecure modes just because there are broken
> servers out there doesn't seem like a good idea. Then you might as well
> not use TLS at all, and just use TCP?

Let me explain.

OpenVAS stands for Open Vulnerability Assessment System and is a
network security scanner. OpenVAS is a GPL fork of Nessus.

I try to write a plugin for 
http://www.securityfocus.com/bid/37926

Normaly this is very simple. See
http://intevydis.blogspot.com/2010/01/oracle-weblogic-1032-node-manager-fun.html

For that a SSL connection is required.

in NASL (Nessus Attack Scripting Language) it would look like (simplified):

,---|
| port = 5556;
| soc = open_sock_tcp(port, transport: ENCAPS_SSLv3); # or ENCAPS_SSLv23, ENCAPS_TLSv1
|
| if(!soc) {
|   display("NO SOCKET\n\n");
| } else {
|   display("SOCKET OK\n\n");
|   send(socket:soc, data: string("HELLO asdf\r\n"));
|   buf = recv(socket:soc, length: 512);
|   display("\n",buf,"\n\n");
|   close(soc);
| }
`---|

Result should be "+OK Node manager v10.3 started". I got always "NO
SOCKET". With any kind of "transport". GnuTLS error at this point is:
"A TLS fatal alert has been received".

At this point, it's a problem, if GnuTLS (rather the NASL function
open_sock_tcp() which is using GnuTLS) cant't connect to the remote
service because of some problems (e.g. broken certificate, insecure
cipher, ...) on the remote side. It means that I can not recognize the
vulnerability. That's bad. ;)

That's why i need - whenever humanly possible - a succesfull
connection. In this case I'm not interested whether the connection is
really secure.

Micha






More information about the Gnutls-help mailing list