How Palo Alto Networks Identifies GnuTLS Server Hello Session ID Heap Buffer Over Without Decryption

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How Palo Alto Networks Identifies GnuTLS Server Hello Session ID Heap Buffer Over Without Decryption

L1 Bithead

HI All,

 

We detected Vulnerability: 36926 ID- GnuTLS Server Hello Session ID Heap Buffer Overflow in Palo Alto firewall.  In our cutomers Firewall enviroment we not enable the SSL Descryption Feature.

 

Customers Queries us.. How and Why Palo Alto able detect the Vulnerability threat without the SSL?

 

Can Any one assist us on this?

 

 

1 REPLY 1

L0 Member

This is due to the fact that the firewall, or anyone capturing the stream for that matter, can see the start of the server/client session exchange which is still unencrypted.

Looking at the vulnerability "GnuTLS Server Hello Session", the firewall detected something in the server hello. This is the part of an SSL stream where the server and client are still deciding on the way they are going to encrypt the actual session.

  • 4399 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!