How Palo Alto Networks Identifies GnuTLS Server Hello Session ID Heap Buffer Over Without Decryption

Reply
Highlighted
L1 Bithead

How Palo Alto Networks Identifies GnuTLS Server Hello Session ID Heap Buffer Over Without Decryption

HI All,

 

We detected Vulnerability: 36926 ID- GnuTLS Server Hello Session ID Heap Buffer Overflow in Palo Alto firewall.  In our cutomers Firewall enviroment we not enable the SSL Descryption Feature.

 

Customers Queries us.. How and Why Palo Alto able detect the Vulnerability threat without the SSL?

 

Can Any one assist us on this?

 

 

Highlighted
L0 Member

This is due to the fact that the firewall, or anyone capturing the stream for that matter, can see the start of the server/client session exchange which is still unencrypted.

Looking at the vulnerability "GnuTLS Server Hello Session", the firewall detected something in the server hello. This is the part of an SSL stream where the server and client are still deciding on the way they are going to encrypt the actual session.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!