For those who want to see the NSS patch that fixes this vulnerability, see http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=ssl3con.c&root=/cvsroot&subdir=mozilla/security/nss/lib/ssl&command=DIFF_FRAMESET&rev1=1.47&rev2=1.48 The crucial part is the removal of the block of code at the label "bad_pad:", forcing the code to compute the MAC even when bad padding is detected.
This attack exploits a flaw in the servers, not a flaw in the clients.
The fix has to go into the servers. The fix has been applied to mozilla
(and will be in mozilla 1.3) but users will still be vulnerable when doing
IMAPS to a flawed server. Until their servers are fixed, users of flawed
IMAPS servers and flawed https servers that use "basic authentication" can greatly reduce their potential vulnerability by disabling TLS (not SSL 3.0),
and can eliminate it by disabling all cipher suites except those that use RC4.
That prevents the flawed server code from being used. Note that users of
any configurable https or IMAPS client can do this, not just mozilla users.
-- Nelson B (on vacation until March 12) Disclaimer: Views expressed here are solely mine, not those of Netscape, AOL or mozilla.org.
