Bug 1065092 (CVE-2014-1959)

Summary: CVE-2014-1959 gnutls: incorrect handling of V1 intermediate certificates (GNUTLS-SA-2014-1)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ametzler, erik-fedora, hkario, jkurik, jorton, ktietz, mike, nmavrogi, pfrields, rjones, seceng-idm-qe-list, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gnutls 3.1.21, gnutls 3.2.11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-03 10:11:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1065094, 1065095, 1065096, 1066849    
Bug Blocks: 1065093    

Description Vincent Danen 2014-02-13 22:14:49 UTC 
It was reported [1] that a version 1 intermediate certificate would be considered as a CA certificate by GnuTLS by default.  This certificate verification behaviour deviates from the documented behaviour.

Upstream notes that this only affects individuals or organizations who have a CA that issues X.509 version 1 certificates in their trusted list.

This has been fixed upstream [2] in version 3.1.21 and 3.2.11.

At a quick look at the code of GnuTLS 2.8.5, it is affected.  1.4.1 looks affected to me as well.


[1] http://www.gnutls.org/security.html
[2] https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d18
Comment 1 Vincent Danen 2014-02-13 22:21:52 UTC 
Created mingw-gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1065096]
Comment 2 Vincent Danen 2014-02-13 22:21:55 UTC 
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1065094]
Comment 3 Vincent Danen 2014-02-13 22:21:57 UTC 
Created mingw32-gnutls tracking bugs for this issue:

Affects: epel-5 [bug 1065095]
Comment 4 Nikos Mavrogiannopoulos 2014-02-14 08:33:10 UTC 
(In reply to Vincent Danen from comment #0)
> At a quick look at the code of GnuTLS 2.8.5, it is affected.  1.4.1 looks
> affected to me as well.

The issue was introduced when v1 root certificates were allowed by default (2.11.5). Thus gnutls 2.8.5 or earlier are not affected since they do not allow X.509 v1 certificates by default.
Comment 5 Tomas Hoger 2014-02-14 13:19:26 UTC 
Nikos, do you have any certificates that can easily be used to test this?  Possibly something in the upstream test suite you'd recommend looking at?
Comment 6 Nikos Mavrogiannopoulos 2014-02-15 14:41:19 UTC 
I use the chain:
https://gitorious.org/gnutls/gnutls/source/bd4ba0556de1120adfa1ce10caaeeaead49b323a:tests/chainverify.c#L52

It is a list of 3 certificates with a CA of version 1 as intermediate.
Comment 7 Fedora Update System 2014-02-17 21:09:13 UTC 
gnutls-3.1.20-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2014-02-22 00:53:10 UTC 
gnutls-3.1.20-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2014-02-24 12:28:46 UTC 
mingw-gnutls-3.1.21-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2014-02-24 12:35:54 UTC 
mingw-gnutls-3.1.21-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Tomas Hoger 2014-03-03 10:11:35 UTC 
As mentioned in comment 11, this problem was introduced in upstream version 2.11.5.  Therefore this did not affect gnutls packages as shipped with Red Hat Enterprise Linux 5 and 6.

However, GnuTLS versions before 2.7.6 contained a different bug that had similar effect of making GnuTLS accept version 1 certificates as valid intermediate CA certificates when using default verification flags.  That issue was assigned a different id CVE-2009-5138 and is tracked via bug 1069301.

Statement:

Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 5 and 6.