Bug 1091156 (CVE-2014-2734)

Summary: CVE-2014-2734 ruby: SSL signature spoofing flaw
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, bgollahe, bkabrda, bkearney, bleanhar, carnil, ccoleman, chrisw, dallan, dmcphers, drieden, gkotton, jbpapp-maint, jdetiber, jialiu, jkeck, jkurik, jomara, jstribny, katello-bugs, kseifried, lhh, lmeyer, markmc, mgoldman, mmaslano, mmorsi, mtasaka, rbryant, rhos-maint, sclewis, soa-p-jira, s, tagoh, tkramer, vanmeeuwen+fedora, vondruch, weli, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-04-25 11:01:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: Embargoed1091157    

Description Vincent Danen 2014-04-25 04:25:24 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-2734 to
the following vulnerability:

Name: CVE-2014-2734
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2734
Assigned: 20140408
Reference: FULLDISC:20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC
Reference: http://seclists.org/fulldisclosure/2014/Apr/231
Reference: http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html
Reference: https://gist.github.com/10446549

The openssl extension in Ruby 2.x does not properly maintain the state
of process memory after a file is reopened, which allows remote
attackers to spoof signatures within the context of a Ruby script that
attempts signature verification after performing a certain sequence of
filesystem operations.
Comment 1 Tomas Hoger 2014-04-25 11:01:18 UTC 
There is not real information about what problem CVE-2014-2734 is actually supposed to identify.  The information that was posted to the Full Disclosure mailing list is vague, and the PoC code is obfuscated.

There were some attempts to de-obfuscate the PoC, see this Ycombinator discussion:
https://news.ycombinator.com/item?id=7601973

Adrien Thebo reduced the PoC to:

  #!/usr/bin/env ruby

  require 'openssl'

  key = OpenSSL::PKey::RSA.new(2048)
  ca_cert = OpenSSL::X509::Certificate.new(File.read("ca.pem"))

  puts "before we sign the cert: #{ca_cert.verify(key)}"
  ca_cert.sign(key, OpenSSL::Digest::SHA1.new)
  puts "after we sign the cert: #{ca_cert.verify(key)}"

This version, along with full history of changes from the original PoC, can be found in his github repository:
https://github.com/adrienthebo/cve-2014-2734/
https://github.com/adrienthebo/cve-2014-2734/commits/

The above script does the following:
- generates new RSA key
- loads existing (CA) certificate from file
- checks that the certificate was not signed by the new key
- re-signs the certificate with the new key
- verifies that the certificate is now signed by the new key

Reporting 'true' at the end is intended behavior and not a bug nor security issue.  File system operations, as mentioned in the CVE description and initial report, do not make a difference.

Note that Ruby openssl module is currently rather under-documented.  OpenSSL::X509::Certificate's sign method does not have any documentation other than the example on how to create certificates.
http://www.ruby-doc.org/stdlib-2.1.1/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html

Unless there's further clarification posted by the reporter, it seems this CVE should be considered invalid.
Comment 3 Tomas Hoger 2014-05-12 06:08:27 UTC 
Ruby upstream has also disputed this CVE.

External References:

https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/