Bug 2255386 (CVE-2024-0057)

Summary: CVE-2024-0057 dotnet: X509 Certificates - Validation Bypass across Azure
Product: [Other] Security Response Reporter: Patrick Del Bello <pdelbell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: andrew.slice, bodavis, dbhole, omajid, saroy, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: .NET SDK 6.0.126 and .NET Runtime 6.0.26 and .NET SDK 7.0.115 and .NET Runtime 7.0.15 Doc Type: If docs needed, set a value
Doc Text:
A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggering a bug in the framework. The framework will correctly report that X.509 chain building failed, but it will return an incorrect reason code for the failure. Applications which utilize this reason code to make their own chain building trust decisions may inadvertently treat this scenario as a successful chain build. This could allow an adversary to subvert the app's typical authentication logic.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2255393, 2257557, 2257558, 2257559    
Bug Blocks: 2255383    

Description Patrick Del Bello 2023-12-20 14:07:47 UTC 
A vulnerability was found in .NET Kestrel where a Denial of Service with Client Certificates is possible.
Comment 3 Sandipan Roy 2024-01-10 03:53:53 UTC 
Created dotnet6.0 tracking bugs for this issue:

Affects: fedora-all [bug 2257557]


Created dotnet7.0 tracking bugs for this issue:

Affects: fedora-all [bug 2257558]


Created dotnet8.0 tracking bugs for this issue:

Affects: fedora-all [bug 2257559]
Comment 4 errata-xmlrpc 2024-01-10 15:37:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0151 https://access.redhat.com/errata/RHSA-2024:0151
Comment 5 errata-xmlrpc 2024-01-10 15:37:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0152 https://access.redhat.com/errata/RHSA-2024:0152
Comment 6 errata-xmlrpc 2024-01-10 15:37:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0150 https://access.redhat.com/errata/RHSA-2024:0150
Comment 7 errata-xmlrpc 2024-01-10 18:15:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0156 https://access.redhat.com/errata/RHSA-2024:0156
Comment 8 errata-xmlrpc 2024-01-10 18:31:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0158 https://access.redhat.com/errata/RHSA-2024:0158
Comment 9 errata-xmlrpc 2024-01-10 18:32:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0157 https://access.redhat.com/errata/RHSA-2024:0157
Comment 10 errata-xmlrpc 2024-01-15 15:58:03 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2024:0255 https://access.redhat.com/errata/RHSA-2024:0255