Bug 497983 (CVE-2009-1417)

Summary: CVE-2009-1417 gnutls: certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3]
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: berrange, jorton, mjc, rjones, tmraz, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-11 08:14:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 504791    
Bug Blocks:    
Attachments:
Description Flags
Upstream patch none

Description Tomas Hoger 2009-04-28 08:59:13 UTC 
GnuTLS upstream reports:

  Romain Francoise reported that gnutls-cli does not check the
  activation and expiration dates of X.509 certificates.  This is
  assumed to apply to all versions of gnutls-cli.

Further upstream investigation of the problem showed that other applications using GnuTLS library may be affected by the similar problem, as GnuTLS' gnutls_certificate_verify_peers* functions do not check activation / expiration times on certificates.  Such check was expected to be done by the applications using GnuTLS library.

This decision was now re-considered upstream and activation / expiration time checks are being added to _gnutls_x509_verify_certificate in the GnuTLS library, instead of only being added to gnutls-cli.  Applications not wanting this time verification should explicitly disable it by using newly introduced GNUTLS_VERIFY_DISABLE_TIME_CHECKS verification flag.  While this code introduces a change, which is not backwards compatible, upstream believes this should not negatively impact existing code.
Comment 1 Tomas Hoger 2009-04-28 09:01:26 UTC 
Created attachment 341539 [details]
Upstream patch
Comment 2 Tomas Hoger 2009-04-28 09:06:01 UTC 
For testing purposes, upstream has set up few testing URLs with expired certificates:

https://expired.demo.gnutls.org/
- Expired server certificate

https://expired-subca.demo.gnutls.org/
- Expire intermediate certificate, server return intermediate CA

https://expired-subca2.demo.gnutls.org/
- Expire intermediate certificate server does not return intermediate CA

Can be tested using: gnutls-cli expired.demo.gnutls.org
Comment 5 Tomas Hoger 2009-04-30 09:28:49 UTC 
GnuTLS is shipped in Red Hat Enterprise Linux 4 and 5.  Applications using GnuTLS' certificate verification (libsoup, libvirt, gtk-vnc) already perform activation / expiration date checks.  gnutls-cli command line tool is affected by this problem.

The impact of this flaw is limited (besides having expired certificate, attacker would need to have associated private key as well and trick user to connect to spoofed SSL/TLS server), and the fix introduces backwards incompatible change.  Future updates of gnutls packages in Red Hat Enterprise Linux 4 and 5 may include this change.
Comment 6 Tomas Hoger 2009-04-30 12:36:08 UTC 
Public now via upstream security advisory:
  http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517

Fix included in upstream version 2.6.6:
  http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514
Comment 8 Joe Orton 2009-04-30 13:17:21 UTC 
gnutls-cli is documented as a "test program" so I'd struggle to call this a  security issue there.
Comment 9 Vincent Danen 2009-05-01 16:54:31 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1417 to
the following vulnerability:

Name: CVE-2009-1417
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417
Assigned: 20090424
Reference: MLIST:[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]
Reference: URL: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
Reference: SECUNIA:34842
Reference: URL: http://secunia.com/advisories/34842

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and
expiration times of X.509 certificates, which allows remote attackers
to successfully present a certificate that is (1) not yet valid or (2)
no longer valid, related to lack of time checks in the
_gnutls_x509_verify_certificate function in lib/x509/verify.c in
libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
Comment 10 Tomas Hoger 2009-08-11 08:14:57 UTC 
This was further discussed internally and it was decided not to backport this change to Red Hat Enterprise Linux 4 and 5.  This fix changes documented behaviour, possibly creating a regression for applications that performed all required checks previously (they will no longer report expired / not yet active certificates correctly, rather use generic SSL verification error).  Given the low impact of the flaw and the API-breaking nature of the fix, we do not plan to fix this flaw in already released product versions.  Future versions containing newer upstream GnuTLS versions will include this fix.