Bug 979251 (CVE-2013-4073)

Summary: CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, apevec, athomas, bkearney, bleanhar, cbillett, ccoleman, chazlett, chrisw, dallan, dmcphers, drieden, gkotton, hhorak, jialiu, jlieskov, jokerman, jorton, katello-bugs, lhh, lmeyer, lpeer, markmc, mburns, mmaslano, mmccomas, mmcgrath, msuchy, mtasaka, nobody+bgollahe, rbryant, sclewis, soa-p-jira, srevivo, s, tagoh, tomckay, vanmeeuwen+fedora, vondruch, weli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ruby 2.0.0-p247, ruby 1.9.3-p448, ruby 1.8.7-p374 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-20 10:39:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 979295, 979297, 979298, 979300, 979301, 979303, 979304, 979306, 979308, 979309, 979311, 979488, 980735, 1165377    
Bug Blocks: 979252, 980709, 1119605    

Description Vincent Danen 2013-06-28 04:50:37 UTC 
Ruby’s SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes.

OpenSSL::SSL.verify_certificate_identity implements RFC2818 Server Identity check for Ruby’s SSL client but it does not properly handle hostnames in the subjectAltName X509 extension that contain null bytes.

Existing code in lib/openssl/ssl.rb uses OpenSSL::X509::Extension#value for extracting identity from subjectAltName. Extension#value depends OpenSSL function X509V3_EXT_print() and for dNSName of subjectAltName it utilizes sprintf() that is known as null byte unsafe. As the result Extension#value returns ‘www.ruby-lang.org’ if the subjectAltName is ‘www.ruby-lang.org\0.example.com’ and OpenSSL::SSL.verify_certificate_identity wrongly identifies the certificate is for ‘www.ruby-lang.org’.

When a CA a SSL client trusts allows to issue the server certificate that has null byte in subjectAltName, remote attackers can obtain the certificate for ‘www.ruby-lang.org\0.example.com’ from the CA to spoof ‘www.ruby-lang.org’ and do man-in-the-middle between Ruby’s SSL client and SSL servers.


External References:

http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
Comment 1 Vincent Danen 2013-06-28 04:56:22 UTC 
This is corrected in upstream versions 2.0.0-p247, 1.9.3-p448 and 1.8.7-p374.
Comment 2 Kurt Seifried 2013-06-28 07:53:23 UTC 
Created ruby tracking bugs for this issue:

Affects: fedora-all [bug 979295]
Comment 9 Kurt Seifried 2013-06-28 08:04:41 UTC 
Created jruby tracking bugs for this issue:

Affects: fedora-all [bug 979309]
Comment 14 Vít Ondruch 2013-07-01 07:08:54 UTC 
There might be regression introduced by fix for this CVE: https://bugs.ruby-lang.org/issues/8575
Comment 16 Vít Ondruch 2013-07-08 09:01:28 UTC 
(In reply to Vít Ondruch from comment #14)
> There might be regression introduced by fix for this CVE:
> https://bugs.ruby-lang.org/issues/8575

The regression has been confirmed and the fix applied into SCM:

https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/41805
Comment 20 errata-xmlrpc 2013-07-17 19:23:29 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:1090 https://rhn.redhat.com/errata/RHSA-2013-1090.html
Comment 21 errata-xmlrpc 2013-07-23 17:52:17 UTC 
This issue has been addressed in following products:

  OpenStack 3 for RHEL 6

Via RHSA-2013:1103 https://rhn.redhat.com/errata/RHSA-2013-1103.html
Comment 23 errata-xmlrpc 2013-08-05 16:05:18 UTC 
This issue has been addressed in following products:

  RHEL 6 Version of OpenShift Enterprise 1.2

Via RHSA-2013:1137 https://rhn.redhat.com/errata/RHSA-2013-1137.html