Bug 1005325 (CVE-2013-4314) - CVE-2013-4314 pyOpenSSL: hostname check bypassing vulnerability
Summary: CVE-2013-4314 pyOpenSSL: hostname check bypassing vulnerability
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-4314
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1005428 1006138
Blocks: 1005327
TreeView+ depends on / blocked
 
Reported: 2013-09-06 16:24 UTC by Vincent Danen
Modified: 2021-02-17 07:22 UTC (History)
28 users (show)

Fixed In Version: pyOpenSSL 0.13.1
Clone Of:
Environment:
Last Closed: 2014-04-24 10:07:22 UTC
Embargoed:

Attachments (Terms of Use)

Description Vincent Danen 2013-09-06 16:24:39 UTC 
The pyOpenSSL module implements hostname identity checks but it did not properly handle hostnames in the certificate that contain null bytes.  In all releases prior to 0.13.1, the string formatting of subjectAltName X509Extension instances incorrectly truncated fields of the name when encountering the null byte.

When a CA than an SSL client trusts issues a server certificate that has a null byte in the subjectAltName, remote attackers can obtain a certifcate for 'www.foo.org\0.example.com' from the CA to spoof 'www.foo.org' and conduct man-in-the-middle attacks between the pyOpenSSL-using client and SSL servers.

[1] https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
Comment 1 Vincent Danen 2013-09-06 22:13:22 UTC 
Created pyOpenSSL tracking bugs for this issue:

Affects: fedora-all [bug 1005428]
Comment 2 Henri Salo 2013-09-07 05:58:02 UTC 
Please use CVE-2013-4314 for this issue.
Comment 3 Vincent Danen 2013-09-08 14:26:46 UTC 
CVE assignment:

http://www.openwall.com/lists/oss-security/2013/09/06/2
Comment 5 Huzaifa S. Sidhpurwala 2013-09-10 06:15:41 UTC 
Upstream patch:

http://bazaar.launchpad.net/~exarkun/pyopenssl/trunk/revision/169
Comment 11 Tomas Hoger 2014-04-24 10:07:22 UTC 
The underlying problem exists in pyOpenSSL versions shipped in Red Hat Enterprise Linux 5 and 6.  However, it is not exposed in those versions.

Upstream pyOpenSSL version 0.12 added get_extension() method for the X509 type, which allows reading certificate extensions (as X509Extension) from certificates, for example a certificate presented by remote SSL/TLS connection peer.  This functionality is not available in earlier versions.

In older versions, it is only possible to construct X509Extension object in the code by specifying its type, whether it's critical, and its value.  The intended use of this functionality is during certificate creation.  However, it is not possible to create X509Extension with value containing NUL byte.  Parameter to the X509Extension constructor is parsed using python's PyArg_ParseTupleAndKeywords() using 's' format for the value parameter, which does not allow strings with embedded NUL bytes.

https://docs.python.org/2/c-api/arg.html

Note that get_extension() available in newer pyOpenSSL versions does not seem to be used often - no component in upcoming Red Hat Enterprise Linux 7 uses that functionality.  Additionally, string representation of subjectAltName X509Extension would require further parsing before it can be used in any hostname identity check.  pyOpenSSL does not implement such checks.

Statement:

Not vulnerable. This issue did not affect the versions of pyOpenSSL as shipped with Red Hat Enterprise Linux 5 and 6.
Note You need to log in before you can comment on or make changes to this bug.