Bug 1005325 - (CVE-2013-4314) CVE-2013-4314 pyOpenSSL: hostname check bypassing vulnerability
CVE-2013-4314 pyOpenSSL: hostname check bypassing vulnerability
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130904,repor...
: Security
Depends On: 1005428 1006138
Blocks: 1005327
  Show dependency treegraph
 
Reported: 2013-09-06 12:24 EDT by Vincent Danen
Modified: 2016-04-26 12:11 EDT (History)
28 users (show)

See Also:
Fixed In Version: pyOpenSSL 0.13.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-24 06:07:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2013-09-06 12:24:39 EDT
The pyOpenSSL module implements hostname identity checks but it did not properly handle hostnames in the certificate that contain null bytes.  In all releases prior to 0.13.1, the string formatting of subjectAltName X509Extension instances incorrectly truncated fields of the name when encountering the null byte.

When a CA than an SSL client trusts issues a server certificate that has a null byte in the subjectAltName, remote attackers can obtain a certifcate for 'www.foo.org\0.example.com' from the CA to spoof 'www.foo.org' and conduct man-in-the-middle attacks between the pyOpenSSL-using client and SSL servers.

[1] https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
Comment 1 Vincent Danen 2013-09-06 18:13:22 EDT
Created pyOpenSSL tracking bugs for this issue:

Affects: fedora-all [bug 1005428]
Comment 2 Henri Salo 2013-09-07 01:58:02 EDT
Please use CVE-2013-4314 for this issue.
Comment 3 Vincent Danen 2013-09-08 10:26:46 EDT
CVE assignment:

http://www.openwall.com/lists/oss-security/2013/09/06/2
Comment 5 Huzaifa S. Sidhpurwala 2013-09-10 02:15:41 EDT
Upstream patch:

http://bazaar.launchpad.net/~exarkun/pyopenssl/trunk/revision/169
Comment 11 Tomas Hoger 2014-04-24 06:07:22 EDT
The underlying problem exists in pyOpenSSL versions shipped in Red Hat Enterprise Linux 5 and 6.  However, it is not exposed in those versions.

Upstream pyOpenSSL version 0.12 added get_extension() method for the X509 type, which allows reading certificate extensions (as X509Extension) from certificates, for example a certificate presented by remote SSL/TLS connection peer.  This functionality is not available in earlier versions.

In older versions, it is only possible to construct X509Extension object in the code by specifying its type, whether it's critical, and its value.  The intended use of this functionality is during certificate creation.  However, it is not possible to create X509Extension with value containing NUL byte.  Parameter to the X509Extension constructor is parsed using python's PyArg_ParseTupleAndKeywords() using 's' format for the value parameter, which does not allow strings with embedded NUL bytes.

https://docs.python.org/2/c-api/arg.html

Note that get_extension() available in newer pyOpenSSL versions does not seem to be used often - no component in upcoming Red Hat Enterprise Linux 7 uses that functionality.  Additionally, string representation of subjectAltName X509Extension would require further parsing before it can be used in any hostname identity check.  pyOpenSSL does not implement such checks.

Statement:

Not vulnerable. This issue did not affect the versions of pyOpenSSL as shipped with Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.