Bug 1091156 (CVE-2014-2734) - CVE-2014-2734 ruby: SSL signature spoofing flaw
Summary: CVE-2014-2734 ruby: SSL signature spoofing flaw
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-2734
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1091157
TreeView+ depends on / blocked
 
Reported: 2014-04-25 04:25 UTC by Vincent Danen
Modified: 2021-02-17 06:37 UTC (History)
42 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-25 11:01:18 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Novell 875192 0 None None None Never

Description Vincent Danen 2014-04-25 04:25:24 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-2734 to
the following vulnerability:

Name: CVE-2014-2734
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2734
Assigned: 20140408
Reference: FULLDISC:20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC
Reference: http://seclists.org/fulldisclosure/2014/Apr/231
Reference: http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html
Reference: https://gist.github.com/10446549

The openssl extension in Ruby 2.x does not properly maintain the state
of process memory after a file is reopened, which allows remote
attackers to spoof signatures within the context of a Ruby script that
attempts signature verification after performing a certain sequence of
filesystem operations.
Comment 1 Tomas Hoger 2014-04-25 11:01:18 UTC 
There is not real information about what problem CVE-2014-2734 is actually supposed to identify.  The information that was posted to the Full Disclosure mailing list is vague, and the PoC code is obfuscated.

There were some attempts to de-obfuscate the PoC, see this Ycombinator discussion:
https://news.ycombinator.com/item?id=7601973

Adrien Thebo reduced the PoC to:

  #!/usr/bin/env ruby

  require 'openssl'

  key = OpenSSL::PKey::RSA.new(2048)
  ca_cert = OpenSSL::X509::Certificate.new(File.read("ca.pem"))

  puts "before we sign the cert: #{ca_cert.verify(key)}"
  ca_cert.sign(key, OpenSSL::Digest::SHA1.new)
  puts "after we sign the cert: #{ca_cert.verify(key)}"

This version, along with full history of changes from the original PoC, can be found in his github repository:
https://github.com/adrienthebo/cve-2014-2734/
https://github.com/adrienthebo/cve-2014-2734/commits/

The above script does the following:
- generates new RSA key
- loads existing (CA) certificate from file
- checks that the certificate was not signed by the new key
- re-signs the certificate with the new key
- verifies that the certificate is now signed by the new key

Reporting 'true' at the end is intended behavior and not a bug nor security issue.  File system operations, as mentioned in the CVE description and initial report, do not make a difference.

Note that Ruby openssl module is currently rather under-documented.  OpenSSL::X509::Certificate's sign method does not have any documentation other than the example on how to create certificates.
http://www.ruby-doc.org/stdlib-2.1.1/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html

Unless there's further clarification posted by the reporter, it seems this CVE should be considered invalid.
Comment 3 Tomas Hoger 2014-05-12 06:08:27 UTC 
Ruby upstream has also disputed this CVE.

External References:

https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/
Note You need to log in before you can comment on or make changes to this bug.