Bug 1238619 - (CVE-2015-1793) CVE-2015-1793 openssl: alternative chains certificate forgery
CVE-2015-1793 openssl: alternative chains certificate forgery
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20150709,repo...
: Security
Depends On: 1241544
Blocks: 1238620
  Show dependency treegraph
 
Reported: 2015-07-02 05:52 EDT by Huzaifa S. Sidhpurwala
Modified: 2016-02-04 02:37 EST (History)
7 users (show)

See Also:
Fixed In Version: openssl 1.0.1p, openssl 1.0.2d
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way OpenSSL verified alternative certificate chains. An attacker able to supply a certificate chain to an SSL/TLS or DTLS client or an SSL/TLS or DTLS server using client authentication could use this flaw to bypass certain checks in the verification process, possibly allowing them to use one of the certificates in the supplied certificate chain as a CA certificate to generate an invalid certificate.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-13 05:02:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Main patch (1.46 KB, patch)
2015-07-02 05:54 EDT, Huzaifa S. Sidhpurwala
no flags Details | Diff
Followup patch 1 (5.75 KB, patch)
2015-07-02 05:55 EDT, Huzaifa S. Sidhpurwala
no flags Details | Diff
Followup patch 2 (1.13 KB, patch)
2015-07-02 05:55 EDT, Huzaifa S. Sidhpurwala
no flags Details | Diff

  None (edit)
Description Huzaifa S. Sidhpurwala 2015-07-02 05:52:37 EDT
The following was reported by OpenSSL upstream:

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.
Comment 1 Huzaifa S. Sidhpurwala 2015-07-02 05:54:32 EDT
Created attachment 1045431 [details]
Main patch
Comment 2 Huzaifa S. Sidhpurwala 2015-07-02 05:55:02 EDT
Created attachment 1045432 [details]
Followup patch 1
Comment 3 Huzaifa S. Sidhpurwala 2015-07-02 05:55:29 EDT
Created attachment 1045433 [details]
Followup patch 2
Comment 4 Huzaifa S. Sidhpurwala 2015-07-02 05:56:11 EDT
Statement:

Not vulnerable. This issue does not affect any version of the OpenSSL package as shipped with Red Hat Enterprise Linux 4, 5, 6 and 7, JBoss Enterprise Application Platform 6, Red Hat JBoss Enterprise Web Server 1 and 2, and Red Hat JBoss Web Server 3 because they did not include support for alternative certificate chains.
Comment 5 Huzaifa S. Sidhpurwala 2015-07-06 00:09:55 EDT
Acknowledgements:

Red Hat would like to thank OpenSSL upstream for reporting this issue. Upstream acknowledges Adam Langley of Google and David Benjamin of BoringSSL as the original reporters.
Comment 7 Martin Prpic 2015-07-09 08:49:28 EDT
External References:

http://openssl.org/news/secadv_20150709.txt
Comment 8 Martin Prpic 2015-07-09 08:52:41 EDT
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1241544]
Comment 9 Martin Prpic 2015-07-09 09:21:13 EDT
FeedHenry advisory covering impact on multi-tenant SaaS offerings:

http://feedhenrystatus.com/2015/07/09/security-advisory-cve-2015-1793/
Comment 10 Mark J. Cox (Product Security) 2015-07-09 09:22:36 EDT
Note, for clarity, the first affected upstream versions 1.0.1n and 1.0.2b were released on June 11th 2015.
Comment 12 Tomas Hoger 2015-07-09 09:44:20 EDT
Current Fedora versions are affected, as the alternative chain handling code was backported to F21 and F22:

http://pkgs.fedoraproject.org/cgit/openssl.git/commit/?id=fc6854bd38f0a020118914e09bb7ef00964a9435
https://bugzilla.redhat.com/show_bug.cgi?id=1166614

Note You need to log in before you can comment on or make changes to this bug.