Bug 1643086 (CVE-2018-16395) - CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly
Summary: CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-16395
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1643091 1643092 1643627 1643628 1643629 1643630 1643631 1643632 1643633 1643634 1643635 1719433 1719434
Blocks: 1643090
TreeView+ depends on / blocked
 
Reported: 2018-10-25 13:35 UTC by Andrej Nemec
Modified: 2019-09-29 15:01 UTC (History)
28 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-30 09:34:55 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3729 None None None 2018-11-29 09:57:10 UTC
Red Hat Product Errata RHSA-2018:3730 None None None 2018-11-29 10:12:02 UTC
Red Hat Product Errata RHSA-2018:3731 None None None 2018-11-29 10:23:04 UTC
Red Hat Product Errata RHSA-2018:3738 None None None 2018-11-29 22:22:11 UTC
Red Hat Product Errata RHSA-2019:1948 None None None 2019-07-30 09:09:23 UTC
Red Hat Product Errata RHSA-2019:2565 None None None 2019-08-27 11:06:42 UTC

Description Andrej Nemec 2018-10-25 13:35:45 UTC
An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.

External References:

https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/

Comment 1 Andrej Nemec 2018-10-25 13:40:40 UTC
Created ruby tracking bugs for this issue:

Affects: fedora-all [bug 1643091]

Comment 4 Scott Gayou 2018-10-26 16:01:24 UTC
Upstream Hackerone Report:

https://hackerone.com/reports/387250

Comment 8 Doran Moppert 2018-11-19 05:00:49 UTC
Statement:

Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.

Red Hat Virtualization includes a vulnerable version of ruby, however the affected functionality is not used in Red Hat Virtualization or any of its dependencies. A future update may address this issue.

Comment 9 errata-xmlrpc 2018-11-29 09:56:57 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3729

Comment 10 errata-xmlrpc 2018-11-29 10:11:52 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3730

Comment 11 errata-xmlrpc 2018-11-29 10:22:52 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2018:3731

Comment 12 errata-xmlrpc 2018-11-29 22:22:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3738 https://access.redhat.com/errata/RHSA-2018:3738

Comment 14 errata-xmlrpc 2019-07-30 09:09:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1948 https://access.redhat.com/errata/RHSA-2019:1948

Comment 15 errata-xmlrpc 2019-08-27 11:06:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:2565 https://access.redhat.com/errata/RHSA-2019:2565


Note You need to log in before you can comment on or make changes to this bug.