Bug 1643086 – CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1643086 - (CVE-2018-16395) CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly

Summary:	CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly

Status:	NEW

Aliases:	CVE-2018-16395

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,public=20181017,repo...
Keywords:	Security

Depends On:	1643091 1643092 1643628 1643629 1643630 1643631 1643632 1643633 1643634 1643635 1643627
Blocks:	1643090
	Show dependency tree / graph

Reported:	2018-10-25 09:35 EDT by Andrej Nemec
Modified:	2018-10-26 16:00 EDT (History)
CC List:	28 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Andrej Nemec 2018-10-25 09:35:45 EDT

An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.

External References:

https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/

Comment 1 Andrej Nemec 2018-10-25 09:40:40 EDT

Created ruby tracking bugs for this issue:

Affects: fedora-all [bug 1643091]

Comment 3 Andrej Nemec 2018-10-25 09:41:51 EDT

Upstream patch:

https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5

Comment 4 Scott Gayou 2018-10-26 12:01:24 EDT

Upstream Hackerone Report:

https://hackerone.com/reports/387250

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
bkearney
bmcclain
cbillett
dbaker
dblechte
dfediuck
eedri
hhorak
jaruga
jokerman
jorton
mgoldboi
michal.skrivanek
mo
mtasaka
pvalena
ruby-maint
sbonazzo
sherold
s
sthangav
strzibny
tomckay
trankin
vanmeeuwen+fedora
vondruch
ylavi