Bug 1643086 (CVE-2018-16395) - CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly
Summary: CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly
Status: CLOSED ERRATA
Alias: CVE-2018-16395
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20181017,repo...
Keywords: Security
Depends On: 1643092 1643629 1643631 1643633 1643635 1643091 1643627 1643628 1643630 1643632 1643634
Blocks: 1643090
TreeView+ depends on / blocked
 
Reported: 2018-10-25 13:35 UTC by Andrej Nemec
Modified: 2018-12-10 06:18 UTC (History)
28 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-11-30 09:34:55 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3729 None None None 2018-11-29 09:57 UTC
Red Hat Product Errata RHSA-2018:3730 None None None 2018-11-29 10:12 UTC
Red Hat Product Errata RHSA-2018:3731 None None None 2018-11-29 10:23 UTC
Red Hat Product Errata RHSA-2018:3738 None None None 2018-11-29 22:22 UTC

Description Andrej Nemec 2018-10-25 13:35:45 UTC
An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.

External References:

https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/

Comment 1 Andrej Nemec 2018-10-25 13:40:40 UTC
Created ruby tracking bugs for this issue:

Affects: fedora-all [bug 1643091]

Comment 4 Scott Gayou 2018-10-26 16:01:24 UTC
Upstream Hackerone Report:

https://hackerone.com/reports/387250

Comment 8 Doran Moppert 2018-11-19 05:00:49 UTC
Statement:

Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.

Red Hat Virtualization includes a vulnerable version of ruby, however the affected functionality is not used in Red Hat Virtualization or any of its dependencies. A future update may address this issue.

Comment 9 errata-xmlrpc 2018-11-29 09:56:57 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3729

Comment 10 errata-xmlrpc 2018-11-29 10:11:52 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3730

Comment 11 errata-xmlrpc 2018-11-29 10:22:52 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2018:3731

Comment 12 errata-xmlrpc 2018-11-29 22:22:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3738 https://access.redhat.com/errata/RHSA-2018:3738


Note You need to log in before you can comment on or make changes to this bug.