Bug 1843723 (CVE-2020-13777) - CVE-2020-13777 gnutls: session resumption works without master key allowing MITM
Summary: CVE-2020-13777 gnutls: session resumption works without master key allowing MITM
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-13777
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1843726 1844148 1844149 1843724 1843725 1844145 1844146 1844147
Blocks: 1843649
TreeView+ depends on / blocked
 
Reported: 2020-06-03 23:08 UTC by Guilherme de Almeida Suckevicz
Modified: 2020-06-29 14:24 UTC (History)
21 users (show)

Fixed In Version: gnutls 3.6.14
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and also recover older conversations when TLS1.2 is in use. The highest threat to this flaw is to confidentiality and integrity.
Clone Of:
Environment:
Last Closed: 2020-06-22 11:20:31 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2649 None None None 2020-06-22 13:56:42 UTC
Red Hat Product Errata RHBA-2020:2650 None None None 2020-06-22 14:07:34 UTC
Red Hat Product Errata RHBA-2020:2651 None None None 2020-06-23 07:52:35 UTC
Red Hat Product Errata RHBA-2020:2652 None None None 2020-06-23 08:29:40 UTC
Red Hat Product Errata RHBA-2020:2708 None None None 2020-06-23 16:05:42 UTC
Red Hat Product Errata RHBA-2020:2709 None None None 2020-06-23 16:03:39 UTC
Red Hat Product Errata RHBA-2020:2710 None None None 2020-06-23 18:21:01 UTC
Red Hat Product Errata RHBA-2020:2721 None None None 2020-06-24 11:40:57 UTC
Red Hat Product Errata RHBA-2020:2731 None None None 2020-06-24 12:26:34 UTC
Red Hat Product Errata RHSA-2020:2637 None None None 2020-06-22 06:56:32 UTC
Red Hat Product Errata RHSA-2020:2638 None None None 2020-06-22 06:44:07 UTC
Red Hat Product Errata RHSA-2020:2639 None None None 2020-06-22 06:38:42 UTC

Description Guilherme de Almeida Suckevicz 2020-06-03 23:08:49 UTC
GnuTLS servers are able to use tickets issued by each other without access to the secret key as generated by gnutls_session_ticket_key_generate(). In TLS 1.3 this allows a MITM server without valid credentials to resume sessions with a client that first established an initial connection with a server with valid credentials. In TLS 1.2, it may allow attackers to recover the previous conversations.

Reference:
https://gitlab.com/gnutls/gnutls/-/issues/1011

Comment 1 Guilherme de Almeida Suckevicz 2020-06-03 23:09:22 UTC
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1843724]


Created gnutls30 tracking bugs for this issue:

Affects: epel-6 [bug 1843726]


Created mingw-gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1843725]

Comment 13 Marco Benatto 2020-06-05 17:11:00 UTC
External References:

https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-06-03

Comment 15 Marco Benatto 2020-06-05 17:25:29 UTC
Mitigation:

There's no available mitigation for this issue.

Comment 16 jwp@redhat.com 2020-06-08 20:38:13 UTC
Does this affect RHEL8? - the version of gnutls shipped in rhel8 is gnutls-3.6.8-10

which would imply it does.

Comment 17 jwp@redhat.com 2020-06-08 21:22:53 UTC
(In reply to jwp@redhat.com from comment #16)
> Does this affect RHEL8? - the version of gnutls shipped in rhel8 is
> gnutls-3.6.8-10
> 
> which would imply it does.

Answering my own question. Yes. Yes it does:

https://access.redhat.com/security/cve/CVE-2020-13777
 
I assume that anything that uses the rhel8 user-space (OCP4, CoreOS, OSP16) will likewise be affected?

Comment 18 jwp@redhat.com 2020-06-08 21:23:01 UTC
(In reply to jwp@redhat.com from comment #16)
> Does this affect RHEL8? - the version of gnutls shipped in rhel8 is
> gnutls-3.6.8-10
> 
> which would imply it does.

Answering my own question. Yes. Yes it does:

https://access.redhat.com/security/cve/CVE-2020-13777
 
I assume that anything that uses the rhel8 user-space (OCP4, CoreOS, OSP16) will likewise be affected?

Comment 19 RaTasha Tillery-Smith 2020-06-18 17:54:07 UTC
Statement:

GnuTLS versions as shipped with Red Hat Enterprise Linux 7 and earlier are not affected, as the bug was introduced in upstream at GnuTLS version 3.6.4. The older versions do not carry the affected code.

Comment 20 errata-xmlrpc 2020-06-22 06:38:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2639 https://access.redhat.com/errata/RHSA-2020:2639

Comment 21 errata-xmlrpc 2020-06-22 06:44:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2638 https://access.redhat.com/errata/RHSA-2020:2638

Comment 22 errata-xmlrpc 2020-06-22 06:56:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2637 https://access.redhat.com/errata/RHSA-2020:2637

Comment 23 Product Security DevOps Team 2020-06-22 11:20:31 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-13777


Note You need to log in before you can comment on or make changes to this bug.