Red Hat Bugzilla – Bug 445227
CVE-2008-1676 Certificate System: incorrect handling of Extensions in CSRs (cs71)
Last modified: 2012-07-16 18:57:43 EDT
A flaw was found in a way Red Hat Certificate System handled Extensions in the
certificate signing requests (CSR). All requested Extensions were added to
issued certificate despite constraints defined in Certificate Authority (CA)
For example, CSR could contain Basic Constraints or Key Usage constraint that
once copied to issued certificate would result in creation of subordinate CA
certificate, even though CA configuration prohibits issuing of subordinate CA
certificate, possibly leading to a bypass the intended security policy.
Red Hat Certificate System 7.1, 7.2, 7.3
Netscape Certificate Management System 6.x
It's hard to code this correctly in CVSS v2. I think we are best to compare it
to flaws where a client not verifying the basic constraints for a signed
certificate, like CVE-2002-0970 or CVE-2002-0862. The same NVD CVSSv2 score is
also used for cases such as when a revoked certificate is accepted by a service.
So I believe this should be
CVSS v2 Base score: 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
and therefore impact=important
Setting bug to CLOSED per conversation with QE.