Bug 470079 - (CVE-2008-4989) CVE-2008-4989 gnutls: certificate chain verification flaw
CVE-2008-4989 gnutls: certificate chain verification flaw
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=vendorsec,reported=20081105,pu...
: Security
Depends On: 470279 470280 805160
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-05 12:19 EST by Tomas Hoger
Modified: 2012-03-20 11:42 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-13 10:35:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch from the reporter of the issue that upstream plans to use (1.76 KB, patch)
2008-11-06 09:25 EST, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2008-11-05 12:19:35 EST
A flaw was discovered in the way GnuTLS verify certificate chain provided by remote SSL / TLS server.  If the self-signed certificate appears in the middle of the chain, the whole chain will not get verified properly.  This allows malicious server to spoof identity of some other server and tick clients using GnuTLS to trust the server, even if the server does not own trusted certificate for common name specified by the client.
Comment 3 Tomas Hoger 2008-11-06 04:36:14 EST
The problem seems to have been introduced in following commit:

http://repo.or.cz/w/gnutls.git?a=commitdiff;h=c154545b8a3df4f7d06c6aa335c18740cbecf57a

which first appeared in GnuTLS 1.2.4 released in May 2005:

http://lists.gnupg.org/pipermail/gnutls-dev/2005-May/000875.html
Comment 4 Tomas Hoger 2008-11-06 09:19:34 EST
Update on the flaw description in comment #0:

This issue does not require any crafted self-signed certificate to be listed in the certificate chain.  The verification code in the vulnerable versions works as:

- check last certificate in the chain against trusted CA certs
- if last certificate in the chain is self-signed, it is dropped / ignored
- verify possibly shorter certificate chain

It is sufficient for server to provide chain with fake certificate followed by a trusted CA certificate to be successfully verified.
Comment 5 Tomas Hoger 2008-11-06 09:25:26 EST
Created attachment 322723 [details]
Proposed patch from the reporter of the issue that upstream plans to use
Comment 11 Tomas Hoger 2008-11-11 02:22:45 EST
Original report from Martin von Gagern:

http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217
Comment 12 Tomas Hoger 2008-11-11 05:28:02 EST
Original patch contained a bug, different version was proposed:

http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3224

(only drop last self-signed certificate when chain contains more than once certificate)
Comment 13 Tomas Hoger 2008-11-11 07:58:48 EST
The gnutls packages as shipped in Red Hat Enterprise Linux 4 were not affected by this flaw.
Comment 14 Fedora Update System 2008-11-11 10:10:33 EST
gnutls-2.4.2-3.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/gnutls-2.4.2-3.fc10
Comment 15 Fedora Update System 2008-11-11 10:11:57 EST
gnutls-2.0.4-4.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/gnutls-2.0.4-4.fc9
Comment 16 Fedora Update System 2008-11-11 10:12:45 EST
gnutls-1.6.3-5.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/gnutls-1.6.3-5.fc8
Comment 17 Fedora Update System 2008-11-11 21:52:25 EST
gnutls-2.0.4-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2008-11-11 22:00:23 EST
gnutls-1.6.3-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2008-11-22 11:51:29 EST
gnutls-2.4.2-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.