Bug 470079 (CVE-2008-4989) - CVE-2008-4989 gnutls: certificate chain verification flaw
Summary: CVE-2008-4989 gnutls: certificate chain verification flaw
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-4989
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 470279 470280 805160
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-11-05 17:19 UTC by Tomas Hoger
Modified: 2019-09-29 12:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-11-13 15:35:44 UTC


Attachments (Terms of Use)
Proposed patch from the reporter of the issue that upstream plans to use (1.76 KB, patch)
2008-11-06 14:25 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0982 0 normal SHIPPED_LIVE Moderate: gnutls security update 2008-11-11 18:26:39 UTC

Description Tomas Hoger 2008-11-05 17:19:35 UTC
A flaw was discovered in the way GnuTLS verify certificate chain provided by remote SSL / TLS server.  If the self-signed certificate appears in the middle of the chain, the whole chain will not get verified properly.  This allows malicious server to spoof identity of some other server and tick clients using GnuTLS to trust the server, even if the server does not own trusted certificate for common name specified by the client.

Comment 3 Tomas Hoger 2008-11-06 09:36:14 UTC
The problem seems to have been introduced in following commit:

http://repo.or.cz/w/gnutls.git?a=commitdiff;h=c154545b8a3df4f7d06c6aa335c18740cbecf57a

which first appeared in GnuTLS 1.2.4 released in May 2005:

http://lists.gnupg.org/pipermail/gnutls-dev/2005-May/000875.html

Comment 4 Tomas Hoger 2008-11-06 14:19:34 UTC
Update on the flaw description in comment #0:

This issue does not require any crafted self-signed certificate to be listed in the certificate chain.  The verification code in the vulnerable versions works as:

- check last certificate in the chain against trusted CA certs
- if last certificate in the chain is self-signed, it is dropped / ignored
- verify possibly shorter certificate chain

It is sufficient for server to provide chain with fake certificate followed by a trusted CA certificate to be successfully verified.

Comment 5 Tomas Hoger 2008-11-06 14:25:26 UTC
Created attachment 322723 [details]
Proposed patch from the reporter of the issue that upstream plans to use

Comment 11 Tomas Hoger 2008-11-11 07:22:45 UTC
Original report from Martin von Gagern:

http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217

Comment 12 Tomas Hoger 2008-11-11 10:28:02 UTC
Original patch contained a bug, different version was proposed:

http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3224

(only drop last self-signed certificate when chain contains more than once certificate)

Comment 13 Tomas Hoger 2008-11-11 12:58:48 UTC
The gnutls packages as shipped in Red Hat Enterprise Linux 4 were not affected by this flaw.

Comment 14 Fedora Update System 2008-11-11 15:10:33 UTC
gnutls-2.4.2-3.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/gnutls-2.4.2-3.fc10

Comment 15 Fedora Update System 2008-11-11 15:11:57 UTC
gnutls-2.0.4-4.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/gnutls-2.0.4-4.fc9

Comment 16 Fedora Update System 2008-11-11 15:12:45 UTC
gnutls-1.6.3-5.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/gnutls-1.6.3-5.fc8

Comment 17 Fedora Update System 2008-11-12 02:52:25 UTC
gnutls-2.0.4-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2008-11-12 03:00:23 UTC
gnutls-1.6.3-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2008-11-22 16:51:29 UTC
gnutls-2.4.2-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.