Red Hat Bugzilla – Bug 497983
CVE-2009-1417 gnutls: certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3]
Last modified: 2009-08-11 04:14:57 EDT
GnuTLS upstream reports:
Romain Francoise reported that gnutls-cli does not check the
activation and expiration dates of X.509 certificates. This is
assumed to apply to all versions of gnutls-cli.
Further upstream investigation of the problem showed that other applications using GnuTLS library may be affected by the similar problem, as GnuTLS' gnutls_certificate_verify_peers* functions do not check activation / expiration times on certificates. Such check was expected to be done by the applications using GnuTLS library.
This decision was now re-considered upstream and activation / expiration time checks are being added to _gnutls_x509_verify_certificate in the GnuTLS library, instead of only being added to gnutls-cli. Applications not wanting this time verification should explicitly disable it by using newly introduced GNUTLS_VERIFY_DISABLE_TIME_CHECKS verification flag. While this code introduces a change, which is not backwards compatible, upstream believes this should not negatively impact existing code.
Created attachment 341539 [details]
For testing purposes, upstream has set up few testing URLs with expired certificates:
- Expired server certificate
- Expire intermediate certificate, server return intermediate CA
- Expire intermediate certificate server does not return intermediate CA
Can be tested using: gnutls-cli expired.demo.gnutls.org
GnuTLS is shipped in Red Hat Enterprise Linux 4 and 5. Applications using GnuTLS' certificate verification (libsoup, libvirt, gtk-vnc) already perform activation / expiration date checks. gnutls-cli command line tool is affected by this problem.
The impact of this flaw is limited (besides having expired certificate, attacker would need to have associated private key as well and trick user to connect to spoofed SSL/TLS server), and the fix introduces backwards incompatible change. Future updates of gnutls packages in Red Hat Enterprise Linux 4 and 5 may include this change.
Public now via upstream security advisory:
Fix included in upstream version 2.6.6:
gnutls-cli is documented as a "test program" so I'd struggle to call this a security issue there.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1417 to
the following vulnerability:
Reference: MLIST:[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]
Reference: URL: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
Reference: URL: http://secunia.com/advisories/34842
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and
expiration times of X.509 certificates, which allows remote attackers
to successfully present a certificate that is (1) not yet valid or (2)
no longer valid, related to lack of time checks in the
_gnutls_x509_verify_certificate function in lib/x509/verify.c in
libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
This was further discussed internally and it was decided not to backport this change to Red Hat Enterprise Linux 4 and 5. This fix changes documented behaviour, possibly creating a regression for applications that performed all required checks previously (they will no longer report expired / not yet active certificates correctly, rather use generic SSL verification error). Given the low impact of the flaw and the API-breaking nature of the fix, we do not plan to fix this flaw in already released product versions. Future versions containing newer upstream GnuTLS versions will include this fix.