Red Hat Bugzilla – Bug 510433
openssl compat mode x509 subject name injection
Last modified: 2009-07-31 10:33:48 EDT
In his upcoming Blackhat paper and presentation Dan Kaminsky
highlights some more issues he has found relating to SSL hash
collisions and related vulnerabilities.
His second issue is all about inconsistencies in the interpretation of subject
x509 names in certificates. Specifically "issue 2d' is how the OpenSSL command line utility will output unescaped subject X509 lines to the standard output.
So if some utility runs the openssl application from the command line and parses the text output, and if an attacker can craft a malicious certificate
in such a way they fool a CA into signing it, they could present it to the utility and possibly fool that utility into thinking fields were different to they actually are, perhaps allowing the certificate to be accepted as legitimate.
So this attack assumes that some utility will parse the output of OpenSSL command line using the default 'compat' mode. Applications should never do this anyway.
So upstream OpenSSL are unlikely to address this issue directly, although in the future the default output mode could be changed to something other than 'compat'. The likely response will be documentation reminding people that parsing the output of running such an openssl command is not the right way to use OpenSSL.
Section 2d also mentions a non-exploitable read AV. This was fixed as CVE-2009-0590 in upstream OpenSSL 0.9.8k
removing embargo, Dan gave presentation at Blackhat yesterday.