1178698 – (CVE-2014-8151) CVE-2014-8151 curl: certificate check bypass when built with DarwinSSL as TLS backend

Bug 1178698 (CVE-2014-8151) - CVE-2014-8151 curl: certificate check bypass when built with DarwinSSL as TLS backend

Summary: CVE-2014-8151 curl: certificate check bypass when built with DarwinSSL as TLS...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2014-8151
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1178694
TreeView+	depends on / blocked

Reported:	2015-01-05 10:45 UTC by Vasyl Kaigorodov
Modified:	2023-05-12 07:05 UTC (History)
CC List:	2 users (show)
Fixed In Version:	libcurl 7.40.0
Clone Of:
Environment:
Last Closed:	2015-01-08 08:04:29 UTC
Embargoed:

Attachments	(Terms of Use)
0001-darwinssl-fix-session-ID-keys-to-only-reuse-identica.patch (1.53 KB, patch) 2015-01-05 10:46 UTC, Vasyl Kaigorodov	no flags	Details \| Diff
View All

Description Vasyl Kaigorodov 2015-01-05 10:45:10 UTC

libcurl upstream reports:

"""

libcurl stores TLS Session IDs in its associated Session ID cache when it connects to TLS servers. In subsequent connects it re-uses the entry in the cache to resume the TLS connection faster than when doing a full TLS handshake. The actual implementation for the Session ID caching varies depending on the underlying TLS backend.

libcurl allows applications to switch off certificate verification in two different ways - using CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER.

When an application connected to a TLS server with certificate verification disabled, it would store the Session ID in the cache and if then a subsequent connection was made against the same host and port number, it would re-use the former session and thanks to the the re-used session from the cache, it would skip the certificate check and wrongly accept any bad certificate that could be presented.

The problem was that the "key" used for caching Session IDs didn't take the ceritificate check status into account.

This problem is specific to libcurl built to use the DarwinSSL back-end for TLS, so it can only affect Mac and iPhone based applications.

We are not aware of any public exploits of this flaw.

DarwinSSL is also known as SecureTransport.

"""

External References:

http://curl.haxx.se/docs/adv_20150108A.html

Acknowledgements:

Red Hat would like to thank the curl project for reporting this issue. Upstream acknowledges Marc Hesse of RethinkDB as the original reporter.

Comment 1 Vasyl Kaigorodov 2015-01-05 10:46:38 UTC

Created attachment 976326 [details]
0001-darwinssl-fix-session-ID-keys-to-only-reuse-identica.patch

Comment 2 Tomas Hoger 2015-01-08 08:04:29 UTC

The curl packages in Red Hat Enterprise Linux 5 and earlier use OpenSSL as TLS backend.  The curl packages in Red Hat Enterprise Linux 6 and 7, and all current Fedora versions use NSS as TLS backend.

Statement:

Not vulnerable. This issue did not affect the versions of curl as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they do no use DarwinSSL library as TLS backend.

Comment 3 Tomas Hoger 2015-01-08 09:57:58 UTC

Fixed now in curl 7.40.0:

http://curl.haxx.se/mail/archive-2015-01/0019.html

Upstream commit:

https://github.com/bagder/curl/commit/4ce22c607be9066b321f3eb3c524a6fff251a1e2

Note You need to log in before you can comment on or make changes to this bug.