Bug 1843723 (CVE-2020-13777) - CVE-2020-13777 gnutls: session resumption works without master key allowing MITM
Summary: CVE-2020-13777 gnutls: session resumption works without master key allowing MITM
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-13777
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1843724 1843725 1843726 1844145 1844146 1844147 1844148 1844149
Blocks: 1843649
TreeView+ depends on / blocked
 
Reported: 2020-06-03 23:08 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-16 19:57 UTC (History)
21 users (show)

Fixed In Version: gnutls 3.6.14
Clone Of:
Environment:
Last Closed: 2020-06-22 11:20:31 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2649 0 None None None 2020-06-22 13:56:42 UTC
Red Hat Product Errata RHBA-2020:2650 0 None None None 2020-06-22 14:07:34 UTC
Red Hat Product Errata RHBA-2020:2651 0 None None None 2020-06-23 07:52:35 UTC
Red Hat Product Errata RHBA-2020:2652 0 None None None 2020-06-23 08:29:40 UTC
Red Hat Product Errata RHBA-2020:2708 0 None None None 2020-06-23 16:05:42 UTC
Red Hat Product Errata RHBA-2020:2709 0 None None None 2020-06-23 16:03:39 UTC
Red Hat Product Errata RHBA-2020:2710 0 None None None 2020-06-23 18:21:01 UTC
Red Hat Product Errata RHBA-2020:2721 0 None None None 2020-06-24 11:40:57 UTC
Red Hat Product Errata RHBA-2020:2731 0 None None None 2020-06-24 12:26:34 UTC
Red Hat Product Errata RHBA-2020:2921 0 None None None 2020-07-14 18:36:00 UTC
Red Hat Product Errata RHBA-2020:2922 0 None None None 2020-07-14 18:36:31 UTC
Red Hat Product Errata RHBA-2020:3094 0 None None None 2020-07-22 10:50:11 UTC
Red Hat Product Errata RHBA-2020:3290 0 None None None 2020-08-03 18:08:17 UTC
Red Hat Product Errata RHBA-2020:3291 0 None None None 2020-08-03 18:16:00 UTC
Red Hat Product Errata RHSA-2020:2637 0 None None None 2020-06-22 06:56:32 UTC
Red Hat Product Errata RHSA-2020:2638 0 None None None 2020-06-22 06:44:07 UTC
Red Hat Product Errata RHSA-2020:2639 0 None None None 2020-06-22 06:38:42 UTC

Description Guilherme de Almeida Suckevicz 2020-06-03 23:08:49 UTC 
GnuTLS servers are able to use tickets issued by each other without access to the secret key as generated by gnutls_session_ticket_key_generate(). In TLS 1.3 this allows a MITM server without valid credentials to resume sessions with a client that first established an initial connection with a server with valid credentials. In TLS 1.2, it may allow attackers to recover the previous conversations.

Reference:
https://gitlab.com/gnutls/gnutls/-/issues/1011
Comment 1 Guilherme de Almeida Suckevicz 2020-06-03 23:09:22 UTC 
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1843724]


Created gnutls30 tracking bugs for this issue:

Affects: epel-6 [bug 1843726]


Created mingw-gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1843725]
Comment 4 Marco Benatto 2020-06-04 17:31:57 UTC 
Upstream commits for this issue:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1275/diffs?commit_id=c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
https://gitlab.com/gnutls/gnutls/-/merge_requests/1275/diffs?commit_id=3d7fae761e65e9d0f16d7247ee8a464d4fe002da
Comment 13 Marco Benatto 2020-06-05 17:11:00 UTC 
External References:

https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
Comment 15 Marco Benatto 2020-06-05 17:25:29 UTC 
Mitigation:

There's no available mitigation for this issue.
Comment 16 jwp@redhat.com 2020-06-08 20:38:13 UTC 
Does this affect RHEL8? - the version of gnutls shipped in rhel8 is gnutls-3.6.8-10

which would imply it does.
Comment 17 jwp@redhat.com 2020-06-08 21:22:53 UTC 
(In reply to jwp from comment #16)
> Does this affect RHEL8? - the version of gnutls shipped in rhel8 is
> gnutls-3.6.8-10
> 
> which would imply it does.

Answering my own question. Yes. Yes it does:

https://access.redhat.com/security/cve/CVE-2020-13777
 
I assume that anything that uses the rhel8 user-space (OCP4, CoreOS, OSP16) will likewise be affected?
Comment 18 jwp@redhat.com 2020-06-08 21:23:01 UTC 
(In reply to jwp from comment #16)
> Does this affect RHEL8? - the version of gnutls shipped in rhel8 is
> gnutls-3.6.8-10
> 
> which would imply it does.

Answering my own question. Yes. Yes it does:

https://access.redhat.com/security/cve/CVE-2020-13777
 
I assume that anything that uses the rhel8 user-space (OCP4, CoreOS, OSP16) will likewise be affected?
Comment 19 RaTasha Tillery-Smith 2020-06-18 17:54:07 UTC 
Statement:

GnuTLS versions as shipped with Red Hat Enterprise Linux 7 and earlier are not affected, as the bug was introduced in upstream at GnuTLS version 3.6.4. The older versions do not carry the affected code.
Comment 20 errata-xmlrpc 2020-06-22 06:38:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2639 https://access.redhat.com/errata/RHSA-2020:2639
Comment 21 errata-xmlrpc 2020-06-22 06:44:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2638 https://access.redhat.com/errata/RHSA-2020:2638
Comment 22 errata-xmlrpc 2020-06-22 06:56:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2637 https://access.redhat.com/errata/RHSA-2020:2637
Comment 23 Product Security DevOps Team 2020-06-22 11:20:31 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-13777
Note You need to log in before you can comment on or make changes to this bug.