Bug 1843723 (CVE-2020-13777) - CVE-2020-13777 gnutls: session resumption works without master key allowing MITM
Summary: CVE-2020-13777 gnutls: session resumption works without master key allowing MITM
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-13777
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1843724 1843725 1843726 1844145 1844146 1844147 1844148 1844149
Blocks: 1843649
TreeView+ depends on / blocked
 
Reported: 2020-06-03 23:08 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-16 19:57 UTC (History)
21 users (show)

Fixed In Version: gnutls 3.6.14
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and also recover older conversations when TLS1.2 is in use. The highest threat to this flaw is to confidentiality and integrity.
Clone Of:
Environment:
Last Closed: 2020-06-22 11:20:31 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2649 0 None None None 2020-06-22 13:56:42 UTC
Red Hat Product Errata RHBA-2020:2650 0 None None None 2020-06-22 14:07:34 UTC
Red Hat Product Errata RHBA-2020:2651 0 None None None 2020-06-23 07:52:35 UTC
Red Hat Product Errata RHBA-2020:2652 0 None None None 2020-06-23 08:29:40 UTC
Red Hat Product Errata RHBA-2020:2708 0 None None None 2020-06-23 16:05:42 UTC
Red Hat Product Errata RHBA-2020:2709 0 None None None 2020-06-23 16:03:39 UTC
Red Hat Product Errata RHBA-2020:2710 0 None None None 2020-06-23 18:21:01 UTC
Red Hat Product Errata RHBA-2020:2721 0 None None None 2020-06-24 11:40:57 UTC
Red Hat Product Errata RHBA-2020:2731 0 None None None 2020-06-24 12:26:34 UTC
Red Hat Product Errata RHBA-2020:2921 0 None None None 2020-07-14 18:36:00 UTC
Red Hat Product Errata RHBA-2020:2922 0 None None None 2020-07-14 18:36:31 UTC
Red Hat Product Errata RHBA-2020:3094 0 None None None 2020-07-22 10:50:11 UTC
Red Hat Product Errata RHBA-2020:3290 0 None None None 2020-08-03 18:08:17 UTC
Red Hat Product Errata RHBA-2020:3291 0 None None None 2020-08-03 18:16:00 UTC
Red Hat Product Errata RHSA-2020:2637 0 None None None 2020-06-22 06:56:32 UTC
Red Hat Product Errata RHSA-2020:2638 0 None None None 2020-06-22 06:44:07 UTC
Red Hat Product Errata RHSA-2020:2639 0 None None None 2020-06-22 06:38:42 UTC

Description Guilherme de Almeida Suckevicz 2020-06-03 23:08:49 UTC 
GnuTLS servers are able to use tickets issued by each other without access to the secret key as generated by gnutls_session_ticket_key_generate(). In TLS 1.3 this allows a MITM server without valid credentials to resume sessions with a client that first established an initial connection with a server with valid credentials. In TLS 1.2, it may allow attackers to recover the previous conversations.

Reference:
https://gitlab.com/gnutls/gnutls/-/issues/1011
Comment 1 Guilherme de Almeida Suckevicz 2020-06-03 23:09:22 UTC 
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1843724]


Created gnutls30 tracking bugs for this issue:

Affects: epel-6 [bug 1843726]


Created mingw-gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1843725]
Comment 4 Marco Benatto 2020-06-04 17:31:57 UTC 
Upstream commits for this issue:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1275/diffs?commit_id=c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
https://gitlab.com/gnutls/gnutls/-/merge_requests/1275/diffs?commit_id=3d7fae761e65e9d0f16d7247ee8a464d4fe002da
Comment 13 Marco Benatto 2020-06-05 17:11:00 UTC 
External References:

https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
Comment 15 Marco Benatto 2020-06-05 17:25:29 UTC 
Mitigation:

There's no available mitigation for this issue.
Comment 16 jwp@redhat.com 2020-06-08 20:38:13 UTC 
Does this affect RHEL8? - the version of gnutls shipped in rhel8 is gnutls-3.6.8-10

which would imply it does.
Comment 17 jwp@redhat.com 2020-06-08 21:22:53 UTC 
(In reply to jwp from comment #16)
> Does this affect RHEL8? - the version of gnutls shipped in rhel8 is
> gnutls-3.6.8-10
> 
> which would imply it does.

Answering my own question. Yes. Yes it does:

https://access.redhat.com/security/cve/CVE-2020-13777
 
I assume that anything that uses the rhel8 user-space (OCP4, CoreOS, OSP16) will likewise be affected?
Comment 18 jwp@redhat.com 2020-06-08 21:23:01 UTC 
(In reply to jwp from comment #16)
> Does this affect RHEL8? - the version of gnutls shipped in rhel8 is
> gnutls-3.6.8-10
> 
> which would imply it does.

Answering my own question. Yes. Yes it does:

https://access.redhat.com/security/cve/CVE-2020-13777
 
I assume that anything that uses the rhel8 user-space (OCP4, CoreOS, OSP16) will likewise be affected?
Comment 19 RaTasha Tillery-Smith 2020-06-18 17:54:07 UTC 
Statement:

GnuTLS versions as shipped with Red Hat Enterprise Linux 7 and earlier are not affected, as the bug was introduced in upstream at GnuTLS version 3.6.4. The older versions do not carry the affected code.
Comment 20 errata-xmlrpc 2020-06-22 06:38:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2639 https://access.redhat.com/errata/RHSA-2020:2639
Comment 21 errata-xmlrpc 2020-06-22 06:44:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2638 https://access.redhat.com/errata/RHSA-2020:2638
Comment 22 errata-xmlrpc 2020-06-22 06:56:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2637 https://access.redhat.com/errata/RHSA-2020:2637
Comment 23 Product Security DevOps Team 2020-06-22 11:20:31 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-13777
Note You need to log in before you can comment on or make changes to this bug.