From owner-freebsd-security@FreeBSD.ORG Fri Nov 14 15:00:11 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB61D1065672; Fri, 14 Nov 2008 15:00:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6EA288FC0A; Fri, 14 Nov 2008 15:00:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAEF0Bgn004161; Fri, 14 Nov 2008 15:00:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAEF0BTe004160; Fri, 14 Nov 2008 15:00:11 GMT (envelope-from gnats) Resent-Date: Fri, 14 Nov 2008 15:00:11 GMT Resent-Message-Id: <200811141500.mAEF0BTe004160@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@freebsd.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Cc: freebsd-security@freebsd.org, novel@freebsd.org Resent-Reply-To: FreeBSD-gnats-submit@freebsd.org, Eygene Ryabinkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE6AA1065672 for ; Fri, 14 Nov 2008 14:54:15 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 5D0A68FC22 for ; Fri, 14 Nov 2008 14:54:15 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from amnesiac.at.no.dns ([144.206.182.38]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1L103q-000F0N-5A for FreeBSD-gnats-submit@freebsd.org; Fri, 14 Nov 2008 17:54:14 +0300 Received: by amnesiac.at.no.dns (Postfix, from userid 1001) id 3C4DC1721C; Fri, 14 Nov 2008 17:54:14 +0300 (MSK) Message-Id: <20081114145414.3C4DC1721C@amnesiac.at.no.dns> Date: Fri, 14 Nov 2008 17:54:14 +0300 (MSK) From: Eygene Ryabinkin To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 X-GNATS-Notify: freebsd-security@freebsd.org, novel@FreeBSD.org Cc: Subject: ports/128868: [vuxml] security/gnutls: CVE-2008-4989 and update to 2.4.2 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2008 15:00:11 -0000 >Number: 128868 >Category: ports >Synopsis: [vuxml] security/gnutls: CVE-2008-4989 and update to 2.4.2 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Nov 14 15:00:10 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 8.0-CURRENT amd64 >Organization: Code Labs >Environment: System: FreeBSD 8.0-CURRENT amd64 >Description: According to the Martin von Gagem, http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 there is X.509 trust chains validation failure that allows man in the middle to assume any DN and trick GNU TLS clients into trusting that name. >How-To-Repeat: Look at http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 http://www.gnu.org/software/gnutls/security.html >Fix: The following VuXML entry should be added: --- vuln.xml begins here --- GnuTLS -- X.509 certificate chain validation vulnerability gnutls 2.4.02.4.2 gnutls 2.6.02.6.1

Martin von Gagern reports:

This is an analysis fo the GNU TLS vulnerability recently published as GNUTLS-SA-2008-3 and CVE-2008-4989.

I found a bug in GNU TLS which breaks X.509 certificate chain verification. This allows a man in the middle to assume any name and trick GNU TLS clients into trusting that name.

This could be used to imitate a server using a specially crafted server certificate chain together with DNS spoofing or some way of intercepting packets along their route. It could also be used to imitate clients authenticating to some service using client certificates, again using specially crafted certificate chains.

Announcement of GnuTLS 2.6.1:

Version 2.6.1 is a maintainance and security release on our stable branch.

** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]

The flaw makes it possible for man in the middle attackers (i.e., active attackers) to assume any name and trick GNU TLS clients into trusting that name. Thanks for report and analysis from Martin von Gagern <Martin.vGagern <at> gmx.net>. [CVE-2008-4989]

 CVE-2008-4989 http://www.gnu.org/software/gnutls/security.html http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 2008-11-10 --- vuln.xml ends here --- I am assuming that the maintainer will update the port to the version 2.4.2 (the latest one from the 2.4 branch) or to 2.6.1. One can drop 2.6.x from the VuXML entry if he won't planning to introduce GnuTLS 2.6.x to the ports or he is planning to update to GnuTLS >= 2.6.1. I had extracted the patch from the http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 and had applied it to the 2.4.2. --- gnutls-2.4.2-CVE-2008-4989.patch begins here --- Obtained from: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 Remarks: applied original patch to 2.4.2 and diffed the sources again --- lib/x509/verify.c.orig 2008-09-16 00:04:19.000000000 +0400 +++ lib/x509/verify.c 2008-11-14 16:06:59.000000000 +0300 @@ -376,6 +376,17 @@ int i = 0, ret; unsigned int status = 0, output; + /* Check if the last certificate in the path is self signed. + * In that case ignore it (a certificate is trusted only if it + * leads to a trusted party by us, not the server's). + */ + if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], + certificate_list[clist_size - 1]) > 0 + && clist_size > 0) + { + clist_size--; + } + /* Verify the last certificate in the certificate path * against the trusted CA certificate list. * @@ -414,17 +425,6 @@ } #endif - /* Check if the last certificate in the path is self signed. - * In that case ignore it (a certificate is trusted only if it - * leads to a trusted party by us, not the server's). - */ - if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], - certificate_list[clist_size - 1]) > 0 - && clist_size > 0) - { - clist_size--; - } - /* Verify the certificate path (chain) */ for (i = clist_size - 1; i > 0; i--) --- gnutls-2.4.2-CVE-2008-4989.patch ends here --- I had made a quick patch to update to 2.4.2. It works for me and fixes the CVS in question: --- gnutls-2.4.1_1-to-2.4.2-plus-CVE-2008-4989.patch begins here --- diff -urN ./Makefile ../gnutls/Makefile --- ./Makefile 2008-11-14 16:42:13.000000000 +0300 +++ ../gnutls/Makefile 2008-11-14 16:42:31.000000000 +0300 @@ -6,8 +6,7 @@ # PORTNAME= gnutls -PORTVERSION= 2.4.1 -PORTREVISION= 1 +PORTVERSION= 2.4.2 CATEGORIES= security net MASTER_SITES= http://josefsson.org/gnutls/releases/ \ ftp://ftp.gnutls.org/pub/gnutls/ \ diff -urN ./distinfo ../gnutls/distinfo --- ./distinfo 2008-11-14 16:42:13.000000000 +0300 +++ ../gnutls/distinfo 2008-11-14 16:52:41.000000000 +0300 @@ -1,3 +1,3 @@ -MD5 (gnutls-2.4.1.tar.bz2) = 573db36cb3f8472b0293cfa1f52c607a -SHA256 (gnutls-2.4.1.tar.bz2) = d91401a6828d7300dc2b1106ff99610479aa35af05d39746cacdab8cdc7be5fd -SIZE (gnutls-2.4.1.tar.bz2) = 4940118 +MD5 (gnutls-2.4.2.tar.bz2) = 148bde1f43cae2ea4265439df0da6399 +SHA256 (gnutls-2.4.2.tar.bz2) = 1c70e916c691c7c31ea3c8f2abeedae6c7dfda754e02b373287ceb5b46bfbb0e +SIZE (gnutls-2.4.2.tar.bz2) = 4958098 diff -urN ./files/patch-CVE-2008-4989 ../gnutls/files/patch-CVE-2008-4989 --- ./files/patch-CVE-2008-4989 1970-01-01 03:00:00.000000000 +0300 +++ ../gnutls/files/patch-CVE-2008-4989 2008-11-14 17:06:13.000000000 +0300 @@ -0,0 +1,38 @@ +--- lib/x509/verify.c.orig 2008-09-16 00:04:19.000000000 +0400 ++++ lib/x509/verify.c 2008-11-14 16:06:59.000000000 +0300 +@@ -376,6 +376,17 @@ + int i = 0, ret; + unsigned int status = 0, output; + ++ /* Check if the last certificate in the path is self signed. ++ * In that case ignore it (a certificate is trusted only if it ++ * leads to a trusted party by us, not the server's). ++ */ ++ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], ++ certificate_list[clist_size - 1]) > 0 ++ && clist_size > 0) ++ { ++ clist_size--; ++ } ++ + /* Verify the last certificate in the certificate path + * against the trusted CA certificate list. + * +@@ -414,17 +425,6 @@ + } + #endif + +- /* Check if the last certificate in the path is self signed. +- * In that case ignore it (a certificate is trusted only if it +- * leads to a trusted party by us, not the server's). +- */ +- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], +- certificate_list[clist_size - 1]) > 0 +- && clist_size > 0) +- { +- clist_size--; +- } +- + /* Verify the certificate path (chain) + */ + for (i = clist_size - 1; i > 0; i--) --- gnutls-2.4.1_1-to-2.4.2-plus-CVE-2008-4989.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: