>Number: 128868 >Category: ports >Synopsis: [vuxml] security/gnutls: CVE-2008-4989 and update to 2.4.2 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Nov 14 15:00:10 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 8.0-CURRENT amd64 >Organization: Code Labs >Environment:
System: FreeBSD 8.0-CURRENT amd64 >Description: According to the Martin von Gagem, http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 there is X.509 trust chains validation failure that allows man in the middle to assume any DN and trick GNU TLS clients into trusting that name. >How-To-Repeat: Look at http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 http://www.gnu.org/software/gnutls/security.html >Fix: The following VuXML entry should be added: --- vuln.xml begins here --- <vuln vid=""> <topic>GnuTLS -- X.509 certificate chain validation vulnerability</topic> <affects> <package> <name>gnutls</name> <range><gt>2.4.0</gt><lt>2.4.2</lt></range> </package> <package> <name>gnutls</name> <range><gt>2.6.0</gt><lt>2.6.1</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml";> <p>Martin von Gagern reports:</p> <blockquote cite="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217";> <p>This is an analysis fo the GNU TLS vulnerability recently published as GNUTLS-SA-2008-3 and CVE-2008-4989.</p> <p>I found a bug in GNU TLS which breaks X.509 certificate chain verification. This allows a man in the middle to assume any name and trick GNU TLS clients into trusting that name.</p> <p>This could be used to imitate a server using a specially crafted server certificate chain together with DNS spoofing or some way of intercepting packets along their route. It could also be used to imitate clients authenticating to some service using client certificates, again using specially crafted certificate chains.</p> </blockquote> <p>Announcement of GnuTLS 2.6.1:</p> <blockquote cite="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215";> <p>Version 2.6.1 is a maintainance and security release on our stable branch.</p> <p>** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]</p> <p>The flaw makes it possible for man in the middle attackers (i.e., active attackers) to assume any name and trick GNU TLS clients into trusting that name. Thanks for report and analysis from Martin von Gagern <Martin.vGagern <at> gmx.net>. [CVE-2008-4989]</p> </blockquote> </body> </description> <references> <cvename>CVE-2008-4989</cvename> <url>http://www.gnu.org/software/gnutls/security.html</url> <url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217</url> <url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215</url> </references> <dates> <discovery>2008-11-10</discovery> </dates> </vuln> --- vuln.xml ends here --- I am assuming that the maintainer will update the port to the version 2.4.2 (the latest one from the 2.4 branch) or to 2.6.1. One can drop 2.6.x from the VuXML entry if he won't planning to introduce GnuTLS 2.6.x to the ports or he is planning to update to GnuTLS >= 2.6.1. I had extracted the patch from the http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 and had applied it to the 2.4.2. --- gnutls-2.4.2-CVE-2008-4989.patch begins here --- Obtained from: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 Remarks: applied original patch to 2.4.2 and diffed the sources again --- lib/x509/verify.c.orig 2008-09-16 00:04:19.000000000 +0400 +++ lib/x509/verify.c 2008-11-14 16:06:59.000000000 +0300 @@ -376,6 +376,17 @@ int i = 0, ret; unsigned int status = 0, output; + /* Check if the last certificate in the path is self signed. + * In that case ignore it (a certificate is trusted only if it + * leads to a trusted party by us, not the server's). + */ + if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], + certificate_list[clist_size - 1]) > 0 + && clist_size > 0) + { + clist_size--; + } + /* Verify the last certificate in the certificate path * against the trusted CA certificate list. * @@ -414,17 +425,6 @@ } #endif - /* Check if the last certificate in the path is self signed. - * In that case ignore it (a certificate is trusted only if it - * leads to a trusted party by us, not the server's). - */ - if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], - certificate_list[clist_size - 1]) > 0 - && clist_size > 0) - { - clist_size--; - } - /* Verify the certificate path (chain) */ for (i = clist_size - 1; i > 0; i--) --- gnutls-2.4.2-CVE-2008-4989.patch ends here --- I had made a quick patch to update to 2.4.2. It works for me and fixes the CVS in question: --- gnutls-2.4.1_1-to-2.4.2-plus-CVE-2008-4989.patch begins here --- diff -urN ./Makefile ../gnutls/Makefile --- ./Makefile 2008-11-14 16:42:13.000000000 +0300 +++ ../gnutls/Makefile 2008-11-14 16:42:31.000000000 +0300 @@ -6,8 +6,7 @@ # PORTNAME= gnutls -PORTVERSION= 2.4.1 -PORTREVISION= 1 +PORTVERSION= 2.4.2 CATEGORIES= security net MASTER_SITES= http://josefsson.org/gnutls/releases/ \ ftp://ftp.gnutls.org/pub/gnutls/ \ diff -urN ./distinfo ../gnutls/distinfo --- ./distinfo 2008-11-14 16:42:13.000000000 +0300 +++ ../gnutls/distinfo 2008-11-14 16:52:41.000000000 +0300 @@ -1,3 +1,3 @@ -MD5 (gnutls-2.4.1.tar.bz2) = 573db36cb3f8472b0293cfa1f52c607a -SHA256 (gnutls-2.4.1.tar.bz2) = d91401a6828d7300dc2b1106ff99610479aa35af05d39746cacdab8cdc7be5fd -SIZE (gnutls-2.4.1.tar.bz2) = 4940118 +MD5 (gnutls-2.4.2.tar.bz2) = 148bde1f43cae2ea4265439df0da6399 +SHA256 (gnutls-2.4.2.tar.bz2) = 1c70e916c691c7c31ea3c8f2abeedae6c7dfda754e02b373287ceb5b46bfbb0e +SIZE (gnutls-2.4.2.tar.bz2) = 4958098 diff -urN ./files/patch-CVE-2008-4989 ../gnutls/files/patch-CVE-2008-4989 --- ./files/patch-CVE-2008-4989 1970-01-01 03:00:00.000000000 +0300 +++ ../gnutls/files/patch-CVE-2008-4989 2008-11-14 17:06:13.000000000 +0300 @@ -0,0 +1,38 @@ +--- lib/x509/verify.c.orig 2008-09-16 00:04:19.000000000 +0400 ++++ lib/x509/verify.c 2008-11-14 16:06:59.000000000 +0300 +@@ -376,6 +376,17 @@ + int i = 0, ret; + unsigned int status = 0, output; + ++ /* Check if the last certificate in the path is self signed. ++ * In that case ignore it (a certificate is trusted only if it ++ * leads to a trusted party by us, not the server's). ++ */ ++ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], ++ certificate_list[clist_size - 1]) > 0 ++ && clist_size > 0) ++ { ++ clist_size--; ++ } ++ + /* Verify the last certificate in the certificate path + * against the trusted CA certificate list. + * +@@ -414,17 +425,6 @@ + } + #endif + +- /* Check if the last certificate in the path is self signed. +- * In that case ignore it (a certificate is trusted only if it +- * leads to a trusted party by us, not the server's). +- */ +- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], +- certificate_list[clist_size - 1]) > 0 +- && clist_size > 0) +- { +- clist_size--; +- } +- + /* Verify the certificate path (chain) + */ + for (i = clist_size - 1; i > 0; i--) --- gnutls-2.4.1_1-to-2.4.2-plus-CVE-2008-4989.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
