Bug#873557: mbedtls: possible authentication bypass
Control: retitle mbedtls: CVE-2017-14032: authentication bypass Hi On Tue, Aug 29, 2017 at 12:09:30AM +0100, James Cowgill wrote: > Source: mbedtls > Version: 2.1.2-1 > Severity: grave > Tags: security > > Hi, > > The following security advisory was published for mbedtls: > https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02 MITRE has assigned CVE-2017-14032 for this issue. Regards, Salvatore
Bug#873557: mbedtls: possible authentication bypass
On 29/08/17 00:09, James Cowgill wrote: > I think this is the commit which fixes this, but I have not checked yet: > https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32 In addition, this commit must be applied before that one: https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc I created a test certificate chain for this (before I realized upstream already had one) which I have attached. The bug can be reproduced using mbedtls's test programs (available from manually built source). First, start a server: programs/ssl/ssl_server2 crt_file=test-certs/chain.pem key_file=test-certs/child.key Then run the child like this: programs/ssl/ssl_client2 server_name=Child server_addr=localhost auth_mode=optional Currently, the client will claim that the certificate validated. This is quite astounding since I didn't even give the client a list of trusted CAs! > . Verifying peer X.509 certificate... ok After applying the patches the client will correctly fail the certificate validation. James test-certs.tar.gz Description: application/gzip signature.asc Description: OpenPGP digital signature
Bug#873557: mbedtls: possible authentication bypass
Source: mbedtls Version: 2.1.2-1 Severity: grave Tags: security Hi, The following security advisory was published for mbedtls: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02 [Vulnerability] If a malicious peer supplies an X.509 certificate chain that has more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (which by default is 8), it could bypass authentication of the certificates, when the authentication mode was set to 'optional' eg. MBEDTLS_SSL_VERIFY_OPTIONAL. The issue could be triggered remotely by both the client and server sides. If the authentication mode, which can be set by the function mbedtls_ssl_conf_authmode(), was set to 'required' eg. MBEDTLS_SSL_VERIFY_REQUIRED which is the default, authentication would occur normally as intended. [Impact] Depending on the platform, an attack exploiting this vulnerability could allow successful impersonation of the intended peer and permit man-in-the-middle attacks. The advisory states that only mbedtls >= 1.3.10 is affected, which means that jessie's version of polarssl is not affected. I think this is the commit which fixes this, but I have not checked yet: https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32 James signature.asc Description: OpenPGP digital signature