Next Page >>
certificates
Security Advisory
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header
Manipulation Vulnerabilities
Release Date: 2010-07-02
Application: Cisco Content Services Switch (CSS) / ACE Products
Versions: Cisco CSS 11500 - 08.20.1.01
Cisco ACE 4710 - Version A3(2.5) [build 3.0(0)A3(2.5)
including the IP address of the recipient. I was working on S/MIME
messages and I thought about the signature validation process, where
some of the steps could require external information (like a CRL) to
be accessed. The interesting part of it is that the location of this
information can be included in the message itself, as the PKCS#7
package can also include the certificate used to generate the
signature.
I went into Microsoft documentation about the validation process from
Outlook, and found this:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The certificate referenced in this posting is for demonstration purposes
*only*, and this is clearly indicated in Aruba's documentation:
"A server certificate installed in the controller verifies the
authenticity of the controller for 802.1x authentication. Aruba
controllers ship with a demonstration digital certificate. Until you
install a customer-specific server certificate in the controller, this
About WeeChat:
"WeeChat is a fast, light and extensible chat client. It runs on many platforms (including Linux, BSD and Mac OS).
Development is very active, and bug fixes are very fast!"
The vuln:
Weechat does not use the GnuTLS API properly to check certificates, potentially exposing users to man-in-the-middle attacks.
Weechat registers a callback function to be called by GnuTLS during the TLS/SSL handshake. The function perform checks on the server
certificate and optionally, send a client certificate.
The mentioned code is located in src/core/wee-network.c in the network_init function:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
fetchmail-SA-2009-01: Improper SSL certificate subject verification
Topics: Improper SSL certificate subject verification
Author: Matthias Andree
Version: 1.0
Announced: 2009-08-06
handle Office documents like text documents or spreadsheets.
The latest version uses an XML based document format (ODF).
OpenOffice allows documents to be digitally signed by authors
using certified keys, allowing viewers to verify the integrity
and the origin based on the author's public key.
The author's public-key certificate, which can come from
a trusted third party, is embedded in the signed document.
II. Problem Description
necessary changes.
Details follow:
Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did
not properly handle certificates with NULL characters in the certificate
name. An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2730)
Dan Kaminsky discovered GnuTLS would still accept certificates with MD2
protected by TLS.
The only ArubaOS component that seems affected by this issue is the
HTTPS WebUI administration interface. If a client browser (victim) is
configured to authenticate to the WebUI over HTTPS using a client
certificate, an attacker can potentially use the victim's credentials
temporarily to execute arbitrary HTTP request for each initiation of an
HTTPS session from the victim to the WebUI. This would happen without
any HTTPS/TLS warnings to the victim. This condition can essentially be
exploited by an attacker for command injection in beginning of a HTTPS
session between the victim and the ArubaOS WebUI.
Trustwave's SpiderLabs Security Advisory TWSL2011-007:
iOS SSL Implementation Does Not Validate Certificate Chain
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt
Published: 2011-07-25
Version: 1.0
Vendor: Apple (http://www.apple.com)
Product: iOS
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by introducing openssl-blacklist to aid in
detecting vulnerable private keys. This update enhances the
openssl-vulnkey tool to check Certificate Signing Requests, accept
input from STDIN, and check moduli without a certificate.
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by introducing openssl-blacklist to aid in
detecting vulnerable private keys. This update enhances the
openssl-vulnkey tool to check X.509 certificates as well, and
provides the corresponding update for Ubuntu 6.06. While the
OpenSSL in Ubuntu 6.06 was not vulnerable, openssl-blacklist is
contains multiple denial of service (DoS) vulnerabilities that may
cause an interruption in voice services, if exploited. These
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
contains multiple denial of service (DoS) vulnerabilities that may
cause an interruption in voice services, if exploited. These
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
Summary
- -------
FreeRADIUS is a RADIUS server software which supports many
authentication protocols. One of those protocols is EAP-TLS
used within 802.1X. In EAP-TLS X.509 client certificates are
used to authenticate remote users/clients.
FreeRADIUS supports several methods for checking the revocation
status of X.509 certificates. Recently support for revocation
status checking with the Online Certificate Status Protocol (OCSP)
Service Console package curl updated to version 7.15.5-2.1.el5_3.5
A cURL is affected by the previously published "null prefix attack",
caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker
could use the certificate during a man-in-the-middle attack and
potentially confuse cURL into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
Debian-specific: no
CVE Id(s) : CVE-2008-4989
Debian Bug : 505360
Martin von Gagern discovered that GNUTLS, an implementation of the
TLS/SSL protocol, handles verification of X.509 certificate chains
incorrectly if a self-signed certificate is configured as a trusted
certificate. This could cause clients to accept forged server
certificates as genuine. (CVE-2008-4989)
In addition, this update tightens the checks for X.509v1 certificates
Matta Consulting - Matta Advisory
https://www.trustmatta.com
pfSense x509 Insecure Certificate Creation
Advisory ID: MATTA-2011-001
CVE reference: CVE-2011-4197
Affected platforms: pfSense
Version: 2.0
We have been following up on Ben Laurie's advisory and have replaced the
faulty certificate with a new one. In addition we created an advisory
for our users that outlines some general precautions they should take:
http://blog.beuchelt.org/2008/08/07/Some+Security+Advice+For+Our+OpenID+Users.aspx).
While these measure cannot guarantee safety, they can help improving the
situation. In addition, Robin Wilton has documented what happened here:
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-4989
Debian Bug : 505360
Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as
CA root certificates by default, as originally described in the
documentation. However, it turned out that there is still significant
use of historic X.509v1 CA root certificates, so this constitutes an
unacceptable regression. This update reverses this part of the
changes in DSA-1719-1. Note that the X.509v1 certificate format does
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Overview:
Apache-SSL provides environment variables that are filled with
(client) certificate data. If the subject of a client certificate
contains special characters, parts of these variables can be overwritten
or be filled with other parts of memory.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Technical details:
===============================================
Ben Laurie of Google's Applied Security team, while working with an
external researcher, Dr. Richard Clayton of the Computer Laboratory,
Cambridge University, found that various OpenID Providers (OPs) had
TLS Server Certificates that used weak keys, as a result of the Debian
Predictable Random Number Generator (CVE-2008-0166).
In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and
the fact that almost all SSL/TLS implementations do not consult CRLs
(currently an untracked issue), this means that it is impossible to
======================================================================
= Security Objectives Advisory (SECOBJADV-2008-01) =
======================================================================
Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability
http://www.security-objectives.com/advisories/SECOBJADV-2008-01/
AFFECTED: Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3)
Credit: Paul Kehrer of Trustwave SpiderLabs
Finding: Vulnerability in Pantech Web Browser SSL Implementation
Pantech Link/P7040P browser SSL certificate parsing contains a flaw where
it fails to check the Basic Constraints parameter of certificates in the
chain.
By signing a new certificate using a legitimate end entity certificate,
an attacker can obtain a "valid" certificate for any domain. For example:
iSEC Partners Security Advisory - 2007-006-RubySSL
http://www.isecpartners.com
--------------------------------------------
Ruby Net::HTTPS library does not validate server certificate CN
Vendor: Ruby
Vendor URL: http://www.ruby-lang.org
Versions affected: 1.8.5, 1.8.6, Trunk Ruby
Systems Affected: All Ruby Platforms
http://www.debian.org/security/ Raphael Geissert
September 13, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssl
Vulnerability : compromised certificate authority
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1945
Several fraudulent SSL certificates have been found in the wild issued
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Google Chrome user alibo encountered an active man in the middle (MITM)
attack on secure SSL connections to Google servers. The fraudulent
certificate was mis-issued by DigiNotar, a Dutch Certificate
Authority. DigiNotar has reported evidence that other fraudulent
certificates were issued and in active use but the full extent of
the compromise is not known.
For the protection of our users Mozilla has removed the DigiNotar
needed to use the new NSS.
Original advisory details:
Moxie Marlinspike discovered that NSS did not properly handle regular
expressions in certificate names. A remote attacker could create a
specially crafted certificate to cause a denial of service (via application
crash) or execute arbitrary code as the user invoking the program.
(CVE-2009-2404)
Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
We apologize for the inconvenience.
Original advisory details:
Moxie Marlinspike discovered that NSS did not properly handle regular
expressions in certificate names. A remote attacker could create a
specially crafted certificate to cause a denial of service (via application
crash) or execute arbitrary code as the user invoking the program.
(CVE-2009-2404)
Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
legitimate URL and then use document.write() to place content within
the new document, appearing to have come from the spoofed location
(CVE-2009-2654).
Moxie Marlinspike reported a heap overflow vulnerability in the
code that handles regular expressions in certificate names. This
vulnerability could be used to compromise the browser and run arbitrary
code by presenting a specially crafted certificate to the client
(CVE-2009-2404).
IOActive security researcher Dan Kaminsky reported a mismatch in the
Problem Description:
Multiple vulnerabilities was discovered and corrected in postgresql:
NULL Bytes in SSL Certificates can be used to falsify client or server
authentication. This only affects users who have SSL enabled, perform
certificate name validation or client certificate authentication,
and where the Certificate Authority (CA) has been tricked into
issuing invalid certificates. The use of a CA that can be trusted to
always issue valid certificates is recommended to ensure you are not
Next Page>>
|
