Vigil@nce - Apache Subversion: wrong validation of SSL certificate
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a certificate with wildcard to spoof a
Subversion server.
Impacted products: Subversion, openSUSE, Ubuntu
Severity: 2/4
Creation date: 12/08/2014
DESCRIPTION OF THE VULNERABILITY
In order to access to WebDAV servers, the Subversion client
library may use the library serf.
To check whether a wildcard DNS name from an SSL certificate
matches the targeted server name, the serf library use a C
function that is designed for filename matching. However, rules
for matching certificate names are stricter. So, the library
accepts some SSL certificates for a given targeted SVN server that
it should reject.
An attacker can therefore use a certificate with wildcard to spoof
a Subversion server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-Subversion-wrong-validation-of-SSL-certificate-15163