Vigil@nce - GnuTLS: accepting X.509 CA v1
February 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can ask a trusted certification authority to create an
X.509 v1 certificate, which is accepted by GnuTLS as being a root
certificate.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 14/02/2014
DESCRIPTION OF THE VULNERABILITY
An X.509 version 1 certificate does not have the basicConstraints
extension. This extension indicates if the certificate if for a
certification authority, and the number of allowed intermediary
certifications authorities. For example:
basicConstraints=critical, CA:TRUE, pathlen:0
The GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT flag allows version 1
certificates, which is potentially dangerous because there is no
distinction between root and intermediary certificates.
However, when this flag is not set, the _gnutls_x509_verify_certificate()
function uses a reverted logic, and allows v1 certificates.
An attacker can therefore ask a trusted certification authority to
create an X.509 v1 certificate, which is accepted by GnuTLS as
being a root certificate.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/GnuTLS-accepting-X-509-CA-v1-14257