Vigil@nce: OpenSSL, using invalid CRL
September 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
In some cases, the OpenSSL internal feature which checks
certificates accepts invalid CRL.
– Severity: 2/4
– Creation date: 06/09/2011
IMPACTED PRODUCTS
– Fedora
– OpenSSL
DESCRIPTION OF THE VULNERABILITY
A CRL (Certificate Revocation List) indicates a list of invalid
certificates. It contains several dates:
– thisUpdate : the publication date of the CRL
– nextUpdate : the date when a new CRL should be published to
replace the current CRL
After the nextUpdate date, the CRL has to be rejected as obsolete.
OpenSSL provides an internal CRL checking feature, which is not
enabled by default. It is enabled when the code of the application
uses X509_V_FLAG_CRL_CHECK or X509_V_FLAG_CRL_CHECK_ALL. Apache
httpd has its own CRL checking feature, and does not use the
OpenSSL feature.
In some cases, the OpenSSL internal feature which checks
certificates does not reject CRL with a past nextUpdate date.
These CRL are thus always valid.
An attacker, who can force an application compiled with OpenSSL to
use an old CRL, can thus forbid the update of invalid certificates.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-using-invalid-CRL-10970