Vigil@nce - IBM GSKit: injecting a certification authority
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is allowed to modify a PKCS#12 file, can inject a
malicious root certification authority, which is automatically
imported by GSKit.
– Impacted products: Tivoli Directory Server
– Severity: 2/4
– Creation date: 08/10/2012
DESCRIPTION OF THE VULNERABILITY
The IBM Global Security Kit product implements SSL/TLS for several
IBM products.
A file in PKCS#12 format can contain an X.509 server certificate
for example. This file can also contain a new root certification
authority. However, GSKit adds this authority with no warning.
An attacker, who is allowed to modify a PKCS#12 file, can
therefore inject a malicious root certification authority, which
is automatically imported by GSKit. Certificates which are signed
by this authority are then automatically accepted.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-GSKit-injecting-a-certification-authority-12039