Actu
Vigil@nce - GnuTLS: accepting X.509 CA v1
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can ask a trusted certification authority to create an
X.509 v1 certificate, which is accepted by GnuTLS as being a root
certificate.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 26/02/2014
DESCRIPTION OF THE VULNERABILITY
An X.509 version 1 certificate does not have the basicConstraints
extension. This extension indicates if the certificate if for a
certification authority, and the number of allowed intermediary
certifications authorities. For example:
basicConstraints=critical, CA:TRUE, pathlen:0
However, by default, GnuTLS inferior to 2.7.6 allows v1
certificates.
An attacker can therefore ask a trusted certification authority to
create an X.509 v1 certificate, which is accepted by GnuTLS as
being a root certificate.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/GnuTLS-accepting-X-509-CA-v1-14311
