Vigil@nce - GnuTLS: accepting a certificate with a CA not authorized to sign
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious certificate, which is accepted
as valid by GnuTLS, in order to invite the victim to connect to a
server setup as a Man-in-the-Middle.
– Impacted products: Unix (platform)
– Severity: 2/4
– Creation date: 04/04/2014
DESCRIPTION OF THE VULNERABILITY
The GnuTLS library implements the SSL/TLS protocol. It has to
perform checks on X.509 certificates.
However, this library accepts a certificate with a CA not
authorized to sign other certificates.
An attacker can therefore create a malicious certificate, which is
accepted as valid by GnuTLS, in order to invite the victim to
connect to a server setup as a Man-in-the-Middle.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN