Vigil@nce: GnuTLS, incorrect certificate chain verification
November 2008 by Vigil@nce
SYNTHESIS
An attacker can use an invalid certification chain which is not
rejected by GnuTLS, in order to create a man-in-the-middle attack.
Gravity: 2/4
Consequences: data reading, data flow
Provenance: internet server
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 12/11/2008
IMPACTED PRODUCTS
– Fedora
– Mandriva Linux
– Red Hat Enterprise Linux
– Slackware Linux
– Unix - plateform
DESCRIPTION
The GnuTLS library can be used to implement TLS/SSL
clients/servers.
A TLS client/server has for example a X.509 certificate, certified
by an intermediary certification authority, which is certified by
a root certification authority. GnuTLS has to go though this
certification chain to ensure that the client/server certificate
is trusted.
However, if the certificate of the intermediary certification
authority is self-signed, GnuTLS accepts the certification chain.
An attacker can for example setup a malicious web site offering
this certification chain, in order to deceive web clients linked
to GnuTLS.
CHARACTERISTICS
Identifiers: BID-32232, CVE-2008-4989, FEDORA-2008-9530,
FEDORA-2008-9600, GNUTLS-SA-2008-3, MDVSA-2008:227,
RHSA-2008:0982-01, SSA:2008-315-01, VIGILANCE-VUL-8235
Pointed by: VIGILANCE-VUL-8249