Vigil@nce: Red Hat Certificate System, incomplete CRL
July 2008 by Vigil@nce
SYNTHESIS
In some cases, the CRL generated by Red Hat Certificate System
does not contain all revoked certificates.
Gravity: 1/4
Consequences: user access/rights, data reading
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: medium (2/3)
Creation date: 22/07/2008
Identifier: VIGILANCE-VUL-7961
IMPACTED PRODUCTS
– Red Hat Enterprise Linux [confidential versions]
DESCRIPTION
The Red Hat Certificate System product handles certificates of a
PKI. It can generate a CRL (Certificate Revocation List).
However, if new certificates are revoked when RHCS generates the
CRL, the CRL is truncated.
An attacker owning a valid certificate, but which is normally
revoked, can thus use this certificate until the next non
truncated generation of the CRL.
CHARACTERISTICS
Identifiers: 304571, CVE-2007-4994, RHSA-2007-0934,
RHSA-2008:0566-01, VIGILANCE-VUL-7961