GnuTLS, an open source SSL and TLS implementation used in hundreds of software packages including Red Hat desktop and server products and all Debian and Ubuntu Linux distributions, is the latest crypto package to improperly verify digital certificates as authentic. The vulnerability, discovered and reported yesterday by engineers at Red Hat, puts any site or application dependent on GnuTLS at risk for exploit.

“It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification,” Red Hat said in an advisory issued Monday. “An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.”

The vulnerability has eerie similarities to a bug reported by Apple in its iOS mobile operating system and OS X for Mac computers. Now known as the goto fail bug, separate patches were issued for the vulnerability which removed SSL certificate checks from the respective operating systems.

“This really is as bad as it gets,” said Kenneth White, a security expert and principal scientist at Social & Scientific Systems in North Carolina. “An attacker can trivially forge any arbitrary domain and make it appear authoritative and trusted to the requestor. So, not only interception of sensitive channels, but [also] potentially subverting the trusted package signature process as well.”

White estimates there are more than 350 packages that rely on GnuTLS crypto libraries; in addition to popular Linux distributions, core crypto and mail libraries such as libcrypt and libmailutils, and cURL are affected.

“cURL (libcurl3-gnutls), in turn is used by the package updating system both for OpenPGP (gnupg2 and gnupg-curltransport), as well as the system package updater itself (apt-transport-https),” White said. “But what is especially difficult, is understanding the myriad downstream dependencies, such as XML parsers, etc. In general, Debian & Ubuntu have eschewed OpenSSL for license reasons, so there actually exist Nginx and Apache installs that use gnutls as well.”

GnuTLS issued an advisory, confirming the vulnerability and that it was discovered during an audit of GnuTLS for Red Hat. It urges users to upgrade to the latest GnuTLS version 3.2.12 or 3.1.22 or to apply a patch for GnuTLS 2.12x. Red Hat Enterprise Linux Desktop, HPC Node, Server and Workstation v 6, as well as Red Hat Enterprise Linux Server AUS and EUS v 6.5 are affected, Red Hat said in its advisory.

The recent Apple bug brought this issue to the forefront. Apple released a patch on Feb. 21 for iOS and days later for OS X. An attacker with man in the middle positioning on a network could present an invalid certificate that would pass checks normally designed to reject such a cert. The attacker would then be able to monitor communication and network traffic thought to be secure.

Categories: Cryptography, Vulnerabilities

Comment (1)

  1. Carl
    1

    “an invalid certificate that would pass checks normally designed to reject such a cert.”
    The attacker presents the true and correct cert for the server, it’s the signature block on the connection that’s bogus. iOS was not checking that the signature was valid. This allows things like EV certs and certificate pinning to go unchanged.

Comments are closed.