GnuTLS, an open source cryptographic library, was a headliner in March because of a critical certificate verification vulnerability that some erroneously put in the same class as Apple’s infamous gotofail bug.
The library, used in a number of Linux distributions including Red Hat, Debian and Ubuntu, is back in the spotlight today after it was revealed that a critical vulnerability was recently patched.
GnuTLS chief architect and Red Hat engineer Nikos Mavrogiannopoulos released a patch last Wednesday after researchers from Codenomicon, the same firm that reported the Heartbleed OpenSSL vulnerability, said they’d found a remote execution bug in GnuTLS.
“A flaw was found in the way GnuTLS parsed session IDs from Server Hello packets of the TLS/SSL handshake,” said Tomas Hoger in an advisory posted by Red Hat yesterday. “A malicious server could use this flaw to send an excessively long session ID value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.”
Mavrogiannopoulos’ patch fixes a coding error in the Server Hello packets; session ID lengths were previously checked to not exceed incoming packet sizes, but were not checked to ensure a maximum session ID length was not exceeded. The bug was fixed in GnuTLS 3.1.25, GnuTLS 3.2.15, GnuTLS 3.3.3
While not on the same plane as the previous GnuTLS vulnerability or gotofail, this one still puts servers at risk of remote code execution or a denial of service condition.
In March, shortly after Apple’s gotofail SSL bug shook the security community, GnuTLS reported and patched a similar bug where a hacker could create a specially crafted certificate that would be accepted by a server running the library and accepted as valid. More than 350 software packages rely on GnuTLS crypto libraries , including core crypto and mail libraries such as libcrypt, as well as a number of Linux distributions.
Experts refuted initial comparisons to Apple’s gotofail, pointing out that while an attacker in a man-in-the-middle position could intercept traffic and introduce a malicious certificate, that’s where the similarities end.
While the goto command appears in the buggy code in both vulnerabilities, the GnuTLS bug is related to improper error handling. The buggy code is meant to return either a true or false variable depending on the validity of the certificate. Instead, it was returning specific error codes, that under Boolean rules, are interpreted as true regardless of whether the error code is a negative.
“Under Boolean rules, anything that is not a zero is ‘true,’” Veracode security researcher Melissa Elliott told Threatpost at the time. “Hence, an error meant to indicate failure would be passed up the chain as ‘true’ (no error) instead of ‘false’ (error).”