The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


SA-20040802 GnuTLS certificate chain verification bug


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Mon, 2 Aug 2004 17:18:46 +0200
From: Patrik Hornik <[email protected]>
To: [email protected]
Subject: SA-20040802 GnuTLS certificate chain verification bug

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Security advisory 20040802 - ---------------------------------------------------------------------- Product: GnuTLS Vulnerability type: wrong algorithm Impact: DoS Severity: low Issue date: 2004/08/02 Last updated: 2004/08/02
Description - ----------- Mr. Hornik has discovered error in X.509 certificate chain verification procedure in GnuTLS library. The certificate chain should be verified from last root certificate to the first certificate. Otherwise a lot of unauthorized CPU processing can be forced to check certificate signatures signed with arbitrary RSA/DSA keys chosen by attacker. In GnuTLS the signatures are checked from first to last certificate, there is no limit on size of keys and no limit on length of certificate chain. Vulnerability - ------------- GnuTLS library checks the signatures from first to last root certificate of chain, there is no limit on size of keys and no limit on length of certificate chain. So attacker can construct such certificate chain that signature signed with chosen RSA key with chosen size will be verified. This is not the case when verifying from last root certificate to first - there are checked signatures signed by trusted certificates and so trusted keys only. The main problem is that size of key can be chosen - with RSA keys the complexity of verifying signature is dependent on square of key size. So for example verifying signature signed with 32768 bit RSA key takes approximately 1024 times longer than verifying signature signed with 1024 bit RSA key (with simillar bit length of e). Because RSA verification is not simple operation with longer keys one verification takes such significant amount of processing power that you can effectively launch DoS on CPU resources of remote machine running GnuTLS. Who is affected? - ---------------- Affected are all users using GnuTLS library version 1.0.16 and below for verifying X.509 certificate chains. The version 1.0.17 with this issue fixed by introducing some limits on key size and chain length is available from vendor together with this announcement. Recommendations - --------------- Upgrade your GnuTLS library to the version 1.0.17 or later with this issue fixed and restart all dependant applications if needed. References - ---------- This security advisory: http://www.hornik.sk/SA/SA-20040802.txt GnuTLS: http://www.gnu.org/software/gnutls/ Contact - ------- Patrik Hornik - -- Email: [email protected] Phone: +421 905 385 666 PGP KeyID: 940AA357 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQA/AwUBQQ5KKp4J6KGUCqNXEQK5tACgo9/t1cSCvaihE1yy/N/wvPXCvowAoOlA v0adXHcIJyrMsHlmmwVCC58v =c6Re -----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру