SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   nCipher PKCS#11 Library Vendors:   nCipher
nCipher PKCS#11 Library Implementation Bug Always Validates Symmetric Signatures, Even When They are Not Valid
SecurityTracker Alert ID:  1005082
SecurityTracker URL:  http://securitytracker.com/id/1005082
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 19 2002
Impact:   Host/resource access via network, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.2.0 and more recent versions
Description:   nCipher issued a security advisory warning that the C_Verify function of their PKCS#11 library may validate incorrect symmetric signatures. A remote user could tamper with or forge messages sent to systems using the affected library function.

It is reported that when an application calls the C_Verify function on a symmetric signature, the nCipher PKCS#11 cryptographic library always returns CKR_OK. This indicates that the signature is valid, even if it is not. The flaw resides in the error-checking routine when used with a symmetric verification key.

An attacker could tamper with or forge messages intended for systems using the nCipher PKCS#11 library.

According to nCipher, the bug has been in all versions of the nCipher PKCS#11 implementation since symmetric message signing mechanisms were introduced, in the latter part of 1998. All versions of the library since version 1.2.0 are affected.

According to nCipher, you are *not* affected if:

You are using nCipher's nFast 75, nFast 150, nFast 300 or nFast 800 product you are not affected.

You are using nCipher's nForce (previously called nFast/KM) or nShield (previously called nFast/CA) modules with any interface other than nCipher's PKCS#11 library. For example the nCipher nCore, CHIL, BHAPI, JCE and MSCAPI CSP interfaces are *not* affected.

To determine whether you are affected or not, nCipher has provided the following instructions:

a) Turn on nCipher PKCS#11 library debugging by setting CKNFAST_DEBUG=9 and CKNFAST_DEBUGFILE=<name of debug file> in your environment.

b) Run your application and check that the log file is produced.

c) Search for occurrences of C_VerifyInit in the logfile.

The application is affected if these calls are made with any of the following mechanisms:

CKM_DES_MAC
CKM_DES_MAC_GENERAL
CKM_DES3_MAC
CKM_DES3_MAC_GENERAL
CKM_CAST5_MAC
CKM_CAST5_MAC_GENERAL
CKM_CAST128_MAC
CKM_CAST128_MAC_GENERAL

Impact:   A remote user could tamper with or forge messages sent to systems using the affected library function. Such messages would have their signatures validated by the affected libtrary function when the signatures are not valid.
Solution:   For users that are affected or are unable to confirm whether they are affected or not, nCipher recommends that you upgrade to the fixed version of the nCipher-supplied PKCS#11 library as soon as possible.

Contact nCipher Support for details on obtaining the updated software. Updated software is available now for the following platforms:

Windows, Linux, AIX, Solaris, HP-UX

The fixed software will reportedly be made available for other platforms as soon as possible.

nCipher customers can contact:

e-mail: support@ncipher.com
Customers in the USA or Canada: +1 781 994 8004
Customers in all other countries: +44 1223 723675

Vendor URL:  www.ncipher.com/support/advisories/advisory5_c_verify.html (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  nCipher PKCS#11 library flaw


http://www.ncipher.com/support/advisories/advisory5_c_verify.html

nCipher issued a security advisory (No. 5) warning that their C_Verify function
may validate incorrect symmetric signatures.

According to the advisory, when C_Verify is called on a symmetric signature, the
nCipher PKCS#11 cryptographic library always returns CKR_OK.  This indicates
that the signature is valid, even if it is not.

The nCipher PKCS#11 implementation supports symmetric message signing (also
called a MAC, or Message Authentication Code), in which the message is signed
and verified by the same key.  The C_Verify function call in this library
contains a flaw in the error-checking routine when used with a symmetric
verification key.  The software incorrectly returns CKR_OK after detecting an
invalid signature, when it should return CKR_SIGNATURE_INVALID.

An attacker could tamper with or forge messages intended for systems using the
nCipher PKCS#11 library.

According to nCipher, the bug has been in all versions of the nCipher PKCS#11
implementation since symmetric message signing mechanisms were introduced, in
the latter part of 1998. All versions of the library since version 1.2.0 are
affected.

According to nCipher, you are *not* affected if:

You are using nCipher's nFast 75, nFast 150, nFast 300 or nFast 800 product you
are not affected. 

You are using nCipher's nForce (previously called nFast/KM) or nShield
(previously called nFast/CA) modules with any interface other than nCipher's
PKCS#11 library. For example the nCipher nCore, CHIL, BHAPI, JCE and MSCAPI CSP
interfaces are *not* affected. 

You are using a PKCS#11 implementation not supplied by nCipher. 

You are verifying only DSA and RSA signatures, as this bug only applies to
signatures using symmetric mechanisms. 

You are using an application with the nCipher PKCS#11 library that does not use
symmetric signatures. 

You are using iPlanet, as iPlanet performs all symmetric cryptography operations
internally. 

To determine whether you are affected or not, nCipher has provided the following
instructions:

a) Turn on nCipher PKCS#11 library debugging by setting CKNFAST_DEBUG=9 and
CKNFAST_DEBUGFILE=<name of debug file> in your environment.

b) Run your application and check that the log file is produced.

c) Search for occurrences of C_VerifyInit in the logfile. 

The application is affected if these calls are made with any of the following
mechanisms:

CKM_DES_MAC
CKM_DES_MAC_GENERAL
CKM_DES3_MAC
CKM_DES3_MAC_GENERAL
CKM_CAST5_MAC
CKM_CAST5_MAC_GENERAL
CKM_CAST128_MAC
CKM_CAST128_MAC_GENERAL

For users that are affected or are unable to confirm whether they are affected
or not, nCipher recommends that you upgrade to the fixed version of the
nCipher-supplied PKCS#11 library as soon as possible.

Contact nCipher Support for details on obtaining the updated software.  Updated
software is available now for the following platforms:

Windows, Linux, AIX, Solaris, HP-UX

The fixed software will reportedly be made available for other platforms as soon
as possible.

nCipher customers can contact:

e-mail: support@ncipher.com
Customers in the USA or Canada: +1 781 994 8004
Customers in all other countries: +44 1223 723675


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC