SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft Crypto API Vendors:   Microsoft
(Microsoft Issues Fix) Re: Microsoft Internet Explorer SSL Implementation Flaw in Following Certificate Chains Allows Remote Users to Conduct Man-in-the-Middle Attacks to Obtain Unencrypted Data from the Browser
SecurityTracker Alert ID:  1005186
SecurityTracker URL:  http://securitytracker.com/id/1005186
CVE Reference:   CVE-2002-1183, CVE-2002-0862   (Links to External Site)
Updated:  Nov 13 2003
Original Entry Date:  Sep 5 2002
Impact:   Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 98, 98SE, Me, NT 4.0, NT 4.0 Terminal Server Edition, 2000, XP
Description:   A vulnerability was reported in Microsoft's secure sockets layer (SSL) protocol implementation. A remote user with access to a target user's encrypted data stream could conduct a man-in-the-middle attack to obtain the unencrypted data.

The vulnerability reportedly exists in the way in which Internet Explorer (IE) follows certificate chains. A browser should verify that the CN field of the certificate matches the server's domain, that it is signed by the intermediate certificate authority (CA), and that the intermediate CA's certificate is signed by a known CA. According to the report, the browser should also check that all intermediate certificates have valid CA Basic Constraints.

It is reported that IE does not check the Basic Constraints. As a result, a server with a valid certificate (signed by a valid CA) for any domain can apparently generate a valid CA-signed certificate for any other domain (from the perspective of the IE browser, that is).

To exploit this, the remote user must generate a valid certificate for a domain within the user's administrative control and obtain a valid signature from a known CA (e.g., VeriSign). Then, the remote user can generate a certificate for an arbitrary domain and sign it with their own CA.

Because IE does not check the Basic Constraints on the certificate for the arbitrary domain, IE will reportedly accept this certificate chain as valid for the arbitrary domain.

A remote user can thus spoof any domain using a man-in-the-middle attack.

It is reported that there will be no browser warnings presented to the target user. However, if the target user chooses to view the certificate of the intended web site, the target user will see the attacker's certificate in the chain.

It is also reported that IE 6 may not follow the chain in certain cases, depending on what content the valid CA places in the Basic Constraint field.

[Editor's note: In November 2002, Microsoft reported that there is a closely related variant (CVE: CVE-2002-1183) to this vulnerability relating to certificate validation. However, the new vulnerability may allow a remote user to gain control over the target user's system. Only Microsoft Windows 98, Windows 98 Second Edition, Windows NT 4.0, and Windows NT 4.0, Terminal Server Edition are affected by this new variant, the vendor reported. The vendor did not provide details of this new variant.]

Impact:   A remote user with the ability to conduct a man-in-the middle attack can spoof any domain and obtain the target user's unencrypted data.

A remote user may also be able to take control of the target user's system.

Solution:   Microsoft has released fixes, as described in MS02-050. Please note that Microsoft updated MS02-050 in November 2002 because of a variant of the originally reported vulnerability. In that update, new fixes were provided and a new Q number was issued (Q329115). Then, in November 2003, an updated fix was provided for Windows 2000 for users that had applied IE 6.0 SP1 to Windows 2000 SP4 [see Alert ID 1008614].

The fixes listed below are the latest fixes as of November 11, 2003.

Microsoft Windows 98:

http://www.microsoft.com/windows98/downloads/contents/WUCritical/q329115/default.asp

Windows 98 Second Edition:

http://www.microsoft.com/windows98/downloads/contents/WUCritical/q329115/default.asp

Windows Me:

Only available via Windows Update.

Windows NT 4.0:

http://www.microsoft.com/ntserver/nts/downloads/critical/q329115/default.asp

Windows NT 4.0 Terminal Server Edition:

http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q329115/default.asp

Windows 2000:

http://www.microsoft.com/windows2000/downloads/critical/q329115/default.asp

Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=065DCA01-1F6F-4F88-AE9E-6F4636D43D9F&displaylang=en

Windows XP and Windows XP 64 Bit Edition:

http://www.microsoft.com/windowsxp/pro/downloads/q329115.asp

Microsoft Office v.X for Mac:

http://www.microsoft.com/mac/downloads.aspx

Microsoft Office 2001 for Mac:

http://www.microsoft.com/mac/downloads.aspx

Microsoft Office 98 for the Macintosh:

http://www.microsoft.com/mac/downloads.aspx

Microsoft Internet Explorer for Mac (for OS 8.1 to 9.x):

http://www.microsoft.com/mac/downloads.aspx

Microsoft Internet Explorer for Mac (for OS X):

http://www.microsoft.com/mac/downloads.aspx

Microsoft Outlook Express 5.0.6 for Mac:

http://www.microsoft.com/mac/downloads.aspx

See the Vendor URL for important additional information about this patch.

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS02-050.asp (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 6 2002 Microsoft Internet Explorer SSL Implementation Flaw in Following Certificate Chains Allows Remote Users to Conduct Man-in-the-Middle Attacks to Obtain Unencrypted Data from the Browser



 Source Message Contents

Subject:  MS02-050


Microsoft issued Security Bulletin MS02-050, warning that a certificate
validation flaw in Microsoft operating systems and applications could
enable remote users to spoof the user's (or server's) identify.  The
bulletin is available at:

http://www.microsoft.com/technet/security/bulletin/MS02-050.asp


Title:  Certificate Validation Flaw Could Enable Identity Spoofing
(Q328145)

Maximum Severity Rating: Critical

CVE Number: CAN-2002-0862

Affected Software Versions:

    * Microsoft Windows 98
    * Microsoft Windows 98 Second Edition
    * Microsoft Windows Me
    * Microsoft Windows NT 4.0, Terminal Server Edition
    * Microsoft Windows 2000
    * Microsoft Windows XP
    * Microsoft Office for Mac
    * Microsoft Internet Explorer for Mac
    * Microsoft Outlook Express for Mac


Microsoft reports that APIs within their CryptoAPI that construct and
validate certificate chains (CertGetCertificateChain(),
CertVerifyCertificateChainPolicy(), and WinVerifyTrust()) do not check
the X.509 certificate Basic Constraints field to determine if the
certificate is for a Certificate Authority or is an end-entity
certificate.  The same flaw in CryptoAPI is also reported to be present
in several Microsoft products for Macintosh.

A remote user with a valid end-entity certificate could issue a
subordinate certificate that would pass validation by Microsoft's
affected software.  According to Microsoft, a remote user could:

* Set up a secure web site that poses as a different web site and has an
apparently valid certificate.
* Send emails signed using a digital certificate that purportedly
belongs to a different user.
* Spoof certificate-based authentication systems to gain entry as a
highly privileged user.
* Digitally sign malicious code using an Authenticode certificate that
claims to have been issued to a company users might trust.


Microsoft has released a patch for several operating systems and plans
to release patches for others shortly.

For Microsoft Windows 98:

To be released shortly

For Windows 98 Second Edition:

To be released shortly

For Windows Me:

To be released shortly

Windows NT 4.0:
http://www.microsoft.com/ntserver/nts/downloads/critical/q328145/default.asp

For Windows NT 4.0 Terminal Server Edition:
     
http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q328145/default.asp

For Windows 2000:
To be released shortly

For Windows XP:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=42562

For Windows XP 64 bit Edition:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=42558

For Microsoft Office v.X for Mac:

To be released shortly

For Microsoft Office 2001 for Mac:

To be released shortly

For Microsoft Office 98 for the Macintosh:

To be released shortly

For Microsoft Internet Explorer for Mac (for OS 8.1 to 9.x):

To be released shortly

For Microsoft Internet Explorer for Mac (for OS X):

To be released shortly

For Microsoft Outlook Express 5.0.5 for Mac:

To be released shortly

Microsoft notes that the patch for Windows NT 4.0 can be installed on
systems running Windows NT 4.0 SP6a.  The patch for Windows NT 4.0,
Terminal Server Edition, can be installed on systems running Windows NT
4.0, Terminal Server Edition SP6.  The patch for Windows XP can be
installed on systems running Windows XP Gold and the pending Windows XP
SP1.

Microsoft plans to include this fix in Windows 2000 SP4 and Windows XP
SP2.

Microsoft plans to issue Knowledge Base article Q328145 regarding this
issue, to be available shortly on the Microsoft Online Support web site:

http://support.microsoft.com/?scid=fh;en-us;kbhowto


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC