OpenCA May Trust Signatures From Alternate PKIs
SecurityTracker Alert ID: 1008744|
SecurityTracker URL: http://securitytracker.com/id/1008744
(Links to External Site)
Date: Jan 16 2004
Host/resource access via network, User access via local system, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): prior to 0.9.1.7|
A vulnerability was reported in OpenCA in the validation of digital signatures. The system may trust signatures from an alternate PKI than the one intended to be trusted.|
It is reported that a flaw in crypto-utils.lib can cause OpenCA to accept a signature from a certificate if the certificate's chain is trusted by the OpenCA chain directory. As a result, a certificate from a different PKI may be able to control access decisions if a certain trust relationship can be established.
If digital signatures are used to approve requests or perform role based access control (RBAC), you may be affected, according to the report.
The vendor credits Alexandru Matei with discovering the flaw.
The system may trust a signature that should not be trusted.|
The vendor has released a fix for version 0.9.1, available via CVS.|
The vendor recommends that you upgrade to 0.9.1.7 and use snapshots that are more recent than openca-SNAP-20040114.tar.gz.
A patch against OpenCA 0.9.1.6 is provided in the Source Message and the vendor's advisory at:
Vendor URL: www.openca.org/news/CVE-2004-0004.txt (Links to External Site)
Authentication error, State error|
|Underlying OS: Linux (Any), UNIX (Any)|
Source Message Contents
Subject: [Full-Disclosure] [OpenCA Advisory] Vulnerability in signature verification|
OpenCA Security Advisory [16 January 2004]
Vulnerability in signature validation
A flaw in OpenCA before version 0.9.1.7 could cause OpenCA to accept a
signature from a certificate if the certificate's chain is trusted by
the chain directory of OpenCA. This means that a certificate from
another PKI can authorize operations on the used PKI if the chain of the
used signature certifcate can establish a trust relationship to the
actually used PKI.
Alexandru Matei found the bug during a source code verification.
Alexandru Matei and Michael Bell of the OpenCA core team fixed the
problem for OpenCA 0.9.1 and the CVS HEAD.
OpenCA has a library for common crypto operations - crypto-utils.lib.
This library includes a function to check a signature
(libCheckSignature). The function load the used signature certificate
from OpenCA's database and finally ensures that the used signature
certificate is identical with the certificate in the database.
The comparison of the certificate in the database and the certificate
of the signer was only performed on base of the serial of the
certificate. The design of the function can cause the acceptance
of a signature if the chain of the signature can create a
trustrelationship to the chain directory of OpenCA and a certificate
with a matching serial exists in the used PKI.
Who is affected?
All version of OpenCA including 0.9.1.6. A security risk is present for
people who are using digital signatures to secure approved requests
or role based access control (RBAC).
Upgrade to 0.9.1.7 and use newer snapshots than
openca-SNAP-20040114.tar.gz. You can fix the problem by yourself too
with the included patch. The original file which we used to create
the diff is from OpenCA 0.9.1.6.
--- src/common/lib/functions/crypto-utils.lib 2004-01-15
+++ src/common/lib/functions/crypto-utils.lib.new 2004-01-15
@@ -201,7 +201,7 @@
- last if ( $tmpCert->getSerial() eq $sigCert->getSerial() );
+ last if ( $tmpCert->getPEM() eq $sigCert->getPEM() );
$sigCert = undef;
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0004 to this issue.
URL for this Security Advisory:
Full-Disclosure - We believe in it.