SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ntp Vendors:   ntp.org
NTP Signature Validation Flaw Lets Remote Users Bypass Validation Checks
SecurityTracker Alert ID:  1021533
SecurityTracker URL:  http://securitytracker.com/id/1021533
CVE Reference:   CVE-2009-0021   (Links to External Site)
Date:  Jan 7 2009
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.2.4p5 (production) and prior versions; 4.2.5p150 (development) and prior versions
Description:   A vulnerability was reported in NTP. A remote user can bypass digital signature validation.

The software does not properly check the results of the OpenSSL EVP_VerifyFinal() function. As a result, a remote server can supply a specially crafted invalid signature on a certificate that will be detected as a valid certificate. Signature checks on DSA and ECDSA keys used with SSL/TLS are affected.

Clients that connect to servers using RSA keys are not affected.

Client certificate validation is not affected.

Impact:   A remote user can bypass certificate validation.
Solution:   The vendor has issued a fix (4.2.4p6 (production), 4.2.5p153 (development)).
Vendor URL:  www.ntp.org/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 14 2009 (FreeBSD Issues Fix) NTP Signature Validation Flaw Lets Remote Users Bypass Validation Checks
FreeBSD has released a fix for FreeBSD 6.3, 6.4, 7.0, and 7.1.
Jan 29 2009 (Red Hat Issues Fix) NTP Signature Validation Flaw Lets Remote Users Bypass Validation Checks
Red Hat has released a fix for Red Hat Enterprise Linux 4 and 5.
Dec 16 2011 (Oracle Issues Fix for Sun Netra) NTP Signature Validation Flaw Lets Remote Users Bypass Validation Checks
Oracle has issued a fix for Sun Netra.
Nov 5 2012 (McAfee Issues Fix for McAfee Email and Web Security Appliance) NTP Signature Validation Flaw Lets Remote Users Bypass Validation Checks
McAfee has issued a fix for McAfee Email and Web Security Appliance.



 Source Message Contents

Subject:  [oCERT-2008-016] Multiple OpenSSL signature verification API misuses

#2008-016 multiple OpenSSL signature verification API misuse

Description:

Several functions inside the OpenSSL library incorrectly check the result
after calling the EVP_VerifyFinal function.

This bug allows a malformed signature to be treated as a good signature
rather than as an error. This issue affects the signature checks on DSA
and ECDSA keys used with SSL/TLS.

The flaw may be exploited by a malicious server or a man-in-the-middle
attack that presents a malformed SSL/TLS signature from a certificate
chain to a vulnerable client, bypassing validation.

A patch fixing the issue with proper return code checking and further
important recommendations are described in the original OpenSSL Team
advisory.

At the request of the OpenSSL team, oCERT has aided in the remediation
coordination for other projects with similar API misuse vulnerabilities.
In addition to EVP_VerifyFinal, the return codes from DSA_verify and
DSA_do_verify functions were being incorrectly validated, and packages
doing so are affected in a similar fashion as OpenSSL.


Affected version:

OpenSSL <= 0.9.8i [1]

The following packages were identified as affected by the same OpenSSL
vulnerability, as they use OpenSSL EVP_VerifyFinal function and
incorrectly check the return code.

NTP <= 4.2.4p5 (production), <= 4.2.5p150 (development)

Sun GridEngine <= 5.3

Gale <= 0.99

OpenEvidence <= 1.0.6

Belgian eID middleware - eidlib <= 2.6.0 [2]

Freedom Network Server <= 2.x

The following packages were identified as affected by a vulnerability
similar to the OpenSSL one, as they use OpenSSL DSA_verify function and
incorrectly check the return code.

BIND <= 9.4.3

Lasso <= 2.2.1

ZXID <= 0.29

1 - use of OpenSSL as an SSL/TLS client when connecting to a server whose
certificate uses an RSA key is NOT affected. Verification of client
certificates by OpenSSL servers for any key type is NOT affected.

2 - Belgian eID middleware latest versions are not available in source
form, therefore we cannot confirm if they are affected


Fixed version:

OpenSSL >= 0.9.8j

NTP >= 4.2.4p6 (production), >= 4.2.5p153 (development)

Sun GridEngine >= 6.0

Gale N/A

OpenEvidence N/A

Belgian eID middleware - eidlib N/A

Freedom Network Server N/A

BIND >= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1

Lasso >= 2.2.2

ZXID N/A


Credit: Google Security Team (for the original OpenSSL issue).


CVE: CVE-2008-5077 (OpenSSL),
        CVE-2009-0021 (NTP),
        CVE-2009-0025 (BIND)


Timeline:
2008-12-16: OpenSSL Security Team requests coordination aid from oCERT
2008-12-16: oCERT investigates packages affected by similar issues
2008-12-16: contacted affected vendors
2008-12-17: investigation expanded to DSA verification
2008-12-17: BIND, Lasso and ZXID added to affected packages
2008-12-18: contacted additional affected vendors
2009-01-05: status updates and patch dissemination to affected vendors
2009-01-05: confirmation from BIND of issue and fix
2009-01-06: requested CVE assignment for BIND
2009-01-07: advisory published


References:
http://openssl.org/news/secadv_20090107.txt


Links:
http://openssl.org/
http://www.ntp.org/
http://gridengine.sunsource.net/
http://gale.org/
http://www.openevidence.org/
http://eid.belgium.be/
http://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/
https://www.isc.org/products/BIND
http://lasso.entrouvert.org/
http://www.zxid.org/


Permalink:
http://www.ocert.org/advisories/ocert-2008-016.html


--
Will Drewry <redpig@ocert.org>
oCERT Team :: http://ocert.org

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC