Bug#482644: marked as done (CVE-2008-2420: bypass intended access restrictions)

Tue, 27 May 2008 09:55:06 -0700 

Your message dated Tue, 27 May 2008 16:47:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#482644: fixed in stunnel4 3:4.22-1.1
has caused the Debian Bug report #482644,
regarding CVE-2008-2420: bypass intended access restrictions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
482644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482644
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: stunnel4
Severity: important
Tags: security, patch

Hi

The following CVE(0) has been issued against stunnel.

CVE-2008-2420:

The OCSP functionality in stunnel before 4.24 does not properly search
certificate revocation lists (CRL), which allows remote attackers to
bypass intended access restrictions by using revoked certificates.


Please mention the CVE id, when you fix this issue. Extracted upstream
patch is attached.

Cheers
Steffen

(0): http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2420

--- stunnel-4.23/src/verify.c	2008-03-26 19:17:01.000000000 +0000
+++ stunnel4-4.22/src/verify.c	2008-05-18 10:56:24.000000000 +0000
@@ -50,6 +50,9 @@
 static int crl_check(CLI *c, X509_STORE_CTX *, char *);
 static int ocsp_check(CLI *c, X509_STORE_CTX *, char *);
 
+/* utility functions */
+static void log_time(const int, const char *, ASN1_TIME *);
+
 /**************************************** verify initialization */
 
 void verify_init(LOCAL_OPTIONS *section) {
@@ -57,8 +60,8 @@
         return; /* No certificate verification */
 
     if(section->verify_level>1 && !section->ca_file && !section->ca_dir) {
-        s_log(LOG_ERR, "Either CApath or CAfile "
-            "has to be used for authentication");
+        s_log(LOG_ERR,
+            "Either CApath or CAfile has to be used for authentication");
         die(1);
     }
 
@@ -183,7 +186,7 @@
     X509_OBJECT ret;
 
     if(c->opt->verify_level==SSL_VERIFY_NONE) {
-        s_log(LOG_NOTICE, "VERIFY IGNORE: depth=%d, %s",
+        s_log(LOG_INFO, "VERIFY IGNORE: depth=%d, %s",
             callback_ctx->error_depth, subject_name);
         return 1; /* accept connection */
     }
@@ -219,11 +222,9 @@
     X509_REVOKED *revoked;
     EVP_PKEY *pubkey;
     long serial;
-    BIO *bio;
     int i, n, rc;
     char *cp;
-    char *cp2;
-    ASN1_TIME *t;
+    ASN1_TIME *last_update=NULL, *next_update=NULL;
 
     /* determine certificate ingredients in advance */
     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
@@ -238,22 +239,13 @@
     X509_STORE_CTX_cleanup(&store_ctx);
     crl=obj.data.crl;
     if(rc>0 && crl) {
-        /* log information about CRL
-         * (a little bit complicated because of ASN.1 and BIOs...) */
-        bio=BIO_new(BIO_s_mem());
-        BIO_printf(bio, "lastUpdate: ");
-        ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl));
-        BIO_printf(bio, ", nextUpdate: ");
-        ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
-        n=BIO_pending(bio);
-        cp=malloc(n+1);
-        n=BIO_read(bio, cp, n);
-        cp[n]='\0';
-        BIO_free(bio);
-        cp2=X509_NAME_oneline(subject, NULL, 0);
-        s_log(LOG_NOTICE, "CA CRL: Issuer: %s, %s", cp2, cp);
-        OPENSSL_free(cp2);
-        free(cp);
+        cp=X509_NAME_oneline(subject, NULL, 0);
+        s_log(LOG_INFO, "CRL: issuer: %s", cp);
+        OPENSSL_free(cp);
+        last_update=X509_CRL_get_lastUpdate(crl);
+        next_update=X509_CRL_get_nextUpdate(crl);
+        log_time(LOG_INFO, "CRL: last update", last_update);
+        log_time(LOG_INFO, "CRL: next update", next_update);
 
         /* verify the signature on this CRL */
         pubkey=X509_get_pubkey(cert);
@@ -270,15 +262,14 @@
             EVP_PKEY_free(pubkey);
 
         /* check date of CRL to make sure it's not expired */
-        t=X509_CRL_get_nextUpdate(crl);
-        if(!t) {
+        if(!next_update) {
             s_log(LOG_WARNING, "Found CRL has invalid nextUpdate field");
             X509_STORE_CTX_set_error(callback_ctx,
                 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
             X509_OBJECT_free_contents(&obj);
             return 0; /* reject connection */
         }
-        if(X509_cmp_current_time(t)<0) {
+        if(X509_cmp_current_time(next_update)<0) {
             s_log(LOG_WARNING, "Found CRL is expired - "
                 "revoking all certificates until you get updated CRL");
             X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CRL_HAS_EXPIRED);
@@ -312,7 +303,7 @@
                     X509_get_serialNumber(cert)) == 0) {
                 serial=ASN1_INTEGER_get(revoked->serialNumber);
                 cp=X509_NAME_oneline(issuer, NULL, 0);
-                s_log(LOG_NOTICE, "Certificate with serial %ld (0x%lX) "
+                s_log(LOG_WARNING, "Certificate with serial %ld (0x%lX) "
                     "revoked per CRL from issuer %s", serial, serial, cp);
                 OPENSSL_free(cp);
                 X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CERT_REVOKED);
@@ -322,6 +313,7 @@
         }
         X509_OBJECT_free_contents(&obj);
     }
+    s_log(LOG_NOTICE, "CRL: verification passed");
     return 1; /* accept connection */
 }
 
@@ -339,11 +331,12 @@
     OCSP_REQUEST *request=NULL;
     OCSP_RESPONSE *response=NULL;
     OCSP_BASICRESP *basicResponse=NULL;
-    ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update;
+    ASN1_GENERALIZEDTIME *revoked_at=NULL,
+        *this_update=NULL, *next_update=NULL;
     int status, reason;
 
     /* TODO: check OCSP server specified in the certificate */
-    s_log(LOG_DEBUG, "Starting OCSP verification");
+    s_log(LOG_DEBUG, "OCSP: starting verification");
 
     /* connect specified OCSP server (responder) */
     if((c->fd=
@@ -363,7 +356,7 @@
         if(connect_wait(c))
             goto cleanup;
     }
-    s_log(LOG_DEBUG, "OCSP server connected");
+    s_log(LOG_DEBUG, "OCSP: server connected");
 
     /* get current certificate ID */
     cert=X509_STORE_CTX_get_current_cert(callback_ctx); /* get current cert */
@@ -402,11 +395,11 @@
     }
     error=OCSP_response_status(response);
     if(error!=OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-        s_log(LOG_ERR, "Responder Error: %s (%d)",
-            OCSP_response_status_str(error), error);
+        s_log(LOG_WARNING, "OCSP: responder error: %d: %s",
+            error, OCSP_response_status_str(error));
         goto cleanup;
     }
-    s_log(LOG_INFO, "OCSP response received");
+    s_log(LOG_DEBUG, "OCSP: response received");
 
     /* verify the response */
     basicResponse=OCSP_response_get1_basic(response);
@@ -423,15 +416,32 @@
         sslerror("OCSP_basic_verify");
         goto cleanup;
     }
-    if(OCSP_resp_find_status(basicResponse, certID, &status, &reason,
-            &produced_at, &this_update, &next_update)==0) {
+    if(!OCSP_resp_find_status(basicResponse, certID, &status, &reason,
+            &revoked_at, &this_update, &next_update)) {
         sslerror("OCSP_resp_find_status");
         goto cleanup;
     }
+    s_log(LOG_NOTICE, "OCSP: status: %d: %s",
+        status, OCSP_cert_status_str(status));
+    log_time(LOG_INFO, "OCSP: this update", this_update);
+    log_time(LOG_INFO, "OCSP: next update", next_update);
+    /* check if the response is valid for at least one minute */
+    if(!OCSP_check_validity(this_update, next_update, 60, -1)) {
+        sslerror("OCSP_check_validity");
+        goto cleanup;
+    }
+    if(status==V_OCSP_CERTSTATUS_REVOKED) {
+        if(reason==-1)
+            s_log(LOG_WARNING, "OCSP: certificate revoked");
+        else
+            s_log(LOG_WARNING, "OCSP: certificate revoked: %d: %s",
+                reason, OCSP_crl_reason_str(reason));
+        log_time(LOG_NOTICE, "OCSP: revoked at", revoked_at);
+        goto cleanup;
+    }
 
     /* success */
-    s_log(LOG_INFO, "OCSP verification passed: status=%d, reason=%d",
-        status, reason);
+    s_log(LOG_NOTICE, "OCSP: verification passed");
     retval=1; /* accept connection */
 cleanup:
     if(bio)
@@ -450,4 +460,22 @@
 }
 #endif /* OpenSSL-0.9.7 */
 
+static void log_time(const int level, const char *txt, ASN1_TIME *t) {
+    char *cp;
+    BIO *bio;
+    int n;
+
+    if(!t)
+        return;
+    bio=BIO_new(BIO_s_mem());
+    ASN1_TIME_print(bio, t);
+    n=BIO_pending(bio);
+    cp=malloc(n+1);
+    n=BIO_read(bio, cp, n);
+    cp[n]='\0';
+    BIO_free(bio);
+    s_log(level, "%s: %s", txt, cp);
+    free(cp);
+}
+
 /* End of verify.c */

--- End Message ---
--- Begin Message --- 
Source: stunnel4
Source-Version: 3:4.22-1.1

We believe that the bug you reported is fixed in the latest version of
stunnel4, which is due to be installed in the Debian FTP archive:

stunnel4_4.22-1.1.diff.gz
  to pool/main/s/stunnel4/stunnel4_4.22-1.1.diff.gz
stunnel4_4.22-1.1.dsc
  to pool/main/s/stunnel4/stunnel4_4.22-1.1.dsc
stunnel4_4.22-1.1_i386.deb
  to pool/main/s/stunnel4/stunnel4_4.22-1.1_i386.deb
stunnel_4.22-1.1_all.deb
  to pool/main/s/stunnel4/stunnel_4.22-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <[EMAIL PROTECTED]> (supplier of updated stunnel4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 27 May 2008 18:28:56 +0200
Source: stunnel4
Binary: stunnel4 stunnel
Architecture: source all i386
Version: 3:4.22-1.1
Distribution: unstable
Urgency: high
Maintainer: Luis Rodrigo Gallardo Cruz <[EMAIL PROTECTED]>
Changed-By: Steffen Joeris <[EMAIL PROTECTED]>
Description: 
 stunnel    - dummy upgrade package
 stunnel4   - Universal SSL tunnel for network daemons
Closes: 482644
Changes: 
 stunnel4 (3:4.22-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix security bug in the OCSP functionality that allowed revoked
     certificates to authenticate (Closes: #482644)
     Fixes: CVE-2008-2420
Checksums-Sha1: 
 be663293860389bb27e43bf3d846c8afcf247e10 1205 stunnel4_4.22-1.1.dsc
 6a2f378bc3e8356a89b40579d83ed0df8bc5cd4e 30952 stunnel4_4.22-1.1.diff.gz
 f9b3271905c413176406fef8d30ff111b8b9cc02 10166 stunnel_4.22-1.1_all.deb
 e3cae30f9702ec979abea63e19ef2782c03a2ebc 147182 stunnel4_4.22-1.1_i386.deb
Checksums-Sha256: 
 da01005dfbb530d1581dd270caf02405da586f87f016ecefdc957da3c22ecdd7 1205 
stunnel4_4.22-1.1.dsc
 ad0640f8392406fd59856ca5ae0881963026f67409505dd472a67c9ee8d03000 30952 
stunnel4_4.22-1.1.diff.gz
 616d7c80d6269bbfe5530a20ff5214c8df9e92a054f39cfd9e8f815caa77e5d1 10166 
stunnel_4.22-1.1_all.deb
 a0e0043628570b6c2d974cfabbb246a4a86db861e0eb42d49d098e61af2fffe6 147182 
stunnel4_4.22-1.1_i386.deb
Files: 
 bcfd6e6c2b04262055fed355b3653be0 1205 net optional stunnel4_4.22-1.1.dsc
 6c0b1dc48612b08606cef98c39d4d368 30952 net optional stunnel4_4.22-1.1.diff.gz
 9d3162fdeb77a7d4b62fddefc62cdf9f 10166 net optional stunnel_4.22-1.1_all.deb
 0f90b5f2ba27b4c7481c25ec2520ba1d 147182 net optional stunnel4_4.22-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIPDiC62zWxYk/rQcRAjkQAJ92kVThmy+648ClQm7UbH1iJcmClgCgkagp
lpReEuKnXvyLKyzq+aN5d+k=
=QOqe
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to