Bug#482644: marked as done (CVE-2008-2420: bypass intended access restrictions)

[Debian Bug Tracking System]

Your message dated Tue, 18 Nov 2008 13:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#482644: fixed in stunnel4 3:4.22-2
has caused the Debian Bug report #482644,
regarding CVE-2008-2420: bypass intended access restrictions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
482644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482644
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: stunnel4
Severity: important
Tags: security, patch

Hi

The following CVE(0) has been issued against stunnel.

CVE-2008-2420:

The OCSP functionality in stunnel before 4.24 does not properly search
certificate revocation lists (CRL), which allows remote attackers to
bypass intended access restrictions by using revoked certificates.


Please mention the CVE id, when you fix this issue. Extracted upstream
patch is attached.

Cheers
Steffen

(0): http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2420

--- stunnel-4.23/src/verify.c	2008-03-26 19:17:01.000000000 +0000
+++ stunnel4-4.22/src/verify.c	2008-05-18 10:56:24.000000000 +0000
@@ -50,6 +50,9 @@
 static int crl_check(CLI *c, X509_STORE_CTX *, char *);
 static int ocsp_check(CLI *c, X509_STORE_CTX *, char *);
 
+/* utility functions */
+static void log_time(const int, const char *, ASN1_TIME *);
+
 /**************************************** verify initialization */
 
 void verify_init(LOCAL_OPTIONS *section) {
@@ -57,8 +60,8 @@
         return; /* No certificate verification */
 
     if(section->verify_level>1 && !section->ca_file && !section->ca_dir) {
-        s_log(LOG_ERR, "Either CApath or CAfile "
-            "has to be used for authentication");
+        s_log(LOG_ERR,
+            "Either CApath or CAfile has to be used for authentication");
         die(1);
     }
 
@@ -183,7 +186,7 @@
     X509_OBJECT ret;
 
     if(c->opt->verify_level==SSL_VERIFY_NONE) {
-        s_log(LOG_NOTICE, "VERIFY IGNORE: depth=%d, %s",
+        s_log(LOG_INFO, "VERIFY IGNORE: depth=%d, %s",
             callback_ctx->error_depth, subject_name);
         return 1; /* accept connection */
     }
@@ -219,11 +222,9 @@
     X509_REVOKED *revoked;
     EVP_PKEY *pubkey;
     long serial;
-    BIO *bio;
     int i, n, rc;
     char *cp;
-    char *cp2;
-    ASN1_TIME *t;
+    ASN1_TIME *last_update=NULL, *next_update=NULL;
 
     /* determine certificate ingredients in advance */
     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
@@ -238,22 +239,13 @@
     X509_STORE_CTX_cleanup(&store_ctx);
     crl=obj.data.crl;
     if(rc>0 && crl) {
-        /* log information about CRL
-         * (a little bit complicated because of ASN.1 and BIOs...) */
-        bio=BIO_new(BIO_s_mem());
-        BIO_printf(bio, "lastUpdate: ");
-        ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl));
-        BIO_printf(bio, ", nextUpdate: ");
-        ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
-        n=BIO_pending(bio);
-        cp=malloc(n+1);
-        n=BIO_read(bio, cp, n);
-        cp[n]='\0';
-        BIO_free(bio);
-        cp2=X509_NAME_oneline(subject, NULL, 0);
-        s_log(LOG_NOTICE, "CA CRL: Issuer: %s, %s", cp2, cp);
-        OPENSSL_free(cp2);
-        free(cp);
+        cp=X509_NAME_oneline(subject, NULL, 0);
+        s_log(LOG_INFO, "CRL: issuer: %s", cp);
+        OPENSSL_free(cp);
+        last_update=X509_CRL_get_lastUpdate(crl);
+        next_update=X509_CRL_get_nextUpdate(crl);
+        log_time(LOG_INFO, "CRL: last update", last_update);
+        log_time(LOG_INFO, "CRL: next update", next_update);
 
         /* verify the signature on this CRL */
         pubkey=X509_get_pubkey(cert);
@@ -270,15 +262,14 @@
             EVP_PKEY_free(pubkey);
 
         /* check date of CRL to make sure it's not expired */
-        t=X509_CRL_get_nextUpdate(crl);
-        if(!t) {
+        if(!next_update) {
             s_log(LOG_WARNING, "Found CRL has invalid nextUpdate field");
             X509_STORE_CTX_set_error(callback_ctx,
                 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
             X509_OBJECT_free_contents(&obj);
             return 0; /* reject connection */
         }
-        if(X509_cmp_current_time(t)<0) {
+        if(X509_cmp_current_time(next_update)<0) {
             s_log(LOG_WARNING, "Found CRL is expired - "
                 "revoking all certificates until you get updated CRL");
             X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CRL_HAS_EXPIRED);
@@ -312,7 +303,7 @@
                     X509_get_serialNumber(cert)) == 0) {
                 serial=ASN1_INTEGER_get(revoked->serialNumber);
                 cp=X509_NAME_oneline(issuer, NULL, 0);
-                s_log(LOG_NOTICE, "Certificate with serial %ld (0x%lX) "
+                s_log(LOG_WARNING, "Certificate with serial %ld (0x%lX) "
                     "revoked per CRL from issuer %s", serial, serial, cp);
                 OPENSSL_free(cp);
                 X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CERT_REVOKED);
@@ -322,6 +313,7 @@
         }
         X509_OBJECT_free_contents(&obj);
     }
+    s_log(LOG_NOTICE, "CRL: verification passed");
     return 1; /* accept connection */
 }
 
@@ -339,11 +331,12 @@
     OCSP_REQUEST *request=NULL;
     OCSP_RESPONSE *response=NULL;
     OCSP_BASICRESP *basicResponse=NULL;
-    ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update;
+    ASN1_GENERALIZEDTIME *revoked_at=NULL,
+        *this_update=NULL, *next_update=NULL;
     int status, reason;
 
     /* TODO: check OCSP server specified in the certificate */
-    s_log(LOG_DEBUG, "Starting OCSP verification");
+    s_log(LOG_DEBUG, "OCSP: starting verification");
 
     /* connect specified OCSP server (responder) */
     if((c->fd=
@@ -363,7 +356,7 @@
         if(connect_wait(c))
             goto cleanup;
     }
-    s_log(LOG_DEBUG, "OCSP server connected");
+    s_log(LOG_DEBUG, "OCSP: server connected");
 
     /* get current certificate ID */
     cert=X509_STORE_CTX_get_current_cert(callback_ctx); /* get current cert */
@@ -402,11 +395,11 @@
     }
     error=OCSP_response_status(response);
     if(error!=OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-        s_log(LOG_ERR, "Responder Error: %s (%d)",
-            OCSP_response_status_str(error), error);
+        s_log(LOG_WARNING, "OCSP: responder error: %d: %s",
+            error, OCSP_response_status_str(error));
         goto cleanup;
     }
-    s_log(LOG_INFO, "OCSP response received");
+    s_log(LOG_DEBUG, "OCSP: response received");
 
     /* verify the response */
     basicResponse=OCSP_response_get1_basic(response);
@@ -423,15 +416,32 @@
         sslerror("OCSP_basic_verify");
         goto cleanup;
     }
-    if(OCSP_resp_find_status(basicResponse, certID, &status, &reason,
-            &produced_at, &this_update, &next_update)==0) {
+    if(!OCSP_resp_find_status(basicResponse, certID, &status, &reason,
+            &revoked_at, &this_update, &next_update)) {
         sslerror("OCSP_resp_find_status");
         goto cleanup;
     }
+    s_log(LOG_NOTICE, "OCSP: status: %d: %s",
+        status, OCSP_cert_status_str(status));
+    log_time(LOG_INFO, "OCSP: this update", this_update);
+    log_time(LOG_INFO, "OCSP: next update", next_update);
+    /* check if the response is valid for at least one minute */
+    if(!OCSP_check_validity(this_update, next_update, 60, -1)) {
+        sslerror("OCSP_check_validity");
+        goto cleanup;
+    }
+    if(status==V_OCSP_CERTSTATUS_REVOKED) {
+        if(reason==-1)
+            s_log(LOG_WARNING, "OCSP: certificate revoked");
+        else
+            s_log(LOG_WARNING, "OCSP: certificate revoked: %d: %s",
+                reason, OCSP_crl_reason_str(reason));
+        log_time(LOG_NOTICE, "OCSP: revoked at", revoked_at);
+        goto cleanup;
+    }
 
     /* success */
-    s_log(LOG_INFO, "OCSP verification passed: status=%d, reason=%d",
-        status, reason);
+    s_log(LOG_NOTICE, "OCSP: verification passed");
     retval=1; /* accept connection */
 cleanup:
     if(bio)
@@ -450,4 +460,22 @@
 }
 #endif /* OpenSSL-0.9.7 */
 
+static void log_time(const int level, const char *txt, ASN1_TIME *t) {
+    char *cp;
+    BIO *bio;
+    int n;
+
+    if(!t)
+        return;
+    bio=BIO_new(BIO_s_mem());
+    ASN1_TIME_print(bio, t);
+    n=BIO_pending(bio);
+    cp=malloc(n+1);
+    n=BIO_read(bio, cp, n);
+    cp[n]='\0';
+    BIO_free(bio);
+    s_log(level, "%s: %s", txt, cp);
+    free(cp);
+}
+
 /* End of verify.c */

--- End Message ---

--- Begin Message ---

Source: stunnel4
Source-Version: 3:4.22-2

We believe that the bug you reported is fixed in the latest version of
stunnel4, which is due to be installed in the Debian FTP archive:

stunnel4_4.22-2.diff.gz
  to pool/main/s/stunnel4/stunnel4_4.22-2.diff.gz
stunnel4_4.22-2.dsc
  to pool/main/s/stunnel4/stunnel4_4.22-2.dsc
stunnel4_4.22-2_amd64.deb
  to pool/main/s/stunnel4/stunnel4_4.22-2_amd64.deb
stunnel_4.22-2_all.deb
  to pool/main/s/stunnel4/stunnel_4.22-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luis Rodrigo Gallardo Cruz <[EMAIL PROTECTED]> (supplier of updated stunnel4 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 18 Nov 2008 13:52:42 +0100
Source: stunnel4
Binary: stunnel4 stunnel
Architecture: source all amd64
Version: 3:4.22-2
Distribution: unstable
Urgency: high
Maintainer: Luis Rodrigo Gallardo Cruz <[EMAIL PROTECTED]>
Changed-By: Luis Rodrigo Gallardo Cruz <[EMAIL PROTECTED]>
Description: 
 stunnel    - dummy upgrade package
 stunnel4   - Universal SSL tunnel for network daemons
Closes: 482644 506091
Changes: 
 stunnel4 (3:4.22-2) unstable; urgency=low
 .
   * Check if a daemon is already running before trying to start it with the
     same configuration file. Thanks Peter Palfrader <[EMAIL PROTECTED]> for
     the report (Closes: #506091).
 .
 stunnel4 (3:4.22-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix security bug in the OCSP functionality that allowed revoked
     certificates to authenticate (Closes: #482644)
     Fixes: CVE-2008-2420
Checksums-Sha1: 
 0ab82cccb89b8ea64debd6307e7427a8838c3a91 1205 stunnel4_4.22-2.dsc
 77a17468f5ec0c67571fdfafe394b5c72eba2628 31228 stunnel4_4.22-2.diff.gz
 e81227472a550dc54e032d52a3c356e45a046721 10230 stunnel_4.22-2_all.deb
 dd3c85881c3934985b80c9e2da6da1ca5b30427a 148464 stunnel4_4.22-2_amd64.deb
Checksums-Sha256: 
 45aafe7ab487cc26daa5a52ed19a4cd17aee26fa09af952f85ddb9218735b174 1205 
stunnel4_4.22-2.dsc
 f0238f468687e656d81ec8eda7f4611ccc53e9c09a2c076c03fa36cd44668d48 31228 
stunnel4_4.22-2.diff.gz
 4271e67aa9202ccec77fd001ba6ca7783b2410f4f743de7f9ab5f671cb20ee9f 10230 
stunnel_4.22-2_all.deb
 a575483477e8cab5929296a3c2587cd5261834acbb0ecb5d6756f757f774e2b9 148464 
stunnel4_4.22-2_amd64.deb
Files: 
 44cd76525213387421ddff3d220b391a 1205 net optional stunnel4_4.22-2.dsc
 5afb4172e1257b48ba89ecf6590ac83c 31228 net optional stunnel4_4.22-2.diff.gz
 50541dfca16d50acb66f67aa10153c57 10230 net optional stunnel_4.22-2_all.deb
 316316c27b8b3dc1154a81901db9aa8a 148464 net optional stunnel4_4.22-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkixIAACgkQAZmDGK3JvCirTQCfRr6jXavw2xZyTOYsJ+YTnJcU
ugoAmwR8UufltwIFAtptHyn76k6CGtra
=20f9
-----END PGP SIGNATURE-----

--- End Message ---