Source: dnsval Version: 2.0-1.1 Severity: grave Tags: security upstream Justification: user security hole
Dear Maintainer, With the version 2.0 of the libval library, val_dane_check() completely fails to verify the certificate and always returns a success status when used with the DANE-TA(2) usage. An unsuspecting application using libval 2.0 could be tricked into trusting any certificate that is provided. For example, with the DNS record: example.net. IN TLSA 2 0 1 aaaaa val_dane_check() assumes that "aaaaa" is a valid DER-encoded certificate, and passes it without validation to OpenSSL as a trusted anchor certificate. After that, any certificate is accepted by SSL_get_verify_result() (as seen in libval.c, lines 768 to 784). Please note that I did not find any CVE nor upstream bug report regarding this issue, and the library is still considered as experimental by its authors. The bug has already been reported in May 2013 on the IETF DANE Working Group mailing list by Viktor Dukhovni and acknowledged by Suresh Krishnaswamy (libval's developper): https://mailarchive.ietf.org/arch/msg/dane/QySBNeQevpD3gZCLJp1ohqPpaxc I have only partially tested the version 2.1 of libval (which is in the experimental depot), but could not reproduce the same issue. In addition, the code was completely rewritten and the logical flow modified, so the 2.1 API is incompatible with version 2.0. -- System Information: Debian Release: 8.1 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64)
