CVE-2003-0960
CVSS7.5
发布时间 :2003-12-15 00:00:00
修订时间 :2016-10-17 22:38:29
NMCOPS    

[原文]OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.


[CNNVD]OpenCA多个签名验证漏洞(CNNVD-200312-029)

        
        OpenCA是一款提供PKI架构和相关项目开发的项目实现。
        OpenCA存在多个漏洞,可导致修改的或过期的证书被接受。
        具体问题如下:
        1、OpenCA有一个通用加密操作的库-crypto-utils.lib,这个库包含一个函数判断用于建立PKCS#7签名的证书序列,函数使用这个序列装载和返回证书。不过这个函数错误的使用OpenCA::PKCS7接口。
        2、加密库crypto-utils.lib使用所有包含签名的证书来建议签名者证书的X.509对象,结果是来自证书链之一的证书建立的对象可以是任意的。
        3、OpenCA::PKCS7包含一个错误规则表达式用于判断证书链的解析。
        4、在OpenCA::PKCS7中证书链中的序列被错误的规则表达式解析,一些大写字符如A,C,B,D,E和F会被忽略。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:openca:openca:0.8.1
cpe:/a:openca:openca:0.9.0
cpe:/a:openca:openca:0.8.0
cpe:/a:openca:openca:0.9.1
cpe:/a:openca:openca:0.8.6
cpe:/a:openca:openca:0.9.0.2
cpe:/a:openca:openca:0.9.0.1
cpe:/a:openca:openca:0.9.1.3
cpe:/a:openca:openca:0.9.1.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0960
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0960
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-029
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107003609308765&w=2
(UNKNOWN)  BUGTRAQ  20031128 [OpenCA Advisory] Vulnerabilities in signature verification

- 漏洞信息

OpenCA多个签名验证漏洞
高危 未知
2003-12-15 00:00:00 2005-10-20 00:00:00
远程  
        
        OpenCA是一款提供PKI架构和相关项目开发的项目实现。
        OpenCA存在多个漏洞,可导致修改的或过期的证书被接受。
        具体问题如下:
        1、OpenCA有一个通用加密操作的库-crypto-utils.lib,这个库包含一个函数判断用于建立PKCS#7签名的证书序列,函数使用这个序列装载和返回证书。不过这个函数错误的使用OpenCA::PKCS7接口。
        2、加密库crypto-utils.lib使用所有包含签名的证书来建议签名者证书的X.509对象,结果是来自证书链之一的证书建立的对象可以是任意的。
        3、OpenCA::PKCS7包含一个错误规则表达式用于判断证书链的解析。
        4、在OpenCA::PKCS7中证书链中的序列被错误的规则表达式解析,一些大写字符如A,C,B,D,E和F会被忽略。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        --- openca-0.9.1.3/src/modules/openca-pkcs7/PKCS7.pm 2002-09-10 16:42:02.000000000 +0200
        +++ openca-0.9.1.4/src/modules/openca-pkcs7/PKCS7.pm 2003-11-26 15:54:08.000000000 +0100
        @@ -69,7 +69,7 @@
        
         our ($errno, $errval);
        
        -($OpenCA::PKCS7::VERSION = '$Revision: 1.12 $' )=~ s/(?:^.*: (\d+))|(?:\s+\$$)/defined $1?"0\.9":""/eg;
        +($OpenCA::PKCS7::VERSION = '$Revision: 1.12.2.1 $' )=~ s/(?:^.*: (\d+))|(?:\s+\$$)/defined $1?"0\.9":""/eg;
        
         my %params = (
         inFile => undef,
        @@ -167,6 +167,8 @@
        
         my ( $ret, $tmp );
        
        + return $self->{parsed} if ($self->{parsed});
        +
         $tmp = $self->{backend}->verify( SIGNATURE=>$self->{signature},
         DATA_FILE=>$self->{dataFile},
         CA_CERT=>$self->{caCert},
        @@ -292,10 +294,10 @@
         ($self->{status}) = ( $line =~ /^\s*error:([^:]*):/ );
         }
        
        - next if( $line != /^depth/i );
        + next if( $line !~ /^depth/i );
        
         ( $currentDepth, $serial, $dn ) =
        - ( $line =~ /depth:([\d]+) serial:([a-f\d]+) subject:(.*)/ );
        + ( $line =~ /depth:([\d]+) serial:([a-fA-F\d]+) subject:(.*)/ );
         $ret->{$currentDepth}->{SERIAL} = hex ($serial) ;
         $ret->{$currentDepth}->{DN} = $dn;
        
        --- openca-0.9.1.3/src/common/lib/functions/crypto-utils.lib 2002-12-22 13:08:19.000000000 +0100
        +++ openca-0.9.1.4/src/common/lib/functions/crypto-utils.lib 2003-11-26 13:04:50.000000000 +0100
        @@ -176,19 +176,36 @@
         return undef;
         }
        
        - ## Get signer certificate from the pkcs7 structure
        - $sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
        - DATA => $sig->getSigner()->{CERTIFICATE});
        -
        - if( not $sigCert ) {
        - $errno = 6103;
        - $errval = i18nGettext ("Signer's certificate is corrupt!\nOpenCA::X509 returns errorcode __ERRNO__ (__ERRVAL__).",
        - "__ERRNO__", $OpenCA::X509::errno,
        - "__ERRVAL__", $OpenCA::X509::errval);
        - return undef;
        + ## Get signer certificate chain from the pkcs7 structure
        + my @chain = split /-----END CERTIFICATE-----/,
        + $sig->getSigner()->{CERTIFICATE};
        + for (my $i=0; $i < scalar @chain; $i++)
        + {
        + if (not $chain[$i])
        + {
        + delete $chain[$i];
        + next;
        + }
        + $chain[$i] .= "-----END CERTIFICATE-----";
        + $chain[$i] =~ s/^.*-----BEGIN CERTIFICATE-----/-----BEGIN CERTIFICATE-----/s;
        + }
        + $sigCert = undef;
        + for (my $i=0; $i < scalar @chain; $i++)
        + {
        + $sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
        + DATA => $chain[$i]);
        + if( not $sigCert ) {
        + $errno = 6103;
        + $errval = i18nGettext ("Signer's certificate is corrupt!\nOpenCA::X509 returns errorcode __ERRNO__ (__ERRVAL__).",
        + "__ERRNO__", $OpenCA::X509::errno,
        + "__ERRVAL__", $OpenCA::X509::errval);
        + return undef;
        + }
        + last if ( $tmpCert->getSerial() eq $sigCert->getSerial() );
        + $sigCert = undef;
         }
        
        - if( $tmpCert->getSerial() ne $sigCert->getSerial() ) {
        + if( not $sigCert ) {
         $errno = 6104;
         $errval = gettext ("Signer's Certificate and DB's Certificate do not match");
         return undef;
        @@ -281,19 +298,8 @@
         return undef;
         }
        
        - my $sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
        - DATA => $sig->getSigner()->{CERTIFICATE});
        -
        - if (not $sigCert) {
        - $errno = 6302;
        - $errval = i18nGettext ("Cannot create X509-object from the certificate of the signer! OpenCA::X509 returns errorcode __ERRNO__ (__ERRVAL__).",
        - "__ERRNO__", $OpenCA::X509::errno,
        - "__ERRVAL__", $OpenCA::X509::errval);
        - return undef;
        - }
        -
         my $db_cert = $db->getItem( DATATYPE => 'CERTIFICATE',
        - &n

- 漏洞信息 (F32292)

openca.txt (PacketStormID:F32292)
2003-12-01 00:00:00
 
advisory
CVE-2003-0960
[点击下载]

OpenCA Security Advisory - Multiple flaws in OpenCA before version 0.9.1.4 could cause OpenCA to use an incorrect certificate in the chain to determine the serial being checked which could lead to certificates that are revoked or expired being incorrectly accepted.

OpenCA Security Advisory [28 November 2003]

Vulnerabilities in signature validation
=======================================

Multiple flaws in OpenCA before version 0.9.1.4 could cause OpenCA to
use an incorrect certificate in the chain to determine the serial being
checked which could lead to certificates that are revoked or expired
being incorrectly accepted.

Chris Covell and Gottfried Scheckenbach performed tests with OpenCA and
CA hierarchies. They had problems to verify signatures with some
functions in OpenCA which test the signer's certificate.

Michael Bell of the OpenCA core team identified and fixed the problems
for OpenCA 0.9.1 and the CVS HEAD.

Vulnerabilities
-----------------

1. OpenCA has a library for common crypto operations - crypto-utils.lib.
    This library includes a function to determine the serial of the
    certificate which somebody used to create a PKCS#7 signature. The
    function uses this serial to load and return the certificate. The
    function used the interface of OpenCA::PKCS7 (the OpenCA PKCS#7
    module) in a wrong way.

2. The crypto library crypto-utils.lib uses all certificates which were
    included into the signature to create the X.509 object of the
    signer's certificate. The result is a object which was created from
    one of the certificates of the certificate chain. This means that
    the result is haphazard.

3. OpenCA::PKCS7 includes a wrong regular expression to detect lines
    which have nothing to do with the parsing of the certificate chain.

4. The serial in the certificate chain were parsed with a wrong regular
    expression in OpenCA::PKCS7. Big letters like A, C, B, D, E and F
    were ignored.

Who is affected?
------------------

All version of OpenCA including 0.9.1.3. A security risk is present for
people who are using digital signatures to secure approved requests
or role based access control (RBAC).

Recommendations
-----------------

Upgrade to 0.9.1.4 and use newer snapshots than
openca-0.9-SNAP-20031125.tar.gz. You can fix the problem by yourself too
with the included patches. The original files which we used to create
the diffs are from OpenCA 0.9.1.3.

-----BEGIN PATCH-----

--- openca-0.9.1.3/src/modules/openca-pkcs7/PKCS7.pm    2002-09-10 
16:42:02.000000000 +0200
+++ openca-0.9.1.4/src/modules/openca-pkcs7/PKCS7.pm    2003-11-26 
15:54:08.000000000 +0100
@@ -69,7 +69,7 @@

  our ($errno, $errval);

-($OpenCA::PKCS7::VERSION = '$Revision: 1.12 $' )=~ s/(?:^.*: 
(\d+))|(?:\s+\$$)/defined $1?"0\.9":""/eg;
+($OpenCA::PKCS7::VERSION = '$Revision: 1.12.2.1 $' )=~ s/(?:^.*: 
(\d+))|(?:\s+\$$)/defined $1?"0\.9":""/eg;

  my %params = (
          inFile => undef,
@@ -167,6 +167,8 @@

         my ( $ret, $tmp );

+       return $self->{parsed} if ($self->{parsed});
+
         $tmp = $self->{backend}->verify( SIGNATURE=>$self->{signature},
                         DATA_FILE=>$self->{dataFile},
                         CA_CERT=>$self->{caCert},
@@ -292,10 +294,10 @@
                         ($self->{status}) = ( $line =~ 
/^\s*error:([^:]*):/ );
                 }

-               next if( $line != /^depth/i );
+               next if( $line !~ /^depth/i );

                 ( $currentDepth, $serial, $dn ) =
-                       ( $line =~ /depth:([\d]+) serial:([a-f\d]+) 
subject:(.*)/ );
+                       ( $line =~ /depth:([\d]+) serial:([a-fA-F\d]+) 
subject:(.*)/ );
                 $ret->{$currentDepth}->{SERIAL} = hex ($serial) ;
                 $ret->{$currentDepth}->{DN} = $dn;

--- openca-0.9.1.3/src/common/lib/functions/crypto-utils.lib 
2002-12-22 13:08:19.000000000 +0100
+++ openca-0.9.1.4/src/common/lib/functions/crypto-utils.lib 
2003-11-26 13:04:50.000000000 +0100
@@ -176,19 +176,36 @@
                 return undef;
         }

-       ## Get signer certificate from the pkcs7 structure
-       $sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
-                       DATA => $sig->getSigner()->{CERTIFICATE});
-
-       if( not $sigCert ) {
-               $errno  = 6103;
-               $errval = i18nGettext ("Signer's certificate is 
corrupt!\nOpenCA::X509 returns errorcode __ERRNO__ (__ERRVAL__).",
-                                      "__ERRNO__", $OpenCA::X509::errno,
-                                      "__ERRVAL__", $OpenCA::X509::errval);
-               return undef;
+       ## Get signer certificate chain from the pkcs7 structure
+       my @chain = split /-----END CERTIFICATE-----/,
+                   $sig->getSigner()->{CERTIFICATE};
+       for (my $i=0; $i < scalar @chain; $i++)
+       {
+               if (not $chain[$i])
+               {
+                       delete $chain[$i];
+                       next;
+               }
+               $chain[$i] .= "-----END CERTIFICATE-----";
+               $chain[$i] =~ s/^.*-----BEGIN 
CERTIFICATE-----/-----BEGIN CERTIFICATE-----/s;
+       }
+       $sigCert = undef;
+       for (my $i=0; $i < scalar @chain; $i++)
+       {
+               $sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
+                               DATA => $chain[$i]);
+               if( not $sigCert ) {
+                       $errno  = 6103;
+                       $errval = i18nGettext ("Signer's certificate is 
corrupt!\nOpenCA::X509 returns errorcode __ERRNO__ (__ERRVAL__).",
+                                              "__ERRNO__", 
$OpenCA::X509::errno,
+                                              "__ERRVAL__", 
$OpenCA::X509::errval);
+                       return undef;
+               }
+               last if ( $tmpCert->getSerial() eq $sigCert->getSerial() );
+               $sigCert = undef;
         }

-       if( $tmpCert->getSerial() ne $sigCert->getSerial() ) {
+       if( not $sigCert ) {
                 $errno  = 6104;
                 $errval = gettext ("Signer's Certificate and DB's 
Certificate do not match");
                 return undef;
@@ -281,19 +298,8 @@
                 return undef;
         }

-       my $sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
-                                  DATA => 
$sig->getSigner()->{CERTIFICATE});
-
-       if (not $sigCert) {
-               $errno  = 6302;
-               $errval = i18nGettext ("Cannot create X509-object from 
the certificate of the signer! OpenCA::X509 returns errorcode __ERRNO__ 
(__ERRVAL__).",
-                                      "__ERRNO__", $OpenCA::X509::errno,
-                                      "__ERRVAL__", $OpenCA::X509::errval);
-               return undef;
-       }
-
         my $db_cert = $db->getItem( DATATYPE => 'CERTIFICATE',
-                               KEY => $sigCert->getSerial() );
+                               KEY => $sig->getSigner()->{SERIAL} );

         if( not $db_cert ) {
                 $errno  = 6303;

--- openca-0.9.1.3/src/common/lib/cmds/verifySignature  2003-03-31 
15:45:19.000000000 +0200
+++ openca-0.9.1.4/src/common/lib/cmds/verifySignature  2003-11-26 
13:04:34.000000000 +0100
@@ -11,7 +11,7 @@
  ## Get the Configuration parameters ...
  my ( $parsed, $lnk, $serLink, $sigInfo, $sigStatus, $signer, $signature);
  my ( $baseDoc, $info, $sigCertStatus, $def, $dbStatus, $dbMessage);
-my ( $myCN, $myEmail, $mySerial, @sigCert, $tmpCert, $pCert );
+my ( $myCN, $myEmail, $mySerial, $tmpCert, $pCert );

  ## Get Required Parameters from Configuration
  my $baseDoc    = getRequired ('verifySignatureform');
@@ -53,10 +53,7 @@
  $myDN = $signer->{DN};
  $myDN =~ s/^\///; $myDN =~ s/\//<BR>/g;

-$sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
-                             DATA => $sign->getSigner()->{CERTIFICATE});
-
-$issuerDN = $sigCert->getParsed()->{ISSUER};
+$issuerDN = $sign->getParsed()->{CHAIN}->{1}->{DN};
  $issuerDN =~ s/^\///; $issuerDN =~ s/[\/\,]/<BR>/g;

  ## Check Signature Status
@@ -71,7 +68,7 @@
                 $dbStatus = $errno;
                 $sigStatus = "<FONT 
COLOR=\"Red\">".gettext("Unknown")."</FONT>";

-               $serLink = $sigCert->getSerial();
+               $serLink = $sign->getSigner()->{SERIAL};
         } else {
                 $sigMessage = gettext("Signature correctly verified");
         }
@@ -96,11 +93,7 @@
         $serLink    = $tmpCert->getSerial();
  }

-if( $sigCert ) {
-       $pCert = $sigCert->getParsed();
-} elsif ( $tmpCert ) {
-       $pCert = $tmpCert->getParsed();
-}
+$pCert = $tmpCert->getParsed();

  ## View the Operator Used Certificate Data
  $page = $query->subVar( $page, '@DN@',       ($myDN or "n/a" ) );

--- openca-0.9.1.3/src/common/lib/cmds/viewSignature    2002-12-10 
16:18:15.000000000 +0100
+++ openca-0.9.1.4/src/common/lib/cmds/viewSignature    2003-11-26 
13:04:34.000000000 +0100
@@ -11,7 +11,7 @@
  ## Get the Configuration parameters ...
  my ( $parsed, $lnk, $serLink, $sigInfo, $sigStatus, $signer, $signature);
  my ( $baseDoc, $info, $sigCertStatus, $def, $dbStatus, $dbMessage);
-my ( $myCN, $myEmail, $mySerial, @sigCert, $tmpCert, $pCert );
+my ( $myCN, $myEmail, $mySerial, $tmpCert, $pCert );

  my $dataType   = $query->param('dataType' );
  my $key        = $query->param('key');
@@ -54,9 +54,6 @@
                 name=>"EMAIL", 
value=>$signer->{DN_HASH}->{EMAILADDRESS}[0]} );
  $myEmail = $lnk->a({-href=>$lnk->self_url()}, 
$signer->{DN_HASH}->{EMAILADDRESS}[0]);

-$sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
-                             DATA => 
$signature->getSigner()->{CERTIFICATE});
-
  ## Check Signature Status
  if( not libCheckSignature( SIGNATURE=>$signature ) ) {
         $sigStatus = "<FONT COLOR=\"Red\">".gettext("Error")."</FONT>";
@@ -105,7 +102,7 @@
         $serLink = $lnk->a({-href=>$lnk->self_url()},
                         $tmpCert->getSerial() );

-       $decSerLink = "( " . hex( $sigCert->getSerial() ) . " )";
+       $decSerLink = "( " . hex( $tmpCert->getSerial() ) . " )";

      $lnk = new CGI({cmd      => "search",
                      dataType => "CERTIFICATE",
@@ -114,11 +111,7 @@
      $myEmail = $lnk->a({-href=>$lnk->self_url()}, 
$tmpCert->getParsed()->{EMAILADDRESS});
  }

-if( $sigCert ) {
-       $pCert = $sigCert->getParsed();
-} elsif ( $tmpCert ) {
-       $pCert = $tmpCert->getParsed();
-}
+$pCert = $tmpCert->getParsed();

  ## View the Operator Used Certificate Data
  $page = $query->subVar( $page, '@CN@',       ($myCN or "n/a" ) );
-----END PATCH-----

References
------------

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0960 to this issue.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0960

URL for this Security Advisory:
http://www.openca.org/news/CAN-2003-0960.txt
    

- 漏洞信息

2884
OpenCA Multiple Signature Validation Bypass
Remote / Network Access Cryptographic
Loss of Integrity

- 漏洞描述

OpenCA contains multiple flaws that may allow revoked or expired certificates to be accepted as valid. The issue is triggered because OpenCA fails to properly use the correct certificate in a chain to validate the certificate's serial. It is possible that the flaw may allow revoked/invalid keys being accepted, resulting in unauthorized access or a loss of confidentiality and/or integrity.

- 时间线

2003-12-01 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.9.1.4 or higher, as it has been reported to fix this vulnerability. OpenCA has also released patches that address this issue.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OpenCA Signature Verification Vulnerabilities
Unknown 9123
Yes No
2003-11-28 12:00:00 2009-07-12 12:56:00
Discovery is credited to Chris Covell and Gottfried Scheckenbach.

- 受影响的程序版本

OpenCA OpenCA 0.9.1 -3
OpenCA OpenCA 0.9.1 -2
OpenCA OpenCA 0.9.1 -1
OpenCA OpenCA 0.9.1
OpenCA OpenCA 0.9 .0-2
OpenCA OpenCA 0.9 .0-1
OpenCA OpenCA 0.9 .0
OpenCA OpenCA 0.8.6
OpenCA OpenCA 0.8.1
OpenCA OpenCA 0.8 .0
OpenCA OpenCA 0.9.1 -4

- 不受影响的程序版本

OpenCA OpenCA 0.9.1 -4

- 漏洞讨论

Multiple flaws have been reported in OpenCA which cumulatively could cause a revoked or expired certificate to be accepted. This could present a serious security risk in situations where digital signatures are used to verify the authenticity of content or in access validation.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

This issue has been resolved in OpenCA 0.9.1-4. Snapshots newer than openca-0.9-SNAP-20031125.tar.gz also include fixes for this issue. The vendor has also included a patch in their advisory.


OpenCA OpenCA 0.8 .0

OpenCA OpenCA 0.8.1

OpenCA OpenCA 0.8.6

OpenCA OpenCA 0.9 .0

OpenCA OpenCA 0.9 .0-1

OpenCA OpenCA 0.9 .0-2

OpenCA OpenCA 0.9.1

OpenCA OpenCA 0.9.1 -1

OpenCA OpenCA 0.9.1 -2

OpenCA OpenCA 0.9.1 -3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站