CVE-2004-0004
CVSS7.5
发布时间 :2004-02-17 00:00:00
修订时间 :2016-10-17 22:39:46
NMCOS    

[原文]The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.


[CNNVD]OpenCA Crypto-Utils.Lib签名验证漏洞(CNNVD-200402-067)

        
        OpenCA是一个开放源代码的一个全功能的接口结构,它用来在全PKI环境下管理x509的数字证书。
        OpenCA的crypto-utils.lib库存在漏洞,远程攻击者可以利用这个漏洞可导致OpenCA接收恶意证书。
        OpenCA包含通用加密操作库 - crypto-utils.lib,这个库包含检查签名(libCheckSignature)的函数,这个函数装载OpenCA数据库中已使用的签名证书,及最后确保已使用的签名证书等同于数据库中的证书。
        在数据库中的证书和签名者的证书的对比只执行基于证书序列号的对比,如果签名链可以建立一个OpenCA链目录的受信关系及证书相匹配的序列号存在于已使用的PKI中,受此漏洞影响的函数可以导致接受恶意证书。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0004
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0004
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200402-067
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107427313700554&w=2
(UNKNOWN)  BUGTRAQ  20040116 [OpenCA Advisory] Vulnerability in signature verification
http://www.kb.cert.org/vuls/id/336446
(UNKNOWN)  CERT-VN  VU#336446
http://www.openca.org/news/CAN-2004-0004.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.openca.org/news/CAN-2004-0004.txt
http://www.securityfocus.com/bid/9435
(VENDOR_ADVISORY)  BID  9435
http://xforce.iss.net/xforce/xfdb/14847
(UNKNOWN)  XF  openca-improper-signature-verification(14847)

- 漏洞信息

OpenCA Crypto-Utils.Lib签名验证漏洞
高危 其他
2004-02-17 00:00:00 2005-05-13 00:00:00
远程  
        
        OpenCA是一个开放源代码的一个全功能的接口结构,它用来在全PKI环境下管理x509的数字证书。
        OpenCA的crypto-utils.lib库存在漏洞,远程攻击者可以利用这个漏洞可导致OpenCA接收恶意证书。
        OpenCA包含通用加密操作库 - crypto-utils.lib,这个库包含检查签名(libCheckSignature)的函数,这个函数装载OpenCA数据库中已使用的签名证书,及最后确保已使用的签名证书等同于数据库中的证书。
        在数据库中的证书和签名者的证书的对比只执行基于证书序列号的对比,如果签名链可以建立一个OpenCA链目录的受信关系及证书相匹配的序列号存在于已使用的PKI中,受此漏洞影响的函数可以导致接受恶意证书。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 下面是针对OpenCA 0.9.1.6的补丁:
        -----BEGIN PATCH-----
        --- src/common/lib/functions/crypto-utils.lib 2004-01-15
        12:10:45.000000000 +0100
        +++ src/common/lib/functions/crypto-utils.lib.new 2004-01-15
        12:10:06.000000000 +0100
        @@ -201,7 +201,7 @@
        "__ERRVAL__",
        $OpenCA::X509::errval);
        return undef;
        }
        - last if ( $tmpCert->getSerial() eq $sigCert->getSerial() );
        + last if ( $tmpCert->getPEM() eq $sigCert->getPEM() );
        $sigCert = undef;
        }
        -----END PATCH-----
        厂商补丁:
        OpenCA
        ------
        建议用户采用至少比openca-SNAP-20040114.tar.gz新的OpenCA版本:
        
        http://www.openca.org/

- 漏洞信息

3615
OpenCA crypto-utils.lib libCheckSignature Function Signature Validation Weakness

- 漏洞描述

OpenCA contains a flaw that may allow a malicious user to bypass signature verification of a certificate. The issue is triggered because the libCheckSignature function only performs a check on the base of the serial of the associated certificate. It is possible that the flaw may lead to the acceptance of an invalid or malicious certificate.

- 时间线

2004-01-16 2004-01-16
Unknow Unknow

- 解决方案

Upgrade to version 0.9.1.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OpenCA Crypto-Utils.Lib Signature Verification Vulnerability
Origin Validation Error 9435
Yes No
2004-01-16 12:00:00 2009-07-12 02:06:00
This vulnerability was announced by the vendor and is credited to Alexandru Matei.

- 受影响的程序版本

OpenCA OpenCA 0.9.1 -6
OpenCA OpenCA 0.9.1 -5
OpenCA OpenCA 0.9.1 -4
OpenCA OpenCA 0.9.1 -3
OpenCA OpenCA 0.9.1 -2
OpenCA OpenCA 0.9.1 -1
OpenCA OpenCA 0.9.1
OpenCA OpenCA 0.9 .0-2
OpenCA OpenCA 0.9 .0-1
OpenCA OpenCA 0.9 .0
OpenCA OpenCA 0.9.1 -7

- 不受影响的程序版本

OpenCA OpenCA 0.9.1 -7

- 漏洞讨论

OpenCA have reported a vulnerability in the crypto-utils.lib library. The flaw has been discovered in the manner in which an affected function operates, the affected function only performs a comparison on the base of the serial of the associated certificate. This may inadvertently lead to the acceptance of a malicious certificate.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released an upgrade to address this issue. Users are advised to apply the upgrade and use newer snapshots than openca-SNAP-20040114.tar.gz.


OpenCA OpenCA 0.9 .0

OpenCA OpenCA 0.9 .0-1

OpenCA OpenCA 0.9 .0-2

OpenCA OpenCA 0.9.1

OpenCA OpenCA 0.9.1 -1

OpenCA OpenCA 0.9.1 -2

OpenCA OpenCA 0.9.1 -3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站