CVE-2004-0590
CVSS10.0
发布时间 :2004-12-06 00:00:00
修订时间 :2008-09-05 16:38:50
NMCOPS    

[原文]FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.


[CNNVD]FreeS/WAN X.509证书验证漏洞(CNNVD-200412-026)

        
        IPSEC是一款IP安全扩展,提供IP通信验证和加密,Free/SWan是IPSEC在DEBIAN的实现。
        FreeS/WAN存在证书验证问题,远程攻击者可以利用这个漏洞伪造证书进行欺骗,访问VPN服务器等。
        当FreeS/WAN使用PKCS#7封装的X.509证书的IPSec连接时,FreeS/WAN可被欺骗对伪造证书进行验证。
        如果攻击者构建一个CA证书,并且用户使用相同主题的证书,就可以被FreeS/WAN不正确地验证。利用这个漏洞,攻击者可以成功的通过FreeS/WAN VPN服务器验证。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:frees_wan:frees_wan:2
cpe:/a:openswan:openswan:2
cpe:/a:frees_wan:super_frees_wan:1
cpe:/a:openswan:openswan:1
cpe:/a:strongswan:strongswan:2.1.2
cpe:/a:frees_wan:frees_wan:1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0590
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0590
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-026
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16515
(VENDOR_ADVISORY)  XF  ipsec-verifyx509cert-auth-bypass(16515)
http://www.openswan.org/support/vuln/can-2004-0590/
(VENDOR_ADVISORY)  CONFIRM  http://www.openswan.org/support/vuln/can-2004-0590/
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2004:070
http://security.gentoo.org/glsa/glsa-200406-20.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200406-20

- 漏洞信息

FreeS/WAN X.509证书验证漏洞
危急 访问验证错误
2004-12-06 00:00:00 2005-10-20 00:00:00
远程  
        
        IPSEC是一款IP安全扩展,提供IP通信验证和加密,Free/SWan是IPSEC在DEBIAN的实现。
        FreeS/WAN存在证书验证问题,远程攻击者可以利用这个漏洞伪造证书进行欺骗,访问VPN服务器等。
        当FreeS/WAN使用PKCS#7封装的X.509证书的IPSec连接时,FreeS/WAN可被欺骗对伪造证书进行验证。
        如果攻击者构建一个CA证书,并且用户使用相同主题的证书,就可以被FreeS/WAN不正确地验证。利用这个漏洞,攻击者可以成功的通过FreeS/WAN VPN服务器验证。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * Andreas Steffen <andreas.steffen@strongsec.net>针对openswan-2.x, strongswan-2.x和所有X.509 patches for freeswan-2.x提供如下第三方补丁:
        diff -urN strongswan-2.1.1/programs/pluto/x509.c strongswan-2.1.2/programs/pluto/x509.c
        --- strongswan-2.1.1/programs/pluto/x509.c Thu Apr 1 20:44:38 2004
        +++ strongswan-2.1.2/programs/pluto/x509.c Wed Jun 16 18:22:43 2004
        @@ -1852,6 +1852,12 @@
        {
        *until = cert->notAfter;
        + if (same_dn(cert->issuer, cert->subject))
        + {
        + plog("end certificate with identical subject and issuer not accepted");
        + return FALSE;
        + }
        +
        for (;;)
        {
        x509cert_t *issuer_cert;
        厂商补丁:
        FreeS/WAN
        ---------
        Gentoo linux用户可安装如下命令升级:
        # emerge sync
        # emerge -pv "=net-misc/freeswan-1.99-r1"
        # emerge "=net-misc/freeswan-1.99-r1"
        # emerge sync
        # emerge -pv ">=net-misc/freeswan-2.04-r1"
        # emerge ">=net-misc/freeswan-2.04-r1"
        # emerge sync
        # emerge -pv "=net-misc/openswan-1.0.6_rc1"
        # emerge "=net-misc/openswan-1.0.6_rc1"
        # emerge sync
        # emerge -pv ">=net-misc/openswan-2.1.4"
        # emerge ">=net-misc/openswan-2.1.4"
        All strongSwan users should upgrade to the latest stable version:
        # emerge sync
        # emerge -pv ">=net-misc/strongswan-2.1.3"
        # emerge ">=net-misc/strongswan-2.1.3"
        # emerge sync
        # emerge -pv "=net-misc/openswan-1.0.6_rc1"
        # emerge "=net-misc/openswan-1.0.6_rc1"

- 漏洞信息 (F33669)

Openswan.txt (PacketStormID:F33669)
2004-06-29 00:00:00
 
advisory
CVE-2004-0590
[点击下载]

Two authentication errors within a verify_x509cert() function allows for malicious people to bypass security restrictions. Affected products include: superfreeswan 1.x, openswan 1.x to 2.x, strongSwan below 2.1.3, and any version of FreeS/WAN 1.x or 2.x with the X.509 patch.

Certificate chain authentication in Openswan pluto

Published:
    2004-06-28 
Revision of advisory:
    1.0 Initial Release 
    1.1 Add note about infinite loop CA checking. 
Location
    http://www.openswan.org/support/vuln/can-2004-0590 
CVE:
    CAN-2004-0590 

This problem was discovered by Thomas Walpuski of IKS GmbH Jena.

No exploit is known to be available.


      Affected system(s)

KNOWN VULNERABLE: Linux systems running 2.0, 2.2, 2.4 or 2.6 kernels,
that are using IPsec with pluto as the IKE daemon.

    * superfreeswan 1.x (all revisions with X.509 patch)
    * openswan 1.x < 1.0.6
    * openswan 2.x < 2.1.4
    * strongSwan < 2.1.3
    * Any version of FreeS/WAN 1.x with X.509 patch < 0.9.41
    * Any version of FreeS/WAN 2.x with X.509 patch < 1.6.1 

To be vulnerable one must be using X.509/pkix key material that is
authenticated with a CA.

Self-signed certificates that are loaded from disk are not affected, nor
are PSK, RSA (from disk or DNS) or Opportunistic Encryption.


      Summary

Given a policy exists that is based upon X.509 DN identities that
permits identity "B" to establish some kind of tunnel with a gateway or
end system, and B's credentials may be attested to by a trusted
Certificate Authority "A".

This vulnerability permits a malicious end-system to make up their own
Certificate Authority A' such that it has issuer=B, and subject=A',
followed by a self-signed end-certificate with issuer B and subject B.
When presented, this certificate chain will validate permitting the
attacker to impersonate B.

The attacker must know a valid DN B to use, and must match the policy
which B is authorized to use. As openswan does not use aggressive mode
by default, (and does not include it in version 2), it is not possible
to learn identity B by passive eavesdropping. B may be guessed,
determined by social engineering, or may be retrieved by an active
man-in-the-middle attack.

An additional hole exists in the CA checking code which could create an
endless loop in verify_x509cert(), given the following chain:

User cert   subject: A  issuer: B
CA cert     subject: B  issuer: C
CA cert     subject: C  issuer: B


      Vendor status and information

Openswan
    http://www.openswan.org/ 
StrongSwan
    http://www.strongswan.org/ 
FreeS/WAN
    http://www.freeswan.org/ - no longer active 

All vendors have been notified and have provided patched versions.


      Solution

    * a) apply patch or upgrade to >=1.0.6 or >=2.1.4 versions of
      Openswan. patch file
      <http://anoncvs.openswan.org/cgi-bin/viewcvs.cgi/openswan-1/pluto/x509.c.diff?r1=1.23&r2=1.25&diff_format=u>

    * b) only accept certificates for the remote system which are signed
      by the same CA as the local system. This can be done by setting
      "rightca=%same". 


      Detailed analysis

The mechanism which is used to authenticate the certificate chain
presented by an end-system errorneously sees the issuer=B/subject=B as a
trusted root CA when it has not yet been verified.

Openswan test case fail-x509-09 provides a more detailed analysis.


      Contact Information

   Xelerance Corporation
   Email:  vuln@xelerance.com
   Web:    http://www.xelerance.com/
   Phone:  +1 905 257 3392


      About CAN

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2004-0590 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

    

- 漏洞信息

7281
Swan Products X.509 Certificate Validation Bypass and DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-06-28 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

FreeS/WAN X.509 Patch Certificate Verification Vulnerability
Access Validation Error 10611
Yes No
2004-06-25 12:00:00 2009-07-12 05:16:00
Discovery of this vulnerability is credited to Thomas Walpuski <thomas@unproved.org>.

- 受影响的程序版本

Super FreeS/WAN Super FreeS/WAN 1.99.7 .3
strongSwan strongSwan 2.1.3
Openswan Openswan 2.1.2
Openswan Openswan 2.1.1
Openswan Openswan 1.0.5
Openswan Openswan 1.0.4
Gentoo Linux 1.4 _rc3
Gentoo Linux 1.4 _rc2
Gentoo Linux 1.4 _rc1
Gentoo Linux 1.4
FreeS/WAN FreeS/WAN 2.4 -r1
FreeS/WAN FreeS/WAN 1.9.6
- Debian Linux 3.0 sparc
- Debian Linux 3.0 s/390
- Debian Linux 3.0 ppc
- Debian Linux 3.0 mipsel
- Debian Linux 3.0 mips
- Debian Linux 3.0 m68k
- Debian Linux 3.0 ia-64
- Debian Linux 3.0 ia-32
- Debian Linux 3.0 hppa
- Debian Linux 3.0 arm
- Debian Linux 3.0 alpha
FreeS/WAN FreeS/WAN 1.9.5
FreeS/WAN FreeS/WAN 1.9.4
FreeS/WAN FreeS/WAN 1.9.3
FreeS/WAN FreeS/WAN 1.9.2
FreeS/WAN FreeS/WAN 1.9.1
FreeS/WAN FreeS/WAN 1.9
Andreas Steffen x509 patch 1.5.5
Andreas Steffen x509 patch 1.5.4
Andreas Steffen x509 patch 0.9.39
Andreas Steffen x509 patch 1.6.1
+ FreeS/WAN FreeS/WAN 2.4 -r1
+ FreeS/WAN FreeS/WAN 2.0 5
+ FreeS/WAN FreeS/WAN 2.0 4
Andreas Steffen x509 patch 0.9.41
+ FreeS/WAN FreeS/WAN 1.99

- 不受影响的程序版本

Andreas Steffen x509 patch 1.6.1
+ FreeS/WAN FreeS/WAN 2.4 -r1
+ FreeS/WAN FreeS/WAN 2.0 5
+ FreeS/WAN FreeS/WAN 2.0 4
Andreas Steffen x509 patch 0.9.41
+ FreeS/WAN FreeS/WAN 1.99

- 漏洞讨论

FreeS/WAN X.509 patch is reported susceptible to a certificate verification vulnerability.

When the vulnerable implementation is negotiating an IPSec connection using PKCS#7 wrapped X.509 certificates, it can be fooled into authenticating fake certificates.

If an attacker crafts a Certificate Authority (CA) certificate and a user certificate with identical subjects, they can reportedly be improperly authenticated by FreeS/WAN.

Using this vulnerability, an attacker could potentially successfully authenticate to a FreeS/WAN VPN server. Further attacks on machines now accessible to the attacker are likely possible.

**Update: This vulnerability was previously thought to exist in the FreeS/WAN application, however, new information suggests that the issue is present in the X.509 patch for the application.

- 漏洞利用

An exploit is not required.

- 解决方案

Gentoo has released advisory GLSA 200406-20 to address this issue. Gentoo have advised the following:
All FreeS/WAN 1.9x users should upgrade to the latest stable version:
# emerge sync
# emerge -pv "=net-misc/freeswan-1.99-r1"
# emerge "=net-misc/freeswan-1.99-r1"

All FreeS/WAN 2.x users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-misc/freeswan-2.04-r1"
# emerge ">=net-misc/freeswan-2.04-r1"

All Openswan 1.x users should upgrade to the latest stable version:
# emerge sync
# emerge -pv "=net-misc/openswan-1.0.6_rc1"
# emerge "=net-misc/openswan-1.0.6_rc1"

All Openswan 2.x users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-misc/openswan-2.1.4"
# emerge ">=net-misc/openswan-2.1.4"

All strongSwan users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-misc/strongswan-2.1.3"
# emerge ">=net-misc/strongswan-2.1.3"

All Super-FreeS/WAN users should migrate to the latest stable version
of Openswan. Note that Portage will force a move for Super-FreeS/WAN
users to Openswan:
# emerge sync
# emerge -pv "=net-misc/openswan-1.0.6_rc1"
# emerge "=net-misc/openswan-1.0.6_rc1"

Mandrake has released an advisory (MDKSA-2004:070) to address this issue. Please see the referenced advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站