[Secure-testing-team] Bug#702976: epiphany-browser: domainname not checked on https

Christoph Anton Mitterer calestyo at scientia.net
Wed Mar 13 16:29:16 UTC 2013 

Package: epiphany-browser
Version: 3.4.2-2.1
Severity: critical
Tags: security
Justification: breaks unrelated software


Hi.

Marking this as critical/breask-unrealted-software, as it may allow
attackers to spoof people into downloading forged software/etc.


It seems that epiphany does at least not check the domainname correctly
when connection to a site via https.

For example, when I go to:
https://physik.lmu.de/~mitterer/
it redirects me automatically to
https://homepages.physik.uni-muenchen.de/~mitterer/
without any complaining.

The certificate presented by that server, is however only issued
for the CN homepages.physik.uni-muenchen.de.

That means that an attacker can easily redirect me to a site with
a valid cert, which is under his control.


Cheers,
Chris.


-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.8-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages epiphany-browser depends on:
ii  dbus-x11                   1.6.8-1
ii  epiphany-browser-data      3.4.2-2.1
ii  gnome-icon-theme           3.4.0-2
ii  gsettings-desktop-schemas  3.4.2-3
ii  iso-codes                  3.41-1
ii  libavahi-client3           0.6.31-2
ii  libavahi-common3           0.6.31-2
ii  libavahi-gobject0          0.6.31-2
ii  libc6                      2.13-38
ii  libcairo2                  1.12.2-3
ii  libgdk-pixbuf2.0-0         2.26.1-1
ii  libgirepository-1.0-1      1.32.1-1
ii  libglib2.0-0               2.33.12+really2.32.4-5
ii  libgnome-keyring0          3.4.1-1
ii  libgtk-3-0                 3.4.2-6
ii  libice6                    2:1.0.8-2
ii  libnotify4                 0.7.5-2
ii  libnspr4                   2:4.9.5-1
ii  libnspr4-0d                2:4.9.5-1
ii  libnss3                    2:3.14.2-1
ii  libnss3-1d                 2:3.14.2-1
ii  libpango1.0-0              1.30.0-1
ii  libseed-gtk3-0             3.2.0-2
ii  libsm6                     2:1.2.1-2
ii  libsoup-gnome2.4-1         2.38.1-2
ii  libsoup2.4-1               2.38.1-2
ii  libsqlite3-0               3.7.15.2-1
ii  libwebkitgtk-3.0-0         1.8.1-3.4
ii  libx11-6                   2:1.5.0-1
ii  libxml2                    2.8.0+dfsg1-7+nmu1
ii  libxslt1.1                 1.1.26-14

Versions of packages epiphany-browser recommends:
ii  ca-certificates  20130119
ii  evince           3.4.0-3.1
ii  yelp             3.4.2-1+b1

Versions of packages epiphany-browser suggests:
ii  epiphany-extensions  3.4.0-2

-- no debconf information

More information about the Secure-testing-team mailing list