[Secure-testing-team] Bug#797470: dnsval: val_dane_check: usage DANE-TA(2) may bypass cert validation entirely
Thomas Fargeix
debian-bt at burzmali.com
Sun Aug 30 21:08:58 UTC 2015
Source: dnsval
Version: 2.0-1.1
Severity: grave
Tags: security upstream
Justification: user security hole
Dear Maintainer,
With the version 2.0 of the libval library, val_dane_check() completely fails to verify the certificate and always returns a success status when used with the DANE-TA(2) usage. An unsuspecting application using libval 2.0 could be tricked into trusting any certificate that is provided.
For example, with the DNS record:
example.net. IN TLSA 2 0 1 aaaaa
val_dane_check() assumes that "aaaaa" is a valid DER-encoded certificate, and passes it without validation to OpenSSL as a trusted anchor certificate. After that, any certificate is accepted by SSL_get_verify_result() (as seen in libval.c, lines 768 to 784).
Please note that I did not find any CVE nor upstream bug report regarding this issue, and the library is still considered as experimental by its authors. The bug has already been reported in May 2013 on the IETF DANE Working Group mailing list by Viktor Dukhovni and acknowledged by Suresh Krishnaswamy (libval's developper):
https://mailarchive.ietf.org/arch/msg/dane/QySBNeQevpD3gZCLJp1ohqPpaxc
I have only partially tested the version 2.1 of libval (which is in the experimental depot), but could not reproduce the same issue. In addition, the code was completely rewritten and the logical flow modified, so the 2.1 API is incompatible with version 2.0.
-- System Information:
Debian Release: 8.1
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
More information about the Secure-testing-team
mailing list