Posted by nahi on 27 Jun 2013
A vulnerability in Ruby’s SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority.
This vulnerability has been assigned the CVE identifier CVE-2013-4073.
Summary
Ruby’s SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes.
Details
OpenSSL::SSL.verify_certificate_identity implements RFC2818 Server
Identity check for Ruby’s SSL client but it does not properly handle
hostnames in the subjectAltName X509 extension that contain null bytes.
Existing code in lib/openssl/ssl.rb uses OpenSSL::X509::Extension#value
for extracting identity from subjectAltName. Extension#value depends on the
OpenSSL function X509V3_EXT_print() and for dNSName of subjectAltName it
utilizes sprintf() that is known as null byte unsafe. As a result
Extension#value returns ‘www.ruby-lang.org’ if the subjectAltName is
‘www.ruby-lang.org\0.example.com’ and
OpenSSL::SSL.verify_certificate_identity wrongly identifies the
certificate as one for ‘www.ruby-lang.org’.
When a CA that is trusted by an SSL client allows to issue a server certificate that has a null byte in subjectAltName, remote attackers can obtain the certificate for ‘www.ruby-lang.org\0.example.com’ from the CA to spoof ‘www.ruby-lang.org’ and do a man-in-the-middle attack between Ruby’s SSL client and SSL servers.
Affected versions
- All ruby 1.8 versions prior to ruby 1.8.7 patchlevel 374
- All ruby 1.9 versions prior to ruby 1.9.3 patchlevel 448
- All ruby 2.0 versions prior to ruby 2.0.0 patchlevel 247
- prior to trunk revision 41671
Solution
All users are recommended to upgrade to Ruby 2.0.0-p247, 1.9.3-p448 or 1.8.7-p374.
Credit
This vulnerability has been found by William (B.J.) Snow Orvis and coordinated with security@ruby-lang.org by David Thiel from iSEC Partners.
History
- Originally published at 2013-06-27 11:00:00 (UTC)