mozilla: Overriding built-in certificate leading to error -8182 (DoS), especially exploitable by email

Message-ID: <email address hidden>
Date: Sat, 17 Jul 2004 15:20:01 +0200
From: Martin Helas <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: mozilla: Overriding built-in certificate leading to error -8182 (DoS),
 especially exploitable by email

--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mozilla
Version: Overriding built-in certificate leading to error -8182 (DoS), espe=
cially exploitable by email
Severity: critical
Tags: security

Please have a look at
http://bugzilla.mozilla.org/show_bug.cgi?id=3D249004

Importing a self-made certificate (call it x) with the same DN (but differe=
nt
serial nr) as a built-in CA root cert (called b) overrides the built-in one:
trying to open a SSL page protected by a cert signed by b throws an error -=
8182
('certificate presented by xyz.com is invalid or corrupt') -> Denial of Ser=
vice.

This bug may also effect other packages (e.g. mozilla-firefox)

Greetings
Martin

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7
Locale: LANG=3Den_US.ISO-8859-15, LC_CTYPE=3Den_US.ISO-8859-15
--=20
  Martin Helas <email address hidden> or <email address hidden>
  http://www.helas.net or http://mhelas.blogspot.com
  GPGKey-Fingerprint: 14744CACEF5CECFAE29E2CB17929AB90F7AC3AF0

--ZPt4rx8FFjLCG7dd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA+SeBeSmrkPesOvARAoHlAJ9dxU7+VA/MyJFpXyHQstIx9xJtYwCeOg6+
U8r0omXM+4/DlhxGohVifNY=
=p7oi
-----END PGP SIGNATURE-----

--ZPt4rx8FFjLCG7dd--

Message-Id: <email address hidden>
Date: Sun, 18 Jul 2004 02:31:59 +0900
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: reassign merge

reassign 259946 mozilla-psm
forwarded 259946 http://bugzilla.mozilla.org/show_bug.cgi?id=249004
tag 257559 security
severity 257559 grave
severity 259946 grave
merge 257559 259946
stop

Marking as duplicate based on debbugs merge (257559,259946)

This bug has been marked as a duplicate of bug 7076.

Message-Id: <email address hidden>
Date: Wed, 21 Jul 2004 11:17:17 -0400
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: Bug#257559: fixed in mozilla 2:1.7.1-2

Source: mozilla
Source-Version: 2:1.7.1-2

We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:

libnspr-dev_1.7.1-2_i386.deb
  to pool/main/m/mozilla/libnspr-dev_1.7.1-2_i386.deb
libnspr4_1.7.1-2_i386.deb
  to pool/main/m/mozilla/libnspr4_1.7.1-2_i386.deb
libnss-dev_1.7.1-2_i386.deb
  to pool/main/m/mozilla/libnss-dev_1.7.1-2_i386.deb
libnss3_1.7.1-2_i386.deb
  to pool/main/m/mozilla/libnss3_1.7.1-2_i386.deb
mozilla-browser_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-browser_1.7.1-2_i386.deb
mozilla-calendar_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-calendar_1.7.1-2_i386.deb
mozilla-chatzilla_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-chatzilla_1.7.1-2_i386.deb
mozilla-dev_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-dev_1.7.1-2_i386.deb
mozilla-dom-inspector_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-dom-inspector_1.7.1-2_i386.deb
mozilla-js-debugger_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-js-debugger_1.7.1-2_i386.deb
mozilla-mailnews_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-mailnews_1.7.1-2_i386.deb
mozilla-psm_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-psm_1.7.1-2_i386.deb
mozilla_1.7.1-2.diff.gz
  to pool/main/m/mozilla/mozilla_1.7.1-2.diff.gz
mozilla_1.7.1-2.dsc
  to pool/main/m/mozilla/mozilla_1.7.1-2.dsc
mozilla_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla_1.7.1-2_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Takuo KITAME <email address hidden> (supplier of updated mozilla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 18 Jul 2004 02:33:36 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.1-2
Distribution: unstable
Urgency: high
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Takuo KITAME <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla sui...