Debian
mbedtls package

CVE-2017-14032 - certificate authentication bypass

Bug #1714640 reported by James Cowgill
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mbedtls (Debian)
Fix Released
Unknown
mbedtls (Ubuntu)
Fix Released
Medium
James Cowgill
Xenial
Fix Released
Medium
James Cowgill
Zesty
Fix Released
Medium
James Cowgill
Artful
Fix Released
Medium
James Cowgill

Bug Description

The following security bug was published for mbedtls:

[Vulnerability]
If a malicious peer supplies an X.509 certificate chain that has more
than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (which by default is
8), it could bypass authentication of the certificates, when the
authentication mode was set to 'optional' eg.
MBEDTLS_SSL_VERIFY_OPTIONAL. The issue could be triggered remotely by
both the client and server sides.

If the authentication mode, which can be set by the function
mbedtls_ssl_conf_authmode(), was set to 'required' eg.
MBEDTLS_SSL_VERIFY_REQUIRED which is the default, authentication would
occur normally as intended.

[Impact]
Depending on the platform, an attack exploiting this vulnerability could
allow successful impersonation of the intended peer and permit
man-in-the-middle attacks.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

As far as I can tell, mbed TLS in xenial, zesty and artful are affected. No version of polarssl is affected.

Tags: patch

CVE References

James Cowgill (jcowgill)
information type: Private Security → Public Security
Bug Watch Updater (bug-watch-updater)
Changed in mbedtls (Debian):
status: Unknown → Fix Released
Revision history for this message
James Cowgill (jcowgill) wrote :
Revision history for this message
James Cowgill (jcowgill) wrote :
Revision history for this message
James Cowgill (jcowgill) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "mbedtls-2.2.1-2ubuntu0.2.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Revision history for this message
James Cowgill (jcowgill) wrote :

The attached patches should fix this bug in xenial, zesty and artful. I have tested them using the certificate chain I used in the Debian bug report. The existing build tests / autopkgtests still pass.

Changed in mbedtls (Ubuntu):
status: New → Confirmed
Revision history for this message
Simon Quigley (tsimonq2) wrote :

Sponsoring to Artful (patch lgtm, thank you!) and unsubscribing ~ubuntu-sponsors. ~ubuntu-security-sponsors can take it from here.

Thank you for your contribution to Ubuntu!

Changed in mbedtls (Ubuntu Artful):
status: Confirmed → Fix Committed
Changed in mbedtls (Ubuntu Xenial):
importance: Undecided → Medium
Changed in mbedtls (Ubuntu Zesty):
importance: Undecided → Medium
Changed in mbedtls (Ubuntu Artful):
importance: Undecided → Medium
Changed in mbedtls (Ubuntu Xenial):
assignee: nobody → James Cowgill (jcowgill)
Changed in mbedtls (Ubuntu Zesty):
assignee: nobody → James Cowgill (jcowgill)
Changed in mbedtls (Ubuntu Artful):
assignee: nobody → James Cowgill (jcowgill)
Changed in mbedtls (Ubuntu Xenial):
status: New → Confirmed
Changed in mbedtls (Ubuntu Zesty):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mbedtls - 2.5.1-1ubuntu1

---------------
mbedtls (2.5.1-1ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: If optional authentication is configured, allows
    remote attackers to bypass peer authentication via an X.509 certificate
    chain with many intermediates. (LP: #1714640)
    - debian/patches/CVE-2017-14032.patch, backport two upstream patches to
      return and handle a new "fatal error" error code in case of long
      certificate chains.
    - CVE-2017-14032

 -- James Cowgill <email address hidden> Wed, 06 Sep 2017 21:11:46 -0500

Changed in mbedtls (Ubuntu Artful):
status: Fix Committed → Fix Released
Revision history for this message
Tyler Hicks (tyhicks) wrote :

These debdiffs look good to me. They're currently building in the ubuntu-security-proposed PPA and I'll be releasing them in xenial and zesty shortly. Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mbedtls - 2.4.2-1ubuntu0.1

---------------
mbedtls (2.4.2-1ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: If optional authentication is configured, allows
    remote attackers to bypass peer authentication via an X.509 certificate
    chain with many intermediates. (LP: #1714640)
    - debian/patches/CVE-2017-14032.patch, backport two upstream patches to
      return and handle a new "fatal error" error code in case of long
      certificate chains.
    - CVE-2017-14032

 -- James Cowgill <email address hidden> Wed, 06 Sep 2017 21:03:02 +0100

Changed in mbedtls (Ubuntu Zesty):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mbedtls - 2.2.1-2ubuntu0.2

---------------
mbedtls (2.2.1-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: If optional authentication is configured, allows
    remote attackers to bypass peer authentication via an X.509 certificate
    chain with many intermediates. (LP: #1714640)
    - debian/patches/CVE-2017-14032.patch, backport two upstream patches to
      return and handle a new "fatal error" error code in case of long
      certificate chains.
    - CVE-2017-14032

 -- James Cowgill <email address hidden> Wed, 06 Sep 2017 21:00:51 +0100

Changed in mbedtls (Ubuntu Xenial):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.