Overriding built-in certificate leading to error -8182 (DoS), especially exploitable by email

Automatically imported from Debian bug report #257559 http://bugs.debian.org/257559

Message-ID: <email address hidden>
Date: Sun, 04 Jul 2004 12:11:31 +0200
From: marcel boesch <email address hidden>
To: <email address hidden>
CC: marcel boesch <email address hidden>
Subject: Overriding built-in certificate leading to error -8182 (DoS), especially
 exploitable by email

Package: Mozilla
Version: 1.6, 1.7

Description of problem:

/*(see https://banquo.inf.ethz.ch:8080/ for a close description)*/
/*Mozilla.org has been informed and a bug has been filed*/

Importing a self-made certificate (call it x) with the same DN as a
built-in CA root cert (called b) overrides the built-in one:
trying to open a SSL page protected by a cert signed by b throws an
error -8182 ('certificate presented by xyz.com is invalid or corrupt')
-> Denial of Service.

This could be automated when importing x via mime type
application/x-x509-email-cert, causing Mozilla to import the cert
silently (bug Nr. 2).
This is also possible via email messages, calling the cert x link
inside an <iframe> tag, leading to a silent import of x when opening
or previewing the message (bug Nr. 3).

Conclusion: fully automatical DoS of the entire cert store via email
is possible, no user interaction needed.

How reproducible:
always. Tested with Mozilla 1.6 and 1.7
Mozilla 1.0.2 is NOT vulnerable.

Steps to Reproduce:
1. craft a self-signed cert (openssl) with the same DN as a built-in
CA root cert.
2. import it into the cert store, either manually or by providing it
as pem
encoded using the mime content type application/x-x509-email-cert for
_silent
import_.
3. Your certificate store is "corrupted" from this time on: open a web
site
protected by an SSL certificate signed by the root CA cert you've been
forging and you'll get an error -8182.

4. The same could be reached via email when including an <ifram>
pointing to the
certs' location, leading to fully automatical silent import of the cert.

Actual Results:
Mozilla imports the "forged" root cert into the "authorities" tab of
the cert
manager as an untrusted root. You can identify it by the column "security
device": its stored in the "software security device" instead of the
"Builtin
Object Token". However your certificate store is "corrupted" from this
time on:
open a web site protected by an SSL certificate signed by the root CA cert
you've been forging and you'll get an error -8182.

Expected Results:
Mozilla silently (without any warning/message!) imports the root cert
into the
"authorities" tab of the cert manager as an untrusted root when
serving it as
type application/x-x509-email-cert. According to the principles
Visibility and
Clarity for 'safe and secure CA-related UI-Dialogs' proposed in
chapter 4.2. of
my diploma thesis, instead of no user-feedback, an adequate treatment
of this
situation would be to show the import dialogue.

During my diploma thesis on Rogue CA's possibilities, one part of the
work was to evaluate today's browsing software.

Contact me: This bug was found as part of my diploma thesis which is
still going on. If you have any suggestions or ideas, contact me at
<email address hidden> <mailto:<email address hidden>> (PGP Key:
0x0AA132A7141D27C8

Message-ID: <email address hidden>
Date: Sun, 04 Jul 2004 20:46:18 +0200
From: marcel boesch <email address hidden>
To: <email address hidden>
Subject: Update: Cross-links

The bug is also tracked at
Http://bugzilla.mozilla.org/show_bug.cgi?id=249004
and Https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186

Message-Id: <20040716023306.4572D200072@localhost>
Date: Fri, 16 Jul 2004 11:33:06 +0900
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: reassign 257559 to mozilla-psm

# Automatically generated email from bts, devscripts version 2.7.95.1
reassign 257559 mozilla-psm

Message-Id: <20040716023326.7AE9C200072@localhost>
Date: Fri, 16 Jul 2004 11:33:26 +0900
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: bug 257559 is forwarded to http://bugzilla.mozilla.org/show_bug.cgi?id=249004

# Automatically generated email from bts, devscripts version 2.7.95.1
forwarded 257559 http://bugzilla.mozilla.org/show_bug.cgi?id=249004

Message-Id: <email address hidden>
Date: Sun, 18 Jul 2004 02:31:59 +0900
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: reassign merge

reassign 259946 mozilla-psm
forwarded 259946 http://bugzilla.mozilla.org/show_bug.cgi?id=249004
tag 257559 security
severity 257559 grave
severity 259946 grave
merge 257559 259946
stop

*** Bug 7084 has been marked as a duplicate of this bug. ***

Message-Id: <email address hidden>
Date: Wed, 21 Jul 2004 11:17:17 -0400
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: Bug#257559: fixed in mozilla 2:1.7.1-2

Source: mozilla
Source-Version: 2:1.7.1-2

We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:

libnspr-dev_1.7.1-2_i386.deb
  to pool/main/m/mozilla/libnspr-dev_1.7.1-2_i386.deb
libnspr4_1.7.1-2_i386.deb
  to pool/main/m/mozilla/libnspr4_1.7.1-2_i386.deb
libnss-dev_1.7.1-2_i386.deb
  to pool/main/m/mozilla/libnss-dev_1.7.1-2_i386.deb
libnss3_1.7.1-2_i386.deb
  to pool/main/m/mozilla/libnss3_1.7.1-2_i386.deb
mozilla-browser_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-browser_1.7.1-2_i386.deb
mozilla-calendar_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-calendar_1.7.1-2_i386.deb
mozilla-chatzilla_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-chatzilla_1.7.1-2_i386.deb
mozilla-dev_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-dev_1.7.1-2_i386.deb
mozilla-dom-inspector_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-dom-inspector_1.7.1-2_i386.deb
mozilla-js-debugger_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-js-debugger_1.7.1-2_i386.deb
mozilla-mailnews_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-mailnews_1.7.1-2_i386.deb
mozilla-psm_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla-psm_1.7.1-2_i386.deb
mozilla_1.7.1-2.diff.gz
  to pool/main/m/mozilla/mozilla_1.7.1-2.diff.gz
mozilla_1.7.1-2.dsc
  to pool/main/m/mozilla/mozilla_1.7.1-2.dsc
mozilla_1.7.1-2_i386.deb
  to pool/main/m/mozilla/mozilla_1.7.1-2_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Takuo KITAME <email address hidden> (supplier of updated mozilla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 18 Jul 2004 02:33:36 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.1-2
Distribution: unstable
Urgency: high
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Takuo KITAME <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla sui...

Considering synching 1.7.1-2

sync requested

Sync completed