漏洞信息详情
FreeS/WAN X.509证书验证漏洞
- CNNVD编号:CNNVD-200412-026
- 危害等级: 超危
- CVE编号: CVE-2004-0590
- 漏洞类型: 访问验证错误
- 发布时间: 2004-06-25
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: openswan
- 漏洞来源: Thomas Walpuski※ t...
漏洞简介
IPSEC是一款IP安全扩展,提供IP通信验证和加密,Free/SWan是IPSEC在DEBIAN的实现。 FreeS/WAN存在证书验证问题,远程攻击者可以利用这个漏洞伪造证书进行欺骗,访问VPN服务器等。 当FreeS/WAN使用PKCS#7封装的X.509证书的IPSec连接时,FreeS/WAN可被欺骗对伪造证书进行验证。 如果攻击者构建一个CA证书,并且用户使用相同主题的证书,就可以被FreeS/WAN不正确地验证。利用这个漏洞,攻击者可以成功的通过FreeS/WAN VPN服务器验证。
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* Andreas Steffen [email protected]>针对openswan-2.x, strongswan-2.x和所有X.509 patches for freeswan-2.x提供如下第三方补丁:
diff -urN strongswan-2.1.1/programs/pluto/x509.c strongswan-2.1.2/programs/pluto/x509.c
--- strongswan-2.1.1/programs/pluto/x509.c Thu Apr 1 20:44:38 2004
+++ strongswan-2.1.2/programs/pluto/x509.c Wed Jun 16 18:22:43 2004
@@ -1852,6 +1852,12 @@
{
*until = cert->notAfter;
+ if (same_dn(cert->issuer, cert->subject))
+ {
+ plog("end certificate with identical subject and issuer not accepted");
+ return FALSE;
+ }
+
for (;;)
{
x509cert_t *issuer_cert; 厂商补丁: FreeS/WAN --------- Gentoo linux用户可安装如下命令升级:
# emerge sync
# emerge -pv "=net-misc/freeswan-1.99-r1"
# emerge "=net-misc/freeswan-1.99-r1"
# emerge sync
# emerge -pv ">=net-misc/freeswan-2.04-r1"
# emerge ">=net-misc/freeswan-2.04-r1"
# emerge sync
# emerge -pv "=net-misc/openswan-1.0.6_rc1"
# emerge "=net-misc/openswan-1.0.6_rc1"
# emerge sync
# emerge -pv ">=net-misc/openswan-2.1.4"
# emerge ">=net-misc/openswan-2.1.4"
All strongSwan users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-misc/strongswan-2.1.3"
# emerge ">=net-misc/strongswan-2.1.3"
# emerge sync
# emerge -pv "=net-misc/openswan-1.0.6_rc1"
# emerge "=net-misc/openswan-1.0.6_rc1"
参考网址
来源: XF 名称: ipsec-verifyx509cert-auth-bypass(16515) 链接:http://xforce.iss.net/xforce/xfdb/16515 来源: www.openswan.org 链接:http://www.openswan.org/support/vuln/can-2004-0590/ 来源: MANDRAKE 名称: MDKSA-2004:070 链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070 来源: GENTOO 名称: GLSA-200406-20 链接:http://security.gentoo.org/glsa/glsa-200406-20.xml
受影响实体
- Openswan Openswan:2
补丁
暂无
评论