漏洞信息详情
OpenCA多个签名验证漏洞
- CNNVD编号:CNNVD-200312-029
- 危害等级: 高危
- CVE编号: CVE-2003-0960
- 漏洞类型: 未知
- 发布时间: 2003-11-28
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: openca
- 漏洞来源: OpenCA Security Ad...
漏洞简介
OpenCA是一款提供PKI架构和相关项目开发的项目实现。 OpenCA存在多个漏洞,可导致修改的或过期的证书被接受。 具体问题如下: 1、OpenCA有一个通用加密操作的库-crypto-utils.lib,这个库包含一个函数判断用于建立PKCS#7签名的证书序列,函数使用这个序列装载和返回证书。不过这个函数错误的使用OpenCA::PKCS7接口。 2、加密库crypto-utils.lib使用所有包含签名的证书来建议签名者证书的X.509对象,结果是来自证书链之一的证书建立的对象可以是任意的。 3、OpenCA::PKCS7包含一个错误规则表达式用于判断证书链的解析。 4、在OpenCA::PKCS7中证书链中的序列被错误的规则表达式解析,一些大写字符如A,C,B,D,E和F会被忽略。
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
--- openca-0.9.1.3/src/modules/openca-pkcs7/PKCS7.pm 2002-09-10 16:42:02.000000000 +0200
+++ openca-0.9.1.4/src/modules/openca-pkcs7/PKCS7.pm 2003-11-26 15:54:08.000000000 +0100
@@ -69,7 +69,7 @@
our ($errno, $errval);
-($OpenCA::PKCS7::VERSION = '$Revision: 1.12 $' )=~ s/(?:^.*: (\d+))|(?:\s+\$$)/defined $1?"0\.9":""/eg;
+($OpenCA::PKCS7::VERSION = '$Revision: 1.12.2.1 $' )=~ s/(?:^.*: (\d+))|(?:\s+\$$)/defined $1?"0\.9":""/eg;
my %params = (
inFile => undef,
@@ -167,6 +167,8 @@
my ( $ret, $tmp );
+ return $self->{parsed} if ($self->{parsed});
+
$tmp = $self->{backend}->verify( SIGNATURE=>$self->{signature},
DATA_FILE=>$self->{dataFile},
CA_CERT=>$self->{caCert},
@@ -292,10 +294,10 @@
($self->{status}) = ( $line =~ /^\s*error:([^:]*):/ );
}
- next if( $line != /^depth/i );
+ next if( $line !~ /^depth/i );
( $currentDepth, $serial, $dn ) =
- ( $line =~ /depth:([\d]+) serial:([a-f\d]+) subject:(.*)/ );
+ ( $line =~ /depth:([\d]+) serial:([a-fA-F\d]+) subject:(.*)/ );
$ret->{$currentDepth}->{SERIAL} = hex ($serial) ;
$ret->{$currentDepth}->{DN} = $dn;
--- openca-0.9.1.3/src/common/lib/functions/crypto-utils.lib 2002-12-22 13:08:19.000000000 +0100
+++ openca-0.9.1.4/src/common/lib/functions/crypto-utils.lib 2003-11-26 13:04:50.000000000 +0100
@@ -176,19 +176,36 @@
return undef;
}
- ## Get signer certificate from the pkcs7 structure
- $sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
- DATA => $sig->getSigner()->{CERTIFICATE});
-
- if( not $sigCert ) {
- $errno = 6103;
- $errval = i18nGettext ("Signer's certificate is corrupt!\nOpenCA::X509 returns errorcode __ERRNO__ (__ERRVAL__).",
- "__ERRNO__", $OpenCA::X509::errno,
- "__ERRVAL__", $OpenCA::X509::errval);
- return undef;
+ ## Get signer certificate chain from the pkcs7 structure
+ my @chain = split /-----END CERTIFICATE-----/,
+ $sig->getSigner()->{CERTIFICATE};
+ for (my $i=0; $i < scalar="" @chain;="">
+ {
+ if (not $chain[$i])
+ {
+ delete $chain[$i];
+ next;
+ }
+ $chain[$i] .= "-----END CERTIFICATE-----";
+ $chain[$i] =~ s/^.*-----CMS.zone.ci/e/tags/htag.php?tag=begin target=_blank class=infotextkey>begin CERTIFICATE-----/-----CMS.zone.ci/e/tags/htag.php?tag=begin target=_blank class=infotextkey>begin CERTIFICATE-----/s;
+ }
+ $sigCert = undef;
+ for (my $i=0; $i < scalar="" @chain;="">
+ {
+ $sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
+ DATA => $chain[$i]);
+ if( not $sigCert ) {
+ $errno = 6103;
+ $errval = i18nGettext ("Signer's certificate is corrupt!\nOpenCA::X509 returns errorcode __ERRNO__ (__ERRVAL__).",
+ "__ERRNO__", $OpenCA::X509::errno,
+ "__ERRVAL__", $OpenCA::X509::errval);
+ return undef;
+ }
+ last if ( $tmpCert->getSerial() eq $sigCert->getSerial() );
+ $sigCert = undef;
}
- if( $tmpCert->getSerial() ne $sigCert->getSerial() ) {
+ if( not $sigCert ) {
$errno = 6104;
$errval = gettext ("Signer's Certificate and DB's Certificate do not match");
return undef;
@@ -281,19 +298,8 @@
return undef;
}
- my $sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
- DATA => $sig->getSigner()->{CERTIFICATE});
-
- if (not $sigCert) {
- $errno = 6302;
- $errval = i18nGettext ("Cannot create X509-object from the certificate of the signer! OpenCA::X509 returns errorcode __ERRNO__ (__ERRVAL__).",
- "__ERRNO__", $OpenCA::X509::errno,
- "__ERRVAL__", $OpenCA::X509::errval);
- return undef;
- }
-
my $db_cert = $db->getItem( DATATYPE => 'CERTIFICATE',
- &n
参考网址
来源: BUGTRAQ 名称: 20031128 [OpenCA Advisory] Vulnerabilities in signature verification 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107003609308765&w=2
受影响实体
- Openca Openca:0.9.1.3
- Openca Openca:0.9.1.2
- Openca Openca:0.9.1
- Openca Openca:0.9.0.1
- Openca Openca:0.9.0.2
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论