GnuTLS library flaw opens way for MitM attacks
A critical cryptographic bug similar to the one recently discovered in iOS and OS X has been revealed to exist in the GnuTLS code library, widely used in open source software and Linux distributions.
“The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification,” the Red Hat security team explained in a security advisory announcing the release of an update that solves the issue. “An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092).”
The flaw was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team, during an audit of GnuTLS for Red Hat.
Another bug was found in the way GnuTLS handled version 1 X.509 certificates, which could allow an attacker able to obtain such a certificate from a trusted CA to issue certificates for other sites that would be accepted by GnuTLS as valid (CVE-2009-5138).
The bugs have been fixed and GnuTLS users are advised to upgrade to the updated packages and to restart all applications linked to the GnuTLS library in order for the change to take effect.
Other projects have moved to fix the bug in this library, including Debian and Ubuntu, but hundreds of more applications and operating systems using it are yet to do so.
GnuTLS developers have also provided a new version of the library that fixes the issue and, as an alternative to it, a patch that temporarily mitigates it.
The flaw is pretty serious, as it could allow attackers to impersonate any web site and intercept and decode all the encrypted traffic that goes from end user to server and back.
The cause of the flaw is, as in the aforementioned Apple case, deceptively simple and very easily overlooked in cursory checks – a few “goto cleanup” calls in the wrong place and the damage was done.
And, apparently, it was done years back – in 2005, or even earlier. This revelation and the similarity between the two crypto flaws already cause some online commenters to speculate that both have been inserted intentionally by the US intelligence community.
That is, of course, just a theory. What is definitely known is that the GnuTLS library is so widely used that it will take some time for every project using it to implement the necessary security fixes.