Posted by nahi on 27 Jun 2013
A vulnerability in Ruby’s SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority.
This vulnerability has been assigned the CVE identifier CVE-2013-4073.
Ruby’s SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes.
OpenSSL::SSL.verify_certificate_identity implements RFC2818 Server
Identity check for Ruby’s SSL client but it does not properly handle
hostnames in the subjectAltName X509 extension that contain null bytes.
Existing code in
for extracting identity from subjectAltName.
Extension#value depends on the
X509V3_EXT_print() and for dNSName of subjectAltName it
sprintf() that is known as null byte unsafe. As a result
Extension#value returns ‘www.ruby-lang.org’ if the subjectAltName is
OpenSSL::SSL.verify_certificate_identity wrongly identifies the
certificate as one for ‘www.ruby-lang.org’.
When a CA that is trusted by an SSL client allows to issue a server certificate that has a null byte in subjectAltName, remote attackers can obtain the certificate for ‘www.ruby-lang.org\0.example.com’ from the CA to spoof ‘www.ruby-lang.org’ and do a man-in-the-middle attack between Ruby’s SSL client and SSL servers.
- All ruby 1.8 versions prior to ruby 1.8.7 patchlevel 374
- All ruby 1.9 versions prior to ruby 1.9.3 patchlevel 448
- All ruby 2.0 versions prior to ruby 2.0.0 patchlevel 247
- prior to trunk revision 41671
All users are recommended to upgrade to Ruby 2.0.0-p247, 1.9.3-p448 or 1.8.7-p374.
This vulnerability has been found by William (B.J.) Snow Orvis and coordinated with firstname.lastname@example.org by David Thiel from iSEC Partners.
- Originally published at 2013-06-27 11:00:00 (UTC)