Re: [Openvpn-devel] Security bug with crl-verify

Wed, 11 May 2005 03:50:03 -0700 

Hello,

Le 11.05.2005 11:49, James Yonan a écrit :
I think there is a security issue with the crl-verify code. OpenVPN only check the issuer of the CRL, but not the CRL signature. If you sign a CRL with another CA (even self signed) which have the same DN than the certificate issuer, OpenVPN accept it as a good CRL : the server or the client do not log any error... So, an attacker can easely produce such a false CRL, nobody can see the attack. 


I don't see how an attacker could produce a false CRL unless they had 
write access to the CRL file.



I agree... But in theory, write access must not be sufficiant. The CRL 
is signed by the CA, this must be checked. Ok : it's theory ;-)


To clarify the situation, here is a possible example of attack:


Imagine I'm a user of an OpenVPN network. I have a user certificate, 
issued by the CA "/CN=zorglub/". I'm fired, and my certificate is 
revocated by the CA. If (if, if, if...) I have write access to the CRL 
file on the server, I can put a false CRL signed by a false autosigned 
CA with the same DN "/CN=zorglub/". Of course, I don't revoke any 
certificate in the CRL.



Then I can access to the VPN again because the server does not check the 
CRL signature.



Except the fact that I replaced only one file, this attack will be 
completely "invisible" : no restart of the daemon, no log in OpenVPN... 
 As long as the CRL will not have been updated by the real CA, my false 
CRL works...


Well, I agree that it's not really a BIG security issue... ;)


Looking in the "racoon" code, I think that CRL handling 

is easier with > new versions of openssl (>= 0.9.7)


  (...)
  #if OPENSSL_VERSION_NUMBER >= 0x00907000L
        X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
        X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
  #endif
  (...)>>

With this kind of X509_STORE_CTX, openssl automagically manage all CA 
and all CRL included in a "CAPath".

Good idea -- it would be better for OpenSSL to handle all of the CRL stuff 
for 0.9.7 and above.



I will try to produce a patch for a "--capath" option. See you in two or 
three hours.


Thanks again,
--
Thomas NOEL <thomas.n...@auf.org> http://www.auf.org/
Coordinateur des infrastructures techniques
Agence universitaire de la Francophonie (AUF)
Services centraux Paris - 4 place de la Sorbonne - 75005 Paris
Tél: +33 (0)1 44 41 18 18, poste 1822 Tlc: +33(0)1 44 41 18 19
> Merci d'éviter de m'envoyer des documents Word ou PowerPoint
> cf http://www.gnu.org/philosophy/no-word-attachments.fr.html























					Reply via email to