Hi developers:
Nowadays we made a large scale security static analysis on several open
source projects, and found some mistakes in monitoring-plugins-2.1.2. In
the @plugins/sslutils.c:164:
int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
# ifdef USE_OPENSSL
[...]
certificate=SSL_get_peer_certificate(s);
if (!certificate) {
printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
return STATE_CRITICAL;
}
/* Extract CN from certificate subject */
subj=X509_get_subject_name(certificate);
[...]
}
We find that you use SSL_get_peer_certificate() to get the cert and
verify some properties of it.But it still not secure enough and can lead to
MITM attack. To guarantee the security,we recommand you add the judgement
if(SSL_get_verify_result(ssl)==X509_V_OK) to make sure validation
succeeds.We have send the bug report to Ubuntu launchpad,and also inform
you of such news.Here are the link:
https://bugs.launchpad.net/ubuntu/+source/monitoring-plugins/+bug/1677951
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
