lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <x33bau4yaf.fsf@rapture.ingate.se>
Date: Thu, 14 Sep 2006 11:01:28 +0200
From: Per Cederqvist <ceder@...ate.com>
To: bugtraq@...urityfocus.com
Subject: SIP over TLS: X.509 peer authentication vulnerability in Ingate products

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SIP over TLS: X.509 peer authentication vulnerability in Ingate products
========================================================================

Product: Ingate Firewall and Ingate SIParator
Versions: all current versions
Tracking ID: 2829

Summary
=======

The OpenSSL project has released an advisory titled "RSA Signature
Forgery (CVE-2006-4339)".  This advisory possibly affects some
installations of Ingate Firewall and Ingate SIParator.

To be affected, you have to use an external CA and SIP over TLS.  See
below for details.

The IPsec implementation is not affected by this issue.

Impact
======

It may be possible for an attacker to connect using SIP over TLS even
if an X.509 client certificate is required.  It may be possible for an
attacker to intercept connections to TLS-secured servers that the
Ingate product initiates.

Affected versions
=================

All current versions of Ingate Firewall and Ingate SIParator are
affected.

Details
=======

The vulnerability is only exploitable if an X.509 certificate uses an
RSA key with exponent 3.  The Ingate product never creates such keys
by itself, but if an external CA is used, and if that CA uses exponent
3, the configuration may be vulnerable.  Most CAs uses exponent 65537,
and certificates issued by them are not vulnerable.

SIP installations are vulnerable if any of the certificates in the
"TLS CA Certificates" table on the "Signaling Encryption" tab uses
exponent 3.

How to determine if an X.509 certificate uses exponent 3
========================================================

If you have the OpenSSL package installed, you can examine a
certificate with a command such as this (assuming that the X.509
certificate is stored in PEM format in the file named "cert.cer").

    openssl x509 -inform pem -in cert.cer -text

Among the lines printed, there will be a line such as:

                Exponent: 65537 (0x10001)

If it says 3 instead of 65537 the certificate is vulnerable.

Workarounds
===========

Switch to a CA that don't use exponent 3.  If that is not possible,
turn off the SIP module.

Fix
===

Since Ingate believes that few of our customers use an external CA
that uses exponent 3, we plan to resolve this issue in the next
regular release.  Contact <support@...ate.com> to obtain a patch that
fixes this problem if you are affected.

Background
==========

The OpenSSL advisory is available here:

http://www.openssl.org/news/secadv_20060905.txt

Further questions regarding this issue can be directed to
support@...ate.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFFCRhgTl5zjNKUYI4RAncPAJ0YvMYY9M9elI7Wtt5djt0ZzUg2TQCeKBe8
Gro5v7fwPMRlCU4Kxzj+M7A=
=iTB4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ