Need suggestion/help in back porting the fix for vulnerability CVE-2017-7562 (backporting from Kerberos 1.16.1 to Kerberos 1.9)
Shivakumar Nadarajan -X (shinadar - HCL TECHNOLOGIES LIMITED at Cisco)
shinadar at cisco.com
Sun Sep 23 03:40:25 EDT 2018
Based on your previous information, I did go through the details of the commit b619ce84470519bea65470be3263cd85fba94f57. After some analysis still I am not able to convince myself that this vulnerability doesn't exist for the versions before this commit. Please find my argument as below
1. It’s a sequential checks that are done against the certificate, meaning that first san check is done using verify_client_san()
2. Then eku check is done using verify_client_eku()
1. The code has been refactored such that san and eku check are done through function pointers pkinit_san_authorize() and pkinit_eku_authorize()
2. Both these function pointers still call verify_client_san() and verify_client_eku() and do the same checks as before commit.
3. Additional check related to db match is been added after the commit
Common note: Either before the commit or after the commit, the retrieve san information is done in crypto_retrieve_X509_sans() which hasn't changed before or after the commit.
And the main vulnerability fix is done in crypto_retrieve_X509_sans() and hence its applicable for all the versions which has this code.
Please correct me if I am wrong and also request you to help me further on this.
Also please refer the below link specific to Cisco
It mentions the affected version as 1.9 (Base, .1, .2) | 1.9.1 (Base) | 1.9.2 (Base) | 1.9.3 (Base) | 1.9.4 (Base) | 1.9.5 (Base)
Thanks and Regards!
From: Greg Hudson [mailto:ghudson at mit.edu]
Sent: 21 September 2018 20:42
To: Shivakumar Nadarajan -X (shinadar - HCL TECHNOLOGIES LIMITED at Cisco) <shinadar at cisco.com>; krbdev at mit.edu
Subject: Re: Need suggestion/help in back porting the fix for vulnerability CVE-2017-7562 (backporting from Kerberos 1.16.1 to Kerberos 1.9)
On 09/21/2018 10:37 AM, Shivakumar Nadarajan -X (shinadar - HCL TECHNOLOGIES LIMITED at Cisco) wrote:
> Thanks for your interest in this issue. But I am still not clear that how this vulnerability is not applicable to kerberos 1.9 .
> Because as per the git link https://github.com/krb5/krb5/pull/694 it seems that this functionality is present in kerberos 1.9 also.
The certauth pluggable interface was introduced in commit
b619ce84470519bea65470be3263cd85fba94f57 (February 2017). It replaced some of the existing logic for validating client certificates with two built-in modules. The first, "pkinit_san", checks the Subject Alternative Name values in the client certificate against the requested principal; the second, "pkinit_eku", checks the Extended Key Usage values in the client certificate to see if it was issued for use with PKINIT.
The vulnerability was that these two new modules were not always returning the correct results to the pluggable interface accumulator.
The hardcoded logic used prior to commit
b619ce84470519bea65470be3263cd85fba94f57 did not have the same problem.
More information about the krbdev