911666 – (CVE-2014-8151) VUL-0: CVE-2014-8151: curl: certificate check bypass

Bug 911666 (CVE-2014-8151) - VUL-0: CVE-2014-8151: curl: certificate check bypass

Summary: VUL-0: CVE-2014-8151: curl: certificate check bypass

Status:	RESOLVED INVALID

Alias:	CVE-2014-8151

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-01-05 10:42 UTC by Victor Pereira
Modified:	2015-03-23 14:22 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2015-01-05 10:42:34 UTC

libcurl/darwinssl certificate check bypass
==========================================

Project cURL Security Advisory, January 8th 2015 -
[Permalink](http://curl.haxx.se/docs/adv_20150108A.html)

VULNERABILITY
-------------

libcurl stores TLS Session IDs in its associated Session ID cache when it
connects to TLS servers. In subsequent connects it re-uses the entry in the
cache to resume the TLS connection faster than when doing a full TLS
handshake. The actual implementation for the Session ID caching varies
depending on the underlying TLS backend.

libcurl allows applications to switch off certificate verification in two
different ways - using CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER.

When an application connected to a TLS server with certificate verification
disabled, it would store the Session ID in the cache and if then a subsequent
connection was made against the same host and port number, it would re-use the
former session and thanks to the the re-used session from the cache, it would
skip the certificate check and wrongly accept any bad certificate that could
be presented.

The problem was that the "key" used for caching Session IDs didn't take the
ceritificate check status into account.

This problem is specific to libcurl built to use the DarwinSSL back-end for
TLS, so it can only affect Mac and iPhone based applications.

We are not aware of any exploit of this flaw.

DarwinSSL is also known as SecureTransport.

INFO
----

This flaw can also affect the curl command line tool if a similar operation
series is made with that.

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2015-XXXX to this issue.

AFFECTED VERSIONS
-----------------

- Affected versions: from libcurl 7.31.0 to and including 7.39.0
- Not affected versions: libcurl < 7.31.0 or >= 7.40.0

libcurl is used by many applications, but not always advertised as such!

THE SOLUTION
------------

libcurl 7.40.0 makes sure that the certificate check status is used in the key
set for the Session ID and thus it cannot re-use IDs between checked and
unchecked TLS connections.

A patch for this problem is available (for now) at:

     http://curl.haxx.se/0001-darwinssl-fix-session-ID-keys-to-only-reuse-identica.patch

RECOMMENDATIONS
---------------

We suggest you take one of the following actions immediately, in order of
preference:

A - Upgrade to curl and libcurl 7.40.0

B - Apply the patch and rebuild libcurl

C - Avoid disabling the server certificate checks when using TLS

TIME LINE
---------

It was first reported to the curl project on November 26 2014.

We contacted Apple Product Security on December 17.

libcurl 7.40.0 was released on January 8th 2015, coordinated with the
publication of this advisory.

CREDITS
-------

Reported by Marc Hesse at RethinkDB.