GnuTLS flaw in certificate verification exposes Linux world to attacks

A serious flaw in the certificate verification process of GnuTLS exposes Linux distros, apps to attack. Another flaw exploitable for surveillance purposes.

GnuTLS is an open source secure communications library implementing the SSL, TLS and DTLS protocols, it is used in hundreds of software packages including Red Hat desktop,  all Debian and Ubuntu Linux distributions and many server products. Red Hat Enterprise Linux Desktop, HPC Node, Server and Workstation v 6, as well as Red Hat Enterprise Linux Server AUS and EUS v 6.5 are flawed affected.

Also GnuTLS is affected by a flaw in the verification of digital certificates, the vulnerability was discovered by engineers at Red Hat, it exposes any Linux or application at risk for attack.

GnuTLS also issued an advisory, confirming the presence of the vulnerability and inviting users to upgrade to the latest GnuTLS version 3.2.12 or 3.1.22 or to apply a patch for GnuTLS 2.12x.

GnuTLS simply provides a set of C language API to access the secure communications protocols, and to manage X.509, PKCS #12, OpenPGP and other required structures.

“It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification,” “An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.”states the official advisory issued by Red Hat

The vulnerability has many similarities with the one uncovered in Apple products in the last weeks, Apple in fact released a security update to iOS (iOS 7.06) to fix a flaw for certificate-validation checks that could be abused by attackers to conduct a man-in-the-middle attack within the victim’s network  to capture or modify data even if protected by SSL/TLS. In the Apple case, the checks were present in past versions, but they were not included in the recent version of the operating system for an unspecified amount of time.

The GnuTLS flaw is very serious because an attacker can simply set up an arbitrary domain and make it appear authoritative and trusted to the visitors, allowing capture of sensitive information on the protected channels, but “[also] potentially subverting the trusted package signature process as well.”

The impact of the flaw is very extended, hundreds of packages rely on the GnuTLS crypto libraries, very popular in Linux distributions and crypto mail libraries such as libcrypt and libmailutils and cURL.

“cURL (libcurl3-gnutls), in turn is used by the package updating system both for OpenPGP (gnupg2 and gnupg–curltransport), as well as the system package updater itself (apt-transport-https),” “But what is especially difficult, is understanding the myriad downstream dependencies, such as XML parsers, etc. In general, Debian & Ubuntu have eschewed OpenSSL for license reasons, so there actually exist Nginx and Apache installs that use gnutls as well.” said Kenneth White, a security expert and principal scientist at Social & Scientific Systems in North Carolina

This is another strange vulnerability that could be exploited by governments to spy on users to monitor communication and network traffic despite it uses a secure communication.

Pierluigi Paganini

(Security Affairs –  GnuTLS, surveillance)