Serious SSL/TLS Crypto Flaw Leaves Linux, Apps Vulnerable

A cryptographic flaw in the GnuTLS library may be a bigger eavesdropping concern than the Apple "goto fail" bug patched last week, say researchers.

According to Ars Technica, the vulnerability in the GnuTLS library makes it possible for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites. A discussion on Google estimates that 200 different operating systems (mostly Linux-based) and applications use GnuTLS libraries to implement their SSL and TLS operations. Apparently the flaw has existed in the open source library code since 2005.

The vulnerability, formally known as CVE-2014-0092, causes critical x509 certificate verification checks to be terminated prenmaturely. In response GnuTLS developers released this this bare-bones advisory to the disclosure and urge all current users to upgrade to version 3.2.12.

An audit at Red Hat found the flaw. "It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification," Red Hat said in their advisory. "An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker."

Ars Technica explains that "the GnuTLS vulnerability is the result of someone making mistakes in source code that controls critical functions of the program. This time, instead of a single misplaced "goto fail" command, the mistakes involve errors with several "goto cleanup" calls. The GnuTLS program, in turn, prematurely terminates code sections that are supposed to establish secure TLS connections only after the other side presents a valid X509 certificate signed by a trusted source. Attackers can exploit the error by presenting vulnerable systems with a fraudulent certificate that is never rejected, despite its failure to pass routine security checks. The failure may allow attackers using a self-signed certificate to pose as the cryptographically authenticated operator of a vulnerable website and to decrypt protected communications. It's significant that no one managed to notice such glaring errors, particularly since they were contained in code that anyone can review."

Mocana makes a non-open source SSL/TLS alternative known as NanoSSL that is not effected by this vulnerability. NanoSSL is purpose-built for efficiency and high performance with support for TLS 1.2 and TLS certificate management.

Whitepaper: Can you afford free OpenSSL?