iSEC Partners Security Advisory - 2007-006-RubySSL http://www.isecpartners.com -------------------------------------------- Ruby Net::HTTPS library does not validate server certificate CN Vendor: Ruby Vendor URL: http://www.ruby-lang.org Versions affected: 1.8.5, 1.8.6, Trunk Ruby Systems Affected: All Ruby Platforms Severity: Medium - Compromise of SSL connection integrity Author: Chris Clark <cclark[at]isecpartners[dot]com> Vendor notified: Yes Public release: Yes Advisory URL: http://www.isecpartners.com/advisories/2007-06-rubyssl.txt Summary: -------- The Ruby Net::HTTP and Net::HTTPS libraries can be used to make HTTP or HTTPS connections to remote websites. There are several methods for performing these types of connections within the Ruby standard library but these libraries are recommended going forward. A vulnerability results from the Net::HTTPS library failing to validate the name on the SSL certificate against the DNS name requested by the user. By not validating the name, the library allows an attacker to present a cryptographically valid certificate with an invalid CN. Details: -------- The vulnerability exists in the connect method within http.rb file which fails to call post_connection_check after the SSL connection has been negotiated. Since the server certificate's CN is not validated against the requested DNS name, the attacker can impersonate the target server in a SSL connection. The integrity and confidentiality benefits of SSL are thereby eliminated. Example: If the application uses the following code to connect to the ip address of https://www.isecpartners.com: url = "72.52.84.198" #www.isecpartners.com IP path = "/" http = Net::HTTP.new(url, 443) http.use_ssl = true http.ca_file = "verisign.pem" http.verify_mode = OpenSSL::SSL::VERIFY_PEER resp, data = http.get(path, nil) The connection will succeed. This is an obvious failure as the certificate presented has a CN of www.isecpartners.com. Mitigating factors are that an attacker will have to be in a position to perform a middle person attack and the attacker must possess a certificate signed by the CA specified in the ca_file attribute. The latter is not a significant problem if targeting a site dependent on the public SSL infrastructure but may be more difficult in cases where a private PKI is in use. Fix Information: ---------------- This issue has been addressed by adding the appropriate post connection check within http.rb. These patches add the enable_post_connection parameter, which if set to true, will cause the Net::HTTP library to raise an exception when the post connection check fails. The following trunk Ruby checkin contains the related changes: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13500 Ruby 1.8.5: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13502 Ruby 1.8.6: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504 Thanks to: ---------- Rachel Engel, GOTOU Yuuzou, and Minero Aoki About iSEC Partners: -------------------- iSEC Partners is a full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification, with offices in San Francisco, Seattle, Ewa Beach, and Los Angeles. http://www.isecpartners.com info@isecpartners.com
the correct url for the ipsecpartners advisory is http://www.isecpartners.com/advisories/2007-006-rubyssl.txt
Richard, you bumped Ruby to 1.8.5_p113 and 1.8.6_p110-r1 a week ago. Is 1.8.5_p113 ok to go stable? Can you remove non-stable vulnerable versions?
Rbu, sorry, I also added an apparently entirely imaginary comment to this bug when I bumped them.
x86 and amd64 are still on 1.8.5, they can either go to the latest 1.8.5 or 1.8.6, everyone else except mips is on 1.8.6. I haven't checked but I suspect 1.8.4 is also affected, so mips should probably stabilise a new vesrion as well. I've removed all the other versions
I was wrong, mips is on 1.8.6-r1 as well. Arches please stabilise
x86 stable
*** Bug 181110 has been marked as a duplicate of this bug. ***
ppc stable
alpha/ia64/sparc stable
Stable for HPPA.
amd64 stable for ruby-1.8.6-r1.ebuild
stable on ppc64: dev-lang/ruby-1.8.5_p113 dev-lang/ruby-1.8.6_p110-r1 If someone calls arches he should mention the versions, which should go stable. amd64, I think you marked the wrong version stable..
amd64 stable
time for glsa decision. I tend to vote NO.
I vote NO.
very rare - i vote no too. Closing with noglsa. Feel free to reopen if you disagree.