Description Agostino Sarubbo 2013-06-28 08:16:29 UTC

From ${URL} :

Ruby’s SSL client implements hostname identity check but it does not properly handle hostnames in 
the certificate that contain null bytes.

OpenSSL::SSL.verify_certificate_identity implements RFC2818 Server Identity check for Ruby’s SSL 
client but it does not properly handle hostnames in the subjectAltName X509 extension that contain 
null bytes.

Existing code in lib/openssl/ssl.rb uses OpenSSL::X509::Extension#value for extracting identity 
from subjectAltName. Extension#value depends OpenSSL function X509V3_EXT_print() and for dNSName of 
subjectAltName it utilizes sprintf() that is known as null byte unsafe. As the result 
Extension#value returns ‘www.ruby-lang.org’ if the subjectAltName is 
‘www.ruby-lang.org\0.example.com’ and OpenSSL::SSL.verify_certificate_identity wrongly identifies 
the certificate is for ‘www.ruby-lang.org’.

When a CA a SSL client trusts allows to issue the server certificate that has null byte in 
subjectAltName, remote attackers can obtain the certificate for ‘www.ruby-lang.org\0.example.com’ 
from the CA to spoof ‘www.ruby-lang.org’ and do man-in-the-middle between Ruby’s SSL client and SSL 
servers.


External References:

http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/

This is corrected in upstream versions 2.0.0-p247, 1.9.3-p448 and 1.8.7-p374.


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.