Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 475074 (CVE-2013-4073) - <dev-lang/ruby-{1.8.7_p374,1.9.3_p448} : hostname check bypassing vulnerability in SSL client (CVE-2013-4073)
Summary: <dev-lang/ruby-{1.8.7_p374,1.9.3_p448} : hostname check bypassing vulnerabili...
Alias: CVE-2013-4073
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa]
Depends on:
Reported: 2013-06-28 08:16 UTC by Agostino Sarubbo
Modified: 2013-09-04 06:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-06-28 08:16:29 UTC
From ${URL} :

Ruby’s SSL client implements hostname identity check but it does not properly handle hostnames in 
the certificate that contain null bytes.

OpenSSL::SSL.verify_certificate_identity implements RFC2818 Server Identity check for Ruby’s SSL 
client but it does not properly handle hostnames in the subjectAltName X509 extension that contain 
null bytes.

Existing code in lib/openssl/ssl.rb uses OpenSSL::X509::Extension#value for extracting identity 
from subjectAltName. Extension#value depends OpenSSL function X509V3_EXT_print() and for dNSName of 
subjectAltName it utilizes sprintf() that is known as null byte unsafe. As the result 
Extension#value returns ‘’ if the subjectAltName is 
‘\’ and OpenSSL::SSL.verify_certificate_identity wrongly identifies 
the certificate is for ‘’.

When a CA a SSL client trusts allows to issue the server certificate that has null byte in 
subjectAltName, remote attackers can obtain the certificate for ‘\’ 
from the CA to spoof ‘’ and do man-in-the-middle between Ruby’s SSL client and SSL 

External References:

This is corrected in upstream versions 2.0.0-p247, 1.9.3-p448 and 1.8.7-p374.

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Hans de Graaff gentoo-dev 2013-06-30 08:47:49 UTC
Fixed versions are now in the tree. The additional changes don't look very invasive, so let's continue with stabling right away:

Comment 2 Agostino Sarubbo gentoo-dev 2013-06-30 12:38:46 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-06-30 12:43:47 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-06-30 13:27:37 UTC
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-06-30 21:09:00 UTC
ppc stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2013-07-01 02:39:33 UTC
Stable for HPPA.
Comment 7 Agostino Sarubbo gentoo-dev 2013-07-04 14:14:00 UTC
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-07-06 17:06:57 UTC
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-07-07 15:18:01 UTC
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-07-21 17:40:11 UTC
sh stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-07-22 08:52:23 UTC
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-08-06 12:34:03 UTC
s390 stable
Comment 13 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-27 03:35:12 UTC
GLSA vote: no.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 03:35:26 UTC
CVE-2013-4073 (
  The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb
  in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before
  2.0.0-p247 does not properly handle a '\0' character in a domain name in the
  Subject Alternative Name field of an X.509 certificate, which allows
  man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
  certificate issued by a legitimate Certification Authority, a related issue
  to CVE-2009-2408.
Comment 15 Sergey Popov gentoo-dev 2013-09-04 06:14:18 UTC
GLSA vote: no

Closing as noglsa