ID CVE-2017-2784
Summary An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
References
Vulnerable Configurations
  • cpe:2.3:a:arm:mbed_tls:2.4.0
    cpe:2.3:a:arm:mbed_tls:2.4.0
  • cpe:2.3:a:arm:mbed_tls:2.0.0
    cpe:2.3:a:arm:mbed_tls:2.0.0
  • cpe:2.3:a:arm:mbed_tls:2.1.0
    cpe:2.3:a:arm:mbed_tls:2.1.0
  • cpe:2.3:a:arm:mbed_tls:2.1.1
    cpe:2.3:a:arm:mbed_tls:2.1.1
  • cpe:2.3:a:arm:mbed_tls:2.1.2
    cpe:2.3:a:arm:mbed_tls:2.1.2
  • cpe:2.3:a:arm:mbed_tls:2.1.3
    cpe:2.3:a:arm:mbed_tls:2.1.3
  • cpe:2.3:a:arm:mbed_tls:2.1.4
    cpe:2.3:a:arm:mbed_tls:2.1.4
  • cpe:2.3:a:arm:mbed_tls:2.1.5
    cpe:2.3:a:arm:mbed_tls:2.1.5
  • cpe:2.3:a:arm:mbed_tls:2.1.6
    cpe:2.3:a:arm:mbed_tls:2.1.6
  • cpe:2.3:a:arm:mbed_tls:1.3.18
    cpe:2.3:a:arm:mbed_tls:1.3.18
CVSS
Base: 6.8 (as of 26-04-2017 - 12:52)
Impact:
Exploitability:
CWE CWE-295
CAPEC
  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-922652DD9C.NASL
    description - Update to 2.4.2 - CVE-2017-2784 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.2-2.1.7-and-1.3 .19-released Security notes: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security -advisory-2017-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 97969
    published 2017-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97969
    title Fedora 24 : mbedtls (2017-922652dd9c)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-9ED1B89530.NASL
    description - Update to 2.4.2 - CVE-2017-2784 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.2-2.1.7-and-1.3 .19-released Security notes: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security -advisory-2017-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 97970
    published 2017-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97970
    title Fedora 25 : mbedtls (2017-9ed1b89530)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-372.NASL
    description This update to mbedtls 1.3.19 fixes security issues and bugs. The following vulnerability was fixed : CVE-2017-2784: A remote user could have used a specially crafted certificate to cause mbedtls to free a buffer allocated on the stack when verifying the validity of public key with a secp224k1 curve, which could have allowed remote code execution on some platforms (boo#1029017) The following non-security changes are included : - Add checks to prevent signature forgeries for very large messages while using RSA through the PK module in 64-bit systems. - Fixed potential livelock during the parsing of a CRL in PEM format
    last seen 2018-01-27
    modified 2018-01-26
    plugin id 97905
    published 2017-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97905
    title openSUSE Security Update : mbedtls (openSUSE-2017-372)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-718154E0F2.NASL
    description - Update to 2.4.2 - CVE-2017-2784 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.2-2.1.7-and-1.3 .19-released Security notes: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security -advisory-2017-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 101654
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101654
    title Fedora 26 : mbedtls (2017-718154e0f2)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201706-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201706-18 (mbed TLS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in mbed TLS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-01-27
    modified 2018-01-26
    plugin id 100944
    published 2017-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100944
    title GLSA-201706-18 : mbed TLS: Multiple vulnerabilities (SLOTH)
refmap via4
confirm https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
gentoo GLSA-201706-18
misc http://www.talosintelligence.com/reports/TALOS-2017-0274/
talos via4
id TALOS-2017-0274
last seen 2018-01-18
published 2017-04-19
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0274
title ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability
Last major update 26-04-2017 - 15:44
Published 20-04-2017 - 14:59
Last modified 30-06-2017 - 21:30
Back to Top