CVE-2013-4073 - The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7

CVE-2013-4073

Summary

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

References

Vulnerable Configurations

cpe:2.3:a:ruby-lang:ruby:1.8.6-26:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.6-26:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p160:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p160:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p173:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p173:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p174:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p174:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p248:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p248:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p249:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p249:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p299:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p299:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p301:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p301:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p302:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p302:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p330:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p330:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p334:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p334:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p352:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p352:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p357:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p357:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p358:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p358:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p370:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p370:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p371:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p371:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p373:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p373:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-08-2018 - 21:47)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	979251
title	CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment ruby is earlier than 0:1.8.5-31.el5_9
oval oval:com.redhat.rhsa:tst:20131090001
comment ruby is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965002
AND
comment ruby-devel is earlier than 0:1.8.5-31.el5_9
oval oval:com.redhat.rhsa:tst:20131090003
comment ruby-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965004
AND
comment ruby-docs is earlier than 0:1.8.5-31.el5_9
oval oval:com.redhat.rhsa:tst:20131090005
comment ruby-docs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965006
AND
comment ruby-irb is earlier than 0:1.8.5-31.el5_9
oval oval:com.redhat.rhsa:tst:20131090007
comment ruby-irb is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965008
AND
comment ruby-libs is earlier than 0:1.8.5-31.el5_9
oval oval:com.redhat.rhsa:tst:20131090009
comment ruby-libs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965010
AND
comment ruby-mode is earlier than 0:1.8.5-31.el5_9
oval oval:com.redhat.rhsa:tst:20131090011
comment ruby-mode is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965012
AND
comment ruby-rdoc is earlier than 0:1.8.5-31.el5_9
oval oval:com.redhat.rhsa:tst:20131090013
comment ruby-rdoc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965014
AND
comment ruby-ri is earlier than 0:1.8.5-31.el5_9
oval oval:com.redhat.rhsa:tst:20131090015
comment ruby-ri is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965016
AND
comment ruby-tcltk is earlier than 0:1.8.5-31.el5_9
oval oval:com.redhat.rhsa:tst:20131090017
comment ruby-tcltk is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965018

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment ruby is earlier than 0:1.8.7.352-12.el6_4
oval oval:com.redhat.rhsa:tst:20131090020
comment ruby is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20193384002
AND
comment ruby-devel is earlier than 0:1.8.7.352-12.el6_4
oval oval:com.redhat.rhsa:tst:20131090022
comment ruby-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20193384006
AND
comment ruby-docs is earlier than 0:1.8.7.352-12.el6_4
oval oval:com.redhat.rhsa:tst:20131090024
comment ruby-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110910006
AND
comment ruby-irb is earlier than 0:1.8.7.352-12.el6_4
oval oval:com.redhat.rhsa:tst:20131090026
comment ruby-irb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20193384010
AND
comment ruby-libs is earlier than 0:1.8.7.352-12.el6_4
oval oval:com.redhat.rhsa:tst:20131090028
comment ruby-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20193384012
AND
comment ruby-rdoc is earlier than 0:1.8.7.352-12.el6_4
oval oval:com.redhat.rhsa:tst:20131090030
comment ruby-rdoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110910012
AND
comment ruby-ri is earlier than 0:1.8.7.352-12.el6_4
oval oval:com.redhat.rhsa:tst:20131090032
comment ruby-ri is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110910014

AND

comment ruby-static is earlier than 0:1.8.7.352-12.el6_4
oval oval:com.redhat.rhsa:tst:20131090034
comment ruby-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110910016

AND
comment ruby-tcltk is earlier than 0:1.8.7.352-12.el6_4
oval oval:com.redhat.rhsa:tst:20131090036
comment ruby-tcltk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110910018

rhsa

id	RHSA-2013:1090
released	2013-07-17
severity	Moderate
title	RHSA-2013:1090: ruby security update (Moderate)

rhsa
id RHSA-2013:1103
rhsa
id RHSA-2013:1137

rpms

ruby-0:1.8.5-31.el5_9
ruby-0:1.8.7.352-12.el6_4
ruby-debuginfo-0:1.8.5-31.el5_9
ruby-debuginfo-0:1.8.7.352-12.el6_4
ruby-devel-0:1.8.5-31.el5_9
ruby-devel-0:1.8.7.352-12.el6_4
ruby-docs-0:1.8.5-31.el5_9
ruby-docs-0:1.8.7.352-12.el6_4
ruby-irb-0:1.8.5-31.el5_9
ruby-irb-0:1.8.7.352-12.el6_4
ruby-libs-0:1.8.5-31.el5_9
ruby-libs-0:1.8.7.352-12.el6_4
ruby-mode-0:1.8.5-31.el5_9
ruby-rdoc-0:1.8.5-31.el5_9
ruby-rdoc-0:1.8.7.352-12.el6_4
ruby-ri-0:1.8.5-31.el5_9
ruby-ri-0:1.8.7.352-12.el6_4
ruby-static-0:1.8.7.352-12.el6_4
ruby-tcltk-0:1.8.5-31.el5_9
ruby-tcltk-0:1.8.7.352-12.el6_4
ruby193-ruby-0:1.9.3.429-34.2.el6ost
ruby193-ruby-debuginfo-0:1.9.3.429-34.2.el6ost
ruby193-ruby-devel-0:1.9.3.429-34.2.el6ost
ruby193-ruby-doc-0:1.9.3.429-34.2.el6ost
ruby193-ruby-irb-0:1.9.3.429-34.2.el6ost
ruby193-ruby-libs-0:1.9.3.429-34.2.el6ost
ruby193-ruby-tcltk-0:1.9.3.429-34.2.el6ost
ruby193-rubygem-bigdecimal-0:1.1.0-34.2.el6ost
ruby193-rubygem-io-console-0:0.3-34.2.el6ost
ruby193-rubygem-json-0:1.5.5-34.2.el6ost
ruby193-rubygem-minitest-0:2.5.1-34.2.el6ost
ruby193-rubygem-rake-0:0.9.2.2-34.2.el6ost
ruby193-ruby-0:1.9.3.448-38.el6
ruby193-ruby-debuginfo-0:1.9.3.448-38.el6
ruby193-ruby-devel-0:1.9.3.448-38.el6
ruby193-ruby-doc-0:1.9.3.448-38.el6
ruby193-ruby-irb-0:1.9.3.448-38.el6
ruby193-ruby-libs-0:1.9.3.448-38.el6
ruby193-ruby-tcltk-0:1.9.3.448-38.el6
ruby193-rubygem-bigdecimal-0:1.1.0-38.el6
ruby193-rubygem-io-console-0:0.3-38.el6
ruby193-rubygem-json-0:1.5.5-38.el6
ruby193-rubygem-rake-0:0.9.2.2-38.el6
ruby193-rubygem-rdoc-0:3.9.5-38.el6
ruby193-rubygems-0:1.8.23-38.el6
ruby193-rubygems-devel-0:1.8.23-38.el6

refmap via4

apple	APPLE-SA-2013-10-22-3
confirm	http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel! http://support.apple.com/kb/HT6150 http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ https://bugzilla.redhat.com/show_bug.cgi?id=979251 https://puppet.com/security/cve/cve-2013-4073
debian	DSA-2738 DSA-2809
suse	openSUSE-SU-2013:1181 openSUSE-SU-2013:1186
ubuntu	USN-1902-1

Last major update

13-08-2018 - 21:47

Published

18-08-2013 - 02:52

Last modified

13-08-2018 - 21:47