authentication bug in KAME's racoon

From: Thomas Walpuski (thomas-bugtraq_at_unproved.org)
Date: 06/14/04

  • Next message: Romulo M. Cholewa: "RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection" 
    Date: Mon, 14 Jun 2004 18:56:23 +0000
To: bugtraq@securityfocus.com

    Summary

      There is a severe bug in racoon's authentication via digital
      signatures with certificates.

    Description

      racoon verifies the peer's certificate using eay_check_x509cert().
      For some strange reason eay_check_x509cert() sets a verify callback:

        X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert);

      Verify callbacks are usually used for debugging purpose. Take a look
      at what racoon uses the verify callback for:

        static int
        cb_check_cert(ok, ctx)
                int ok;
                X509_STORE_CTX *ctx;
        {
                char buf[256];
                int log_tag;

                if (!ok) {
                        [..]
                        switch (ctx->error) {
                        case X509_V_ERR_CERT_HAS_EXPIRED:
                        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
        #if OPENSSL_VERSION_NUMBER >= 0x00905100L
                        case X509_V_ERR_INVALID_CA:
                        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
                        case X509_V_ERR_INVALID_PURPOSE:
        #endif
                                ok = 1;
                                log_tag = LLV_WARNING;
                                break;
                        default:
                                log_tag = LLV_ERROR;
                        }
                        [..]
                }
                ERR_clear_error();

                return ok;
        }

      If OpenSSL fails on verifying the certificate, because it is expired,
      self-signed, signed by an inappropriate CA, not allowed for that
      purpose or the certificate chain is too long, racoon does not care
      about that and declares the verification successful. I dare to say
      that is brain dead.

    Affected Systems

      All version of racoon known to me are vulnerable.

    Impact

      IMO besides remote privilege escalation that is the worst case
      scenario for an IKE daemon.

    Solution?

      There are no bug fixes, yet. I recommend not using racoon at all.

    Thomas Walpuski

  • Next message: Romulo M. Cholewa: "RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection"
    • Quantcast