The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Mozilla NSPR, NSS, IE: accepting IP wildcard certificates

Synthesis of the vulnerability

Some web browsers accept wildcard X.509 certificates containing an IP address fragment.
Severity of this alert: 1/4.
Creation date: 28/10/2010.
Références of this alert: CERTA-2002-AVI-272, CVE-2010-3170, DSA-2123-1, FEDORA-2010-15989, openSUSE-SU-2010:0904-1, openSUSE-SU-2010:0906-1, openSUSE-SU-2014:1100-1, RHSA-2010:0862-02, SUSE-SR:2010:020, VIGILANCE-VUL-10079, VMSA-2011-0004.2, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2012-0005, wp-10-0001.

Description of the vulnerability

A wildcard X.509 certificate matches several domains. For example "*.example.com" is valid for all domains ending with ".example.com" (which belongs to the same company).

In order to protect against Man-In-The-Middle attacks, the RFC 2818 forbids wildcard certificates for IP addresses. For example, "*.2.3.4" has to be rejected because 1.2.3.4, 2.2.3.4, 3.2.3.4, etc. do not belong to the same network (and thus to the same company).

However, some implementation accept IP wildcard certificates.

When a certification authority accepts to sign such a certificate, an attacker can therefore use it for a Man-In-The-Middle attack.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as Debian, Fedora, IE, Firefox, NSPR, NSS, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, SLES, ESX.

Our Vigil@nce team determined that the severity of this weakness note is low.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this weakness bulletin.

Solutions for this threat

Mozilla NSPR: version 4.8.6.
The version 4.8.6 is corrected:
  http://www.mozilla.org/projects/nspr/

Mozilla NSS: version 3.12.8.
The version 3.12.8 is corrected:
  http://www.mozilla.org/projects/security/pki/nss/

Firefox: version 3.6.11.
The version 3.6.11 is corrected:
  http://www.mozilla-europe.org/fr/firefox/

Firefox: version 3.5.14.
The version 3.5.14 is corrected:
  http://www.mozilla.com/en-US/firefox/all-older.html

Thunderbird: version 3.1.5.
The version 3.1.5 is corrected:
  http://www.mozillamessaging.com/fr/thunderbird/

Thunderbird: version 3.0.9.
The version 3.0.9 is corrected:
  http://www.mozillamessaging.com/en-US/thunderbird/all-older.html

SeaMonkey: version 2.0.9.
The version 2.0.9 is corrected:
  http://www.seamonkey-project.org/releases/

Debian: new nss packages.
New packages are available:
  http://security.debian.org/pool/updates/main/n/nss/libnss3-*_3.12.3.1-0lenny2_*.deb

Fedora: new nss packages.
New packages are available:
  nss-3.12.8-1.fc12
  nss-3.12.8-1.fc13
  nss-3.12.8-2.fc14

openSUSE 11.4: new MozillaFirefox packages (09/09/2014).
New packages are available:
  openSUSE 11.4: MozillaFirefox 24.8.0-127.1

openSUSE: new mozilla-nss packages.
New packages are available:
openSUSE 11.3 :
  mozilla-nspr-4.8.6-1.1.1
  mozilla-nss-3.12.8-1.1.1
openSUSE 11.2 :
  mozilla-nspr-4.8.6-1.1.1
  mozilla-nss-3.12.8-1.1.1
openSUSE 11.1 :
  mozilla-nspr-4.8.6-1.1.1
  mozilla-nss-3.12.8-1.1.1

openSUSE: new seamonkey packages.
New packages are available:
openSUSE 11.1 :
  MozillaThunderbird-3.0.9-0.3.1
  enigmail-1.0.1-5.3.1
  seamonkey-2.0.9-0.1.1
openSUSE 11.2 :
  MozillaThunderbird-3.0.9-0.3.1
  enigmail-1.0.1-2.3.1
  seamonkey-2.0.9-0.5.1
openSUSE 11.3 :
  MozillaThunderbird-3.0.9-0.2.1
  enigmail-1.0.1-3.2.1
  seamonkey-2.0.9-0.5.1

RHEL 6.0: new nss packages.
New packages are available:
  nss-3.12.8-1.el6_0

Solaris 9: patch for libldap.
A patch is available:
  SPARC: https://updates.oracle.com/Orion/Services/download?type=readme&bugfix_name=115695-05
  X86: https://updates.oracle.com/Orion/Services/download?type=readme&bugfix_name=115696-05

SUSE: new packages (03/11/2010).
New packages are available, as indicated in information sources.

VMware ESX: version 4.1 Update 2.
The version 4.1 Update 2 is corrected:
  http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
  http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides cybersecurity bulletins. The technology watch team tracks security threats targeting the computer system.