Warning vulnerability in monitoring-plugins : incomplete SSL certificate verify
Shopping Ruan
rlq1969612634 at gmail.com
Fri Mar 31 10:42:02 UTC 2017
Hi developers:
Nowadays we made a large scale security static analysis on several open
source projects, and found some mistakes in monitoring-plugins-2.1.2. In
the @plugins/sslutils.c:164:
int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
# ifdef USE_OPENSSL
[...]
certificate=SSL_get_peer_certificate(s);
if (!certificate) {
printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
return STATE_CRITICAL;
}
/* Extract CN from certificate subject */
subj=X509_get_subject_name(certificate);
[...]
}
We find that you use SSL_get_peer_certificate() to get the cert and
verify some properties of it.But it still not secure enough and can lead to
MITM attack. To guarantee the security,we recommand you add the judgement
if(SSL_get_verify_result(ssl)==X509_V_OK) to make sure validation
succeeds.We have send the bug report to Ubuntu launchpad,and also inform
you of such news.Here are the link:
https://bugs.launchpad.net/ubuntu/+source/monitoring-plugins/+bug/1677951
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20170331/0b8f2cce/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list