[Bug 1714640] [NEW] CVE-2017-14032 - certificate authentication bypass

[Launchpad Bug Tracker]

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by James Cowgill (jcowgill):

The following security bug was published for mbedtls:

[Vulnerability]
If a malicious peer supplies an X.509 certificate chain that has more
than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (which by default is
8), it could bypass authentication of the certificates, when the
authentication mode was set to 'optional' eg.
MBEDTLS_SSL_VERIFY_OPTIONAL. The issue could be triggered remotely by
both the client and server sides.

If the authentication mode, which can be set by the function
mbedtls_ssl_conf_authmode(), was set to 'required' eg.
MBEDTLS_SSL_VERIFY_REQUIRED which is the default, authentication would
occur normally as intended.

[Impact]
Depending on the platform, an attack exploiting this vulnerability could
allow successful impersonation of the intended peer and permit
man-in-the-middle attacks.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-
advisory-2017-02

As far as I can tell, mbed TLS in xenial, zesty and artful are affected.
No version of polarssl is affected.

** Affects: mbedtls (Ubuntu)
     Importance: Undecided
         Status: Confirmed

** Affects: mbedtls (Debian)
     Importance: Unknown
         Status: Fix Released


** Tags: patch
-- 
CVE-2017-14032 - certificate authentication bypass
https://bugs.launchpad.net/bugs/1714640
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.