OpenCA libCheckSignature Signature Validation

2004-01-16T02:43:26
ID OSVDB:3615
Type osvdb
Reporter OSVDB
Modified 2004-01-16T02:43:26

Description

Vulnerability Description

OpenCA contains a flaw that may allow a malicious user to bypass signature verification of a certificate. The issue is triggered because the libCheckSignature function only performs a check on the base of the serial of the associated certificate. It is possible that the flaw may lead to the acceptance of an invalid or malicious certificate.

Solution Description

Upgrade to version 0.9.1.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

OpenCA contains a flaw that may allow a malicious user to bypass signature verification of a certificate. The issue is triggered because the libCheckSignature function only performs a check on the base of the serial of the associated certificate. It is possible that the flaw may lead to the acceptance of an invalid or malicious certificate.

References:

Vendor URL: http://www.openca.org/ Vendor Specific Advisory URL Secunia Advisory ID:10664 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-01/0125.html ISS X-Force ID: 14847 CVE-2004-0004 CERT VU: 336446 Bugtraq ID: 9435