Insufficient Verification of Client Certificates in IIS 5.0 pre sp3

From: Johan Persson (ormat_private)
Date: Mon Aug 19 2002 - 07:40:41 PDT

Next message: NGSSoftware Insight Security Research: "Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)"

Previous message: NGSSoftware Insight Security Research: "Arbitrary File Creation/Overwrite with SQL Agent Jobs (SQL 2000 and 7) (#NISR19002002A)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------------
-------

  Sentor Torparfar Advisory #001

 Title: Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
 Date: August 16, 2002
 Author: Johan Persson <johan.personat_private>

----------------------------------------------------------------------------
-------

Summary:

 When an SSL connection is set up between IIS 5.0 pre sp3 and a client
 the server verifies that the client certificate is ultimately
 issued by a trusted root authority (as defined by CTL) and
 that none of the certificates in the chain have expired.

 There are serveral checks that are not being done.
 In particular there is no verification of basic constraints.

 Since the all subsequent validity checks (client certificate mapping,
 ASP methods etc) only deal with the subfields (O, OU, CN, etc) of
 the subject and/or issuer it is trivial to spoof your identity.


Details:

 Vulnerable systems:
  Windows 2000, IIS 5.0 pre sp3

 Not Vulnerable:
  Windows 2000, IIS 5.0 sp3

  I have no idea if there are similar vulnerabilities in
  any of the other versions of IIS, as I haven't checked.

 Description:
  The validity of a client certificate chain is not properly
  checked on the server side in a SSL connection involving an
  IIS 5.0 pre sp3. In particular  there is no verification of basic
  constraints. Since client certificate mapping as well as other
  methods of authentication using certificates relies on the
  information contained in the subfields of the subject (client)
  and issuer it is possible to create false credentials that
  can be used to impersonate any valid user.

Impact:
 In a system that relies on client side certificates for authentication
 it is possible to impersonate any user whose public details (certificate
 subfields) are known


Exploit:
 Get a (any) valid certificate which is ultimately issued by a root
 authority trusted by the target server.

 Create a certificate request containing whatever fields you need to
 impersonate the issuer you want to spoof.

 Sign this request using the private key corresponding to your valid
 certificate.

 Create a certificate request containing whatever fields you need to
 impersonate the subject you want to spoof

 Sign this request using the private key that corresponds to the certificate
 you created in step 3

 I will not release detailed exploit information. Openssl and some
 experimenting should suffice.


Vendor Status:
 Microsoft contacted June 24, 2002
 Microsoft provided me with a hotfix July 18, 2002
 The fix is included in Service Pack 3

Solution:
 Get and install Service Pack 3 from Microsoft



   0nd/Ag3nt0nd/0rm/Torparfar
----------------------------------------------------------------------------
-----------

Next message: NGSSoftware Insight Security Research: "Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)"
Previous message: NGSSoftware Insight Security Research: "Arbitrary File Creation/Overwrite with SQL Agent Jobs (SQL 2000 and 7) (#NISR19002002A)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 19 2002 - 08:11:08 PDT