安全研究
安全漏洞
NSS空字符CA SSL证书验证绕过安全限制漏洞
发布日期:2009-07-30
更新日期:2009-08-03
受影响系统:
Mozilla Firefox 3.5描述:
Mozilla NSS 3.12.3
BUGTRAQ ID: 35888
CVE(CAN) ID: CVE-2009-2408
网络安全服务(NSS)是一套用于跨平台开发启用了安全功能的客户端和服务器应用的库,用NSS编译的应用可以支持SSLv2、SSLv3、TLS等安全标准。
NSS库在处理SSL客户端与发布服务器证书的CA之间SSL证书中域名的时候存在不匹配的情况。如果恶意用户从带有无效空字符的主机名请求了证书,只要请求者拥有空字符后指定的域,大多数CA都会发布证书,但大多数SSL客户端(浏览器)都会忽略这部分名称,使用空字符之前没有验证的部分,这就允许攻击者在中间人攻击中使用伪造的证书,建立错误的信任关系。
<*来源:Dan Kaminsky
Moxie Marlinspike
链接:http://secunia.com/advisories/36093/
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=510251
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html
https://www.redhat.com/support/errata/RHSA-2009-1190.html
https://www.redhat.com/support/errata/RHSA-2009-1184.html
https://www.redhat.com/support/errata/RHSA-2009-1186.html
http://www.debian.org/security/2009/dsa-1874
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1874-1)以及相应补丁:
DSA-1874-1:New nss packages fix several vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1874
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc
Size/MD5 checksum: 1401 1dbc1107598064214fa689733495c56c
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5 checksum: 5320607 750839c9c018a0984fd94f7a9cc3dd7f
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz
Size/MD5 checksum: 52489 96f62370296f7d18a9748429ac99525f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 3048842 6b764e28ae56542572a4275e50c4d303
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 267250 b00f4c63a8d27a54fb562029411daf0e
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 1204106 c8ba098d6cc0af39ab93cd728ca7bb19
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 342544 2191bbcd5708f719392c8489bde7a0c6
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 256944 7a31770b748ff56ba45ac55044960b6d
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 1069628 eea22c2ccef5375689fe581de8152a61
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 321374 1b86ac1f27fee3287f1418973595a4e9
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 3099080 f4112f9f06d87e6139097a27e1419664
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 2900162 21604ffa61b7f5049f0f919030fec0f0
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 1011344 78bc0d853274ca2fc9f36752ed9f9c51
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 308766 e7547e80f6726b91611f9b92d83aa6b3
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 254374 ead00e7f25c47cc4b8b1ed99801c4ab9
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 257820 a17086cca6fdaf26e5a6b3fb84ae476d
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 308198 f24e01f4b2396193a314a965555374e8
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 1017054 d1086599e6a1904548804d538f90c810
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 2923084 b5e1d56b749941124c8b91f063d44c19
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 263122 b611c51dae677b42befac5f2e638d941
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 347148 c725c156c6cd17d09421e066548c673d
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 1169014 d5858e4c11ca0b88f59c24af1a251eea
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 2948790 92a46a3cd9b2db3c7f0d07d817a03ba4
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 957706 21a666157a0a208d8405df062b3276d2
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 304016 9771905fcb4acd6855158c8645722762
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 2913468 89b7116120a075a7795615d062bd7450
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 254478 7747ea82c2d9e93c6a610d60094fb316
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 267008 94a0fe98c183a728df7e64826f8b2c46
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 410780 a834a4f57ddc003570c6eaaafbc87032
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 2797788 1a1f375f7713f69acdf01e77f779b28b
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 1489492 a468da7ac4219e564793d06978a6be07
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 257808 fc1a4db95e71876cf0ffbe0b49327148
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 3049346 fc35475e7157e1859c154556ecb648b3
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 318740 fbafbce5a6d9498d8cd1fe1d8f1eaebc
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 1038702 0723e7d8621b7d65517cc3945a9790be
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 1028286 81e4bcd025b2ee3996de08b9fdb0b23a
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 317082 8b16e198a97ffb60df698767fef8cc35
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 2999704 d1f9bf1211ec7aa9458dcdd673a4a709
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 257740 82ed6773d6e942a70f1274e4a241bdd9
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 255174 6abcf8f6d427c29f704ca156dc201113
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 1029684 997fec6bb01c10e9e3c6aa15f0f78386
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 334590 1c8056037d5bccdad7977b49d3910065
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 2946754 1739d7e55a79d8e85dc5e668180846ae
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 1178522 0e72b044e78bca218a8d55c20c16e8d5
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 3020690 7115f25dbf7c31c55e768d48a29c8b46
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 258572 f8bf00777c295c76b0071a1354b011fa
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 346234 accf6855c0b8ea6d087bf062b2ac1d7b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 317482 f2f321d58890c1edb386ebc224ac052e
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 996192 cf17776aa8674a8c7e71527b6534b0e2
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 257464 2452b9eef9a3c0b786d4dc4afc2d16ae
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 2712012 910e98017dabb5adcc109f05f94b1a56
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Mozilla
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://bugzilla.mozilla.org/show_bug.cgi?id=480509
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:1186-01)以及相应补丁:
RHSA-2009:1186-01:Critical: nspr and nss security, bug fix, and enhancement update
链接:https://www.redhat.com/support/errata/RHSA-2009-1186.html
浏览次数:3435
严重程度:0(网友投票)
绿盟科技给您安全的保障