-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Shibboleth Service Provider Security Advisory [2 December 2013] An updated version of the Curl HTTP client library is available which corrects a TLS processing mistake introduced in older versions of the library. Versions of Curl between 7.18.0 and 7.32.0 are affected by this issue, corrected in 7.33.0. Refer to the Recommendations section below for specific guidance on how particular platforms are affected. Curl library skips TLS server certificate name checking ======================================================= A bug was introduced several years ago into Curl that caused the library to, under specialized conditions, ignore the setting that instructs it to enforce checking of the content of a server's TLS certificate against the name of the server being contacted. The Shibboleth SP operates in conditions that trigger this bug. In most commonly deployed scenarios, this vulnerability does not have major security implications for deployers. Shibboleth is usually deployed by embedding specific public key certificates into SAML metadata for the endpoints with which the SP will communicate with an IdP. In this case, the name check is superfluous because the key itself can't be faked. In a small minority of scenarios, deployers may be relying on indirect trust evaluation of a server's certificate by embedding the name of a key into the metadata and specifying Certificate Authority roots of trust in a Shibboleth-defined extension[1]. In rarer cases, a server certificate may be part of a chain of trust used to verify remote sources of metadata; this is not advisable, but is sometimes done in the absence of a signature over the metadata. In these rare cases, this issue becomes a critical vulnerablity. If you are in doubt of your own deployment characteristics, you should ask for help from the community. The vulnerability in Curl has been published as CVE-2013-4545. One additional note: another change made to Curl during the intervening versions was to implement a more strict form of name checking in which the presence of a subjectAltName extension in a certificate precludes the use of the "CN" portion of the subject DN from the check. This can cause issues with some certificates if the subjectAltName extension is used to supplement rather than fully replace the use of the CN. The certificates generated by the Shibboleth software do not have this problem, but others may. This behavior change is intrinsic to Curl and is not possible to undo. Recommendations =============== Ensure that V7.33.0 or later of the Curl library is used and make sure server certificates used for TLS do not carry incomplete subjectAltName extensions. Where possible, avoid any use of the PKIX trust model at any level and for any use. It's likely that this trust plugin will be turned off by default in a future major upgrade because of issues like this one. Platforms on which Curl is an OS-supplied component, such as most versions of Linux, will need to ensure their vendor has supplied an updated package to correct the issue, or (as in the case of Red Hat 5) provide a version so old that it predates the bug's introduction. On the Red Hat / CentOS 6 platforms, the Shibboleth Project provides our own custom build of the libcurl shared library, and the RPM package for this library has already been updated and published. The version supplied with the OS is not usable with Shibboleth anyway. For Windows installations, an updated installer[2] for V2.5.3 of the SP software has been released that includes the fix. Updating the SP to V2.5.3 in and of itself is not a fix for this issue. The updated version has been expedited primarily to facilitate updates of the libcurl version for Windows installations. Of course, this update includes additional bug fixes that may be relevant to deployers and you can review the list of fixes[3]. Credits ======= Thanks to Scott Koranda of LIGO for reporting the issue to the project, and thank you to Daniel Stenberg of the Curl project for providing prompt feedback on the scope of the issue. URL for this Security Advisory: http://shibboleth.net/community/advisories/secadv_20131202.txt URL for the vulnerability: http://curl.haxx.se/docs/adv_20131115.html [1] https://wiki.shibboleth.net/confluence/display/SHIB2/PKIXTrustEngine [2] http://shibboleth.net/downloads/service-provider/latest/ [3] https://wiki.shibboleth.net/confluence/display/DEV/SPRoadmap -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) iQIcBAEBCgAGBQJSnLS4AAoJEDeLhFQCJ3li9fMP/j4No1DC4C7dxISUjzevMplD HUbNVQ7N2Fvdnob4CnjrmeRTgMxC9qsfWujw1DWdY2jvxrtgCjH3VMxN3xF8XOkH leTkY1DxPwV4yz1J/ADjG4LitS5amWLXQAlelFjf7/yooP4+Qpu6ncWqAlILC4Vf qDGRryBv/nfrupIA6PXE7lxelCZa+9MeNEytyEn0AmoA1pD81NNOp8tjtrI7sZR0 AcGexKp7Bcb4Sqp69aWALl4zepY7ZR3WV6NN3FSezV5KNL1VRbaL2NEbx/Gdjd/M VT9HkRokheTlsRzTmYL+N+WDclPjhdI7X1Cfu7u1Oy1omBXPjg87sKRgzjmmPlqY BArTJ+Ei/hElnboFANqPGxzlHgIKkd8AVD2pwAau8CNsFKu0jAA8VHXGJ/aAGW20 Ok7C7g2aiKH9Fgt/Xlflc5R89utSgE+Gk/9b6h9q7R/ep9GMsSc1Pa4T4N9XP1mx ZtzldUKtH0jE3QHcjrj+JahHH/h/bVjsO25SUDeyMOywllPaPIQoWqrwE6l+K/Fb 3PuX61nln9W0ejADAH69c1uAQlzbYKMhkLlsWJLvT5I4Z0+aokMIMirO/jUGhg4B NCwrWobQjwfFMq2MrUPZFmZ8XeHJk6cr5jlinjDKO/0G9TFT1DOu7M+U9xvJVSKu AdGSrPn2JVMH7ptmhVSd =hqvM -----END PGP SIGNATURE-----