Vulnerability Note VU#772676
Mozilla Network Security Services (NSS) fails to properly verify RSA signatures
The Mozilla Network Security Services (NSS) library fails to properly verify RSA signatures due to incorrect ASN.1 parsing of DigestInfo. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate.
CWE-295: Improper Certificate Validation
RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data to ensure message hashes are adequately sized. The Public-Key Cryptography Standard #1 version 1.5 (PKCS#1 v1.5), which is defined in RFC 2313, specifies "the mathematical properties and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures" (Wikipedia). The Mozilla Network Security Services (NSS) library incorrectly parses PKCS#1 v1.5 padded signatures due to the use of a vulnerable implementation of ASN.1 encoding of DigestInfo. Vulnerable implementations parse the DigestInfo field using the BER encoding, which allows multiple ways of encoding the same ASN.1 object. The parser implementation allows for bytes to skip validation, allowing an attacker to forge a signature when a RSA key with a low public exponent (e.g., three) is used.
This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Affected||-||24 Sep 2014|
|Mozilla||Affected||22 Sep 2014||24 Sep 2014|
|Apache HTTP Server Project||Unknown||24 Sep 2014||24 Sep 2014|
|Cisco Systems, Inc.||Unknown||23 Sep 2014||23 Sep 2014|
|Oracle Corporation||Unknown||23 Sep 2014||23 Sep 2014|
|VMware||Unknown||23 Sep 2014||23 Sep 2014|
|Yahoo, Inc.||Unknown||23 Sep 2014||23 Sep 2014|
CVSS Metrics (Learn More)
Thanks to Advanced Threat Research - Intel Security for reporting this vulnerability. Antoine Delignat-Lavaud, a researcher for team Prosecco of Inria Paris, also reported this to Mozilla.
This document was written by Joel Land and Chris King.
- CVE IDs: CVE-2014-1568
- Date Public: 24 Sep 2014
- Date First Published: 24 Sep 2014
- Date Last Updated: 24 Sep 2014
- Document Revision: 52
If you have feedback, comments, or additional information about this vulnerability, please send us email.