An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Thanks for the report!

Thanks for acknowledging. We look forward to any updates/developments on the issue reported.

For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. https://tools.cisco.com/security/center/resources/vendor_vulnerability_policy.html

Kind Regards,

Regina Wilson
Analyst.Business Operations
regiwils@cisco.com<mailto:regiwils@cisco.com>

[cid:CFA14CB5-B7B2-4FF7-8313-22D495F607D5@vrt.sourcefire.com]

On Jan 15, 2019, at 11:30 AM, Christian Heimes <report@bugs.python.org<mailto:report@bugs.python.org>> wrote:

Christian Heimes <lists@cheimes.de<mailto:lists@cheimes.de>> added the comment:

Thanks for the report!

----------
assignee: -> christian.heimes
components: +SSL
nosy: +christian.heimes
stage: -> needs patch
versions: +Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8

Python tracker <report@bugs.python.org<mailto:report@bugs.python.org>>
<https://bugs.python.org/issue35746\>

I can confirm that CPython is affected.

By the way PyCA cryptography handles the CRL DB just fine.

>>> from cryptography import x509
>>> from cryptography.hazmat.backends import default_backend
>>> with open("Lib/test/talos-2019-0758.pem", "rb") as f:
...     pem_data = f.read()
... 
>>> cert = x509.load_pem_x509_certificate(pem_data, default_backend())
>>> cert.extensions[-1]
<Extension(oid=<ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>, critical=False, value=<CRLDistributionPoints([<DistributionPoint(full_name=None, relative_name=None, reasons=None, crl_issuer=None)>])>)>

The files are removed and will be reissued to PSIRT.

Regina Wilson
Analyst.Business Operations
regiwils@cisco.com<mailto:regiwils@cisco.com>

[cid:CFA14CB5-B7B2-4FF7-8313-22D495F607D5@vrt.sourcefire.com]

On Jan 15, 2019, at 12:11 PM, Cisco Talos <report@bugs.python.org<mailto:report@bugs.python.org>> wrote:

Change by Cisco Talos <vulndev@cisco.com<mailto:vulndev@cisco.com>>:

Removed file: https://bugs.python.org/file48052/TALOS-2019-0758.txt

Python tracker <report@bugs.python.org<mailto:report@bugs.python.org>>
<https://bugs.python.org/issue35746\>

I close the bug just to hide it from the home page and default search result, to have more time to fix it (make the issue less visible).

Please leave the bug open and don't remove files. It's too late. The bug report has been sent to mailing lists and RSS feeds already.

Also you cannot remove any files from the bug tracker. Only admins are can do that.

I can confirm this crashes a freshly-built interpreter from the current 3.5 and 3.4 branches.

New changeset a37f524 by Miss Islington (bot) (Christian Heimes) in branch 'master':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
a37f524

New changeset be5de95 by Miss Islington (bot) in branch '3.7':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
be5de95

TALOS-2019-0758.txt: "Credit: Discovered by Colin Read and Nicolas Edet of Cisco."

Can we credit them somewhere? Maybe edit the NEWS entry to mention their name?

New changeset 06b1542 by Miss Islington (bot) in branch '2.7':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
06b1542

New changeset 216a4d8 by Ned Deily (Miss Islington (bot)) in branch '3.6':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (GH-11573)
216a4d8

The bug is less critical and harder to exploit than I initially thought. td;dr if you have cert validation enabled and only trust public root CAs from CA/B forum, then you are not affected.

The bug is only exploitable under two conditions:

1. The user has disabled TLS/SSL certificate validation *and* calls getpeercert() in 3rd party code.
2. Or the user trusts a CA that does not properly validate end-entity certificates.

When cert validation is enabled, the ssl module will refuse any untrusted certificate during the handshake. The SSLSocket.getpeercert() and SSLObject.getpeercert() methods raise an exception, when the handshake was not successful. Python 2.7 - 3.6 hostname verification code only calls getpeercert() after the cert chain was validated successfully. Python 3.7+ no longer calls getpeercert() for hostname verification. Further more hostname verification can't be enabled when cert validation is disabled.

For publicly trusted CAs governed by CA/B baseline requirements, CRL DPs must by valid URI general names with HTTP links. From CA/Browser Forum Baseline Requirements Version 1.6.2, December 10, 2018, section 7.1.2.3. Subscriber Certificate:

b. cRLDistributionPoints
This extension MAY be present. If present, it MUST NOT be marked critical, and it MUST contain the HTTP URL of the CA’s CRL service.

Does someone work on backporting the fix to 3.4 and 3.5 branches?

Note: I added the vulnerability to:
https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html

New changeset 355f16f by Victor Stinner in branch 'master':
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11863)
355f16f

New changeset 826a8b7 by Victor Stinner in branch '2.7':
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11866)
826a8b7

New changeset fe42122 by Victor Stinner in branch '3.7':
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11864)
fe42122

New changeset 2a3af94 by Ned Deily (Victor Stinner) in branch '3.6':
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11865)
2a3af94

New changeset 6c655ce by larryhastings (Victor Stinner) in branch '3.4':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (bpo-11868)
6c655ce

New changeset efec763 by larryhastings (Victor Stinner) in branch '3.5':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (bpo-11867)
efec763

Can we close this now?

Yes, I close the issue.