Search:

September 2006

NISCC Vulnerability Advisory 729618/NISCC/PARASITIC-KEYS - Denial-of-Service Condition Affecting X.509 Certificates Verification

ID: 00659
Ref: 632/2006
Date: 28 September 2006:13:00:00
Version: 1

Title: NISCC Vulnerability Advisory 729618/NISCC/PARASITIC-KEYS - Denial-of-Service Condition Affecting X.509 Certificates Verification
Abstract: Some applications that perform certificate verification may be subject to a denial-of-service condition if certain malicious keys (referred to as Parasitic Keys in this advisory) are used.
Vendors affected: Various
Operating systems affected: Various
Applications affected: Various

Version Information
-------------------
Advisory Reference 729618/NISCC/PARASITIC-KEYS
Release Date 28 September 2006
Last Revision 28 September 2006
Version Number 1.0

Acknowledgement
---------------
This vulnerability was reported to NISCC by Dr Stephen N. Henson.

What is affected?
-----------------
In general, any implementations that will perform some sort of certificate verification
may be affected.

Please note that the information contained within this advisory is subject to changes.
All subscribers are therefore advised to regularly check the NISCC website (http://www.niscc.gov.uk/niscc/vulnAdv-en.html) for updates to this notice.

Impact
------
If exploited, this vulnerability can potentially lead to a denial-of-service (DoS)
condition.

Severity
--------
The severity of this vulnerability varies by vendor. Please see the 'Vendor Information'
section below for further information. Alternatively, contact your vendor for product
specific information.

Summary
-------
X.509 is a widely used ITU-T standard for defining digital certificates. X.509 certificates
carry public keys which are used for a variety of purposes including digital signature
verification.

However some applications that perform certificate verification may be subjected to a
denial-of-service condition if certain malicious keys (referred to as Parasitic Keys in this
advisory) are used.

Please note that the information contained within this advisory is subject to changes. All
subscribers are therefore advised to regularly check the NISCC website
(http://www.niscc.gov.uk/niscc/vulnAdv-en.html) for updates to this notice.

Details
-------
Signature verification can be rapidly processed by the RSA algorithm by choosing appropriate
public key components. The main RSA verification operation is to calculate S^e (mod n), where:

# S is the signature
# e is the public exponent
# n is the public modulus

The public exponent is typically a small value (i.e. typically 3, 5 or 65537) and the value
of n is 1024 or 2048 bits in size. The small value of e reduces the amount of processing
required to verify a signature.

However by choosing much larger values for e and n, it may be possible to cause the
verification process to consume large amounts of system resources and hence result in
a denial-of-service condition.

Please note that by restricting the size of the public exponent will still allow for
large key sizes to be used.

Solution
--------
Please refer to the 'Vendor Information' section of this advisory for platform specific
remediation.

Vendor Information
------------------
A complete list of vendor responses to this issue is not currently available. Please
visit the web site at http://www.niscc.gov.uk/niscc/vulnAdv-en.html in order to view the
latest vendor statements.

Credits
-------
The NISCC Vulnerability Management Team would like to thank Dr Stephen N. Henson for
his effort in researching this issue, reporting it to NISCC and for his assistance in
the handling of this vulnerability.

The NISCC Vulnerability Management Team would also like to thank the vendors for their
co-operation in the handling of this vulnerability.

Contact Information
-------------------
The NISCC Vulnerability Management Team can be contacted as follows:

Email vulteam@niscc.gov.uk
Please quote the advisory reference in the subject line

Telephone +44 (0)870 487 0748 Ext 4511
Monday - Friday 08:30 - 17:00

Fax +44 (0)870 487 0749

Post Vulnerability Management Team
NISCC
PO Box 832
London
SW1P 1BG

We encourage those who wish to communicate via email to make use of our PGP key. This is
available from http://www.niscc.gov.uk/niscc/publicKey2-en.pop.

Please note that UK government protectively marked material should not be sent to the email
address above.

If you wish to be added to our email distribution list please email your request to
uniras@niscc.gov.uk.

What is NISCC?
--------------
For further information regarding the UK National Infrastructure Security Co-ordination
Centre, please visit http://www.niscc.gov.uk.

Reference to any specific commercial product, process, or service by trade name, trademark
manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or
favouring by NISCC. The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither shall NISCC accept responsibility for any errors or omissions contained within
this advisory. In particular, they shall not be liable for any loss or damage whatsoever,
arising from or in connection with the usage of information contained within this notice.

© 2006 Crown Copyright