Bug 1078679 - (CVE-2017-15698) VUL-1: CVE-2017-15698: libtcnative-1-0: tomcat-native: Mishandling of client certificates can allow for OCSP check bypass
(CVE-2017-15698)
VUL-1: CVE-2017-15698: libtcnative-1-0: tomcat-native: Mishandling of client...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Matei Albu
Security Team bot
https://smash.suse.de/issue/199259/
CVSSv3:SUSE:CVE-2017-15698:5.4:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-01 06:08 UTC by Marcus Meissner
Modified: 2021-01-07 19:00 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-02-01 06:08:14 UTC
rh#1540824

When parsing the AIA-Extension field of a client certificate, Apache Tomcat
Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle
fields longer than 127 bytes. The result of the parsing error was to skip the
OCSP check. It was therefore possible for client certificates that should have
been rejected (if the OCSP check had been made) to be accepted. Users not using
OCSP checks are not affected by this vulnerability.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1540824
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15698
https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E
Comment 5 Karol Babioch 2018-12-21 10:09:31 UTC
Another ping, since the running update is still stopped and waiting for this fix.
Comment 7 Swamp Workflow Management 2019-04-09 13:10:51 UTC
SUSE-SU-2019:14014-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1078679,1103347,1103348
CVE References: CVE-2017-15698,CVE-2018-8019,CVE-2018-8020
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    libtcnative-1-0-1.3.4-12.5.5.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    libtcnative-1-0-1.3.4-12.5.5.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libtcnative-1-0-1.3.4-12.5.5.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libtcnative-1-0-1.3.4-12.5.5.2

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 8 Marcus Meissner 2019-06-06 11:45:14 UTC
done