Researchers published details on a critical vulnerability affecting Network Security Services (NSS), a set of cryptographic libraries that support a range of security standards in multiple applications. Some vendors that distribute NSS in their products have already released advisories or updates to fix the flaw. Timely updates are recommended.
Details
NSS is a set of open-source cryptographic libraries used for the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
Tracked as CVE-2021-43527, the vulnerability affects any standard use of NSS released since October 2012 (versions 3.14 and later). On 1 December 2021, Mozilla fixed the issue in NSS versions 3.68.1 ESR and 3.73.3.
Researcher Tavis Ormandy, who dubbed this flaw BigSig, described the issue as a heap overflow occurring when handling DER-encoded DSA or RSA-PSS signatures. Depending on how NSS is configured, the problem occurs in the way NSS verifies certificates, both when a client reads the certificate message from the server, and when the server is configured to ask for client certificates.
Disabled signature methods or certificate types would not prevent exploitation, as NSS parses the certificates before performing any other checks. This could allow remote execution of arbitrary code, denial of service, and more.
Mozilla Firefox web browser is not vulnerable as it uses the mozilla::pkix for certificate verification. Chromium, Tor Browser, and Brave are also not affected by this flaw.
TLS and DTLS clients using NSS in certificate verification routines and servers that have certificate-based client authentication enabled are affected. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.
Some vendors that distribute NSS in their products have already released advisories or updates:
Other applications that rely on NSS for signature verification are believed to be vulnerable:
- AOL Instant Messenger (AIM)
- Open-source client applications such as Evolution, Pidgin, Apache OpenOffice, and LibreOffice
- Server products from Red Hat, including Red Hat Directory Server, Red Hat Certificate System, and the mod_nss SSL module for the Apache web server
- Server products from Oracle, including Oracle Communications Messaging Server and Oracle Directory Server Enterprise Edition
Recommendations
- We recommend monitoring for vendor update releases and timely patching of affected products.
- The vfychain tool distributed with NSS can be used to test for this vulnerability. Running `vfychain -a {input.cert}` will cause a segmentation fault condition on vulnerable versions and a failed verification condition on fixed versions.
References
