Headline
Debian Security Advisory 5539-1
Debian Linux Security Advisory 5539-1 - It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5539-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoOctober 30, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : node-browserify-signCVE ID : CVE-2023-46234Debian Bug : 1054667It was reported that incorrect bound checks in the dsaVerify functionin node-browserify-sign, a Node.js library which adds crypto signingfor browsers, allows an attacker to perform signature forgery attacksby constructing signatures that can be successfully verified by anypublic key.For the oldstable distribution (bullseye), this problem has been fixedin version 4.2.1-1+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 4.2.1-3+deb12u1.We recommend that you upgrade your node-browserify-sign packages.For the detailed security status of node-browserify-sign please refer toits security tracker page at:https://security-tracker.debian.org/tracker/node-browserify-signFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU/2K5fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SYeRAAmffcSYdBfiH/6U30rpfiLylS8zL/ca2sILLKmfYuwG/DH6n5BJ5n+oosRrXpXhOXjhLmTe1f9Sst3hXCv0IIsJoITnrlmfSjp0CmTk3jx/VhQljSeFUCAFUkpyAL27QB76SSwqiJNNqvbKEwwatdtNyNFs/zE7Ir7lFT7hKLwryv70Mwf1xWdh59ZFMaCGPntGWpgwSHy88kD/z6Oo3SV/Q+U73Y53Rv62ZZMNrX1ploVsI1zPLFrOQSNkUwT+nGCfe13S5GUZ/w5U/joEjXWlDbPH8VSnL7pFBudVP6h6NcgyHds7jYsHbZAuViuE0ctEu2li/j51fD6MOZu2HRtaxi6EuZpaOTUDbq1qC5GvGa0+4FuNBVO3k33N+4fVARStFoWFnoqX8+0kWJvkhvO8O8AVoIMRzWEbLjeBv5nMHxggRfw2cisJeNTGIDvJfDiC7w18TDEIwDwEo1nScCWndPK5LPkI6+j9VQIVKdf9UGJS+pnWgywT9G6EiSKS+pOQSujNV5XuWDeicV2e3CvgrVQ+kaOKvFBgpGfZwOFV2+324kCnAk1hMupAnn7/7e/NYdDhpzmAv6fD5GfiW8WhLgRkNpKAQwoPV1Ywwr9S9KBxsWK2Lf1W4t6RyyKKX8M+gz7rLmeGfjJ4fbGdn/xSH7IWXjBCOiN1W+gwNmsCg=htaY-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice 6800-1 - It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a signature forgery attack.
### Summary An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. ### Details In `dsaVerify` function, it checks whether the value of the signature is legal by calling function `checkValue`, namely, whether `r` and `s` are both in the interval `[1, q - 1]`. However, the second line of the `checkValue` function wrongly checks the upper bound of the passed parameters, since the value of `b.cmp(q)` can only be `0`, `1` and `-1`, and it can never be greater than `q`. In this way, although the values of `s` cannot be `0`, an attacker can achieve the same effect as zero by setting its value to `q`, and then send `(r, s) = (1, q)` to pass the verification of any public key. ### Impact All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. ### Fix PR: Since the temporary private fork was...
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.