Researchers at Intel Security announced yesterday they have uncovered a critical vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations.
Dubbed “BERserk,” the vulnerability could allow an attacker to forge RSA signatures, thereby allowing the bypass of authentication to websites using Secure Sockets Layer or Transport Layer Security cryptographic protocols, known as SSL and TLS, respectively.
“Given that certificates can be forged for any domain, this issue raises serious concerns around integrity and confidentiality as we traverse what we perceive to be secure websites,” said Mike Fey, chief technology officer of Intel Security.
The Mozilla NSS library is commonly used in the Firefox Web browser, but it can also be found in Thunderbird, Seamonkey and other Mozilla products.
James Walter, director of advanced threat research at Intel Security, said the company notified both Mozilla and the U.S. Computer Emergency Readiness Team about the vulnerability. Although Intel Security is unaware of any attacks exploiting BERserk, Walter said Intel Security strongly advises individuals and organizations using Firefox to take immediate action to update their browsers with the latest security update from Mozilla.
Why it’s called BERserk
This attack exploits a vulnerability in the parsing of ASN.1 encoded messages during signature verification. ASN.1 messages are made up of various parts that are encoded using BER (Basic Encoding Rules) and/or DER (Distinguished Encoding Rules). This attack exploits the fact that the length of a field in BER encoding can be made to use many bytes of data. In vulnerable implementations, these bytes are then skipped during parsing. This condition enables the attack. BERserk is a variation on the Bleichenbacher PKCS#1 RSA Signature Verification vulnerability of 2006.