A cryptographic bug similar to the one in iOS and OS X is in the GnuTLS code library, widely used in open source software and Linux distributions.
“The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification,” the Red Hat security team explained in a security advisory. “An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092).”
The flaw first came to light by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team during an audit of GnuTLS for Red Hat.
They found another bug in the way GnuTLS handled version 1 X.509 certificates, which could allow an attacker able to obtain such a certificate from a trusted CA to issue certificates for other sites accepted by GnuTLS as valid (CVE-2009-5138).
They patched the vulnerabilities and GnuTLS users should upgrade to the updated packages and to restart all applications linked to the GnuTLS library in order for the change to take effect.
Other projects have moved to fix the bug in this library, including Debian and Ubuntu, but hundreds of more applications and operating systems using it are yet to do so.
GnuTLS developers have also provided a new version of the library that fixes the issue and, as an alternative to it, a patch that temporarily mitigates it.
The flaw is pretty serious, as it could allow attackers to impersonate any web site and intercept and decode all the encrypted traffic that goes from end user to server and back.