Notary Project Notation-Go CRL-Based Revocation Check Process Crash Vulnerability

A denial-of-service vulnerability has been identified in the Notary Project's notation-go library, specifically in version 1.3.0-rc.1. The issue arises during the Certificate Revocation List (CRL) based revocation check, where the CRL cache update process can fail and cause an unexpected program crash. This failure occurs because the os.Rename method, used to move a temporary file from the operating system's temporary directory to the notation cache directory, is not compatible with certain operating system limitations, particularly on Linux distributions like RedHat that use a specific mount point for temporary files. As a result, the revocation check process repeatedly crashes, aborting the signature verification process.

Impact

The vulnerability leads to a process crash, causing the premature termination of the CRL-based revocation check and disrupting the signature verification process.

Reproduction

To reproduce this vulnerability, ensure that the temporary file storage area (such as /tmp) is mounted on a different mount point than the 'notation' cache directory. Then, either disable the Online Certificate Status Protocol (OCSP) revocation check or use certificates that rely solely on CRLs for revocation. Finally, attempt to verify a signature using the 'notation' tool, which will trigger the CRL-based revocation check and cause the process to crash.

Remediation

Users are advised to upgrade to version 1.3.0-rc.2, where this vulnerability has been addressed.