Trustwave's SpiderLabs Security Advisory TWSL2011-014:
Vulnerability in Pantech Web Browser SSL Implementation

Published: 2011-09-23
Version: 1.0

Vendor: Pantech (http://www.pantechusa.com)
Product: Link P7040P, others may be vulnerable
Version affected: JLUS040201 confirmed, others may be vulnerable

Product description:
The Pantech Link is a mobile phone supporting a 2.4" LCD screen and full
keyboard that facilitates simple text messaging.

Credit: Paul Kehrer of Trustwave SpiderLabs

Finding: Vulnerability in Pantech Web Browser SSL Implementation

Pantech Link/P7040P browser SSL certificate parsing contains a flaw where
it fails to check the Basic Constraints parameter of certificates in the
chain.

By signing a new certificate using a legitimate end entity certificate,
an attacker can obtain a "valid" certificate for any domain. For example:

-TrustedCA
--somedomain.com (legitimate certificate)
---api.someotherdomain.com (signed by somedomain.com)

Using this technique any SSL traffic using the api.someotherdomain.com
certificate can be intercepted transparently to the end user if the
attacker is in control of the network.

Revision History:
08/12/11 - Vulnerability Disclosed
09/23/11 - Advisory Published

Remediation Steps:
This vulnerability has not been addressed at the time of this advisory.
Mobile users should be aware of this issue and proceed with caution when
transmitting SSL traffic.


About Trustwave: Trustwave is the leading provider of on-demand and
subscription-based information security and payment card industry
compliance management solutions to businesses and government entities
throughout the world. For organizations faced with today's challenging
data security and compliance environment, Trustwave provides a unique
approach with comprehensive solutions that include its flagship
TrustKeeper compliance management software and other proprietary security
solutions.  Trustwave has helped thousands of organizations--ranging from
Fortune 500 businesses and large financial institutions to small and
medium-sized retailers--manage compliance and secure their network
infrastructure, data communications and critical information assets.
Trustwave is headquartered in Chicago with offices throughout North
America, South America, Europe, Africa, China and Australia. For more
information, visit https://www.trustwave.com

About Trustwave's SpiderLabs: SpiderLabs(R) is the advanced security team
at Trustwave focused on application security, incident response,
penetration testing, physical security and security research. The team has
performed over a thousand incident investigations, thousands of
penetration tests and hundreds of application security tests globally. In
addition, the SpiderLabs Research team provides intelligence through
bleeding-edge research and proof of concept tool development to enhance
Trustwave's products and services. https://www.trustwave.com/spiderlabs

Disclaimer: The information provided in this advisory is provided "as is"
without warranty of any kind. Trustwave disclaims all warranties, either
express or implied, including the warranties of merchantability and
fitness for a particular purpose. In no event shall Trustwave or its
suppliers be liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages,
even if Trustwave or its suppliers have been advised of the possibility
of such damages. Some states do not allow the exclusion or limitation of
liability for consequential or incidental damages so the foregoing
limitation may not apply.




This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.