LWN Weekly Edition
Front pageSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->One big page
This page
Previous weekFollowing week
Sponsored link
Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Security
Biometrics for identification
Using a fingerprint or other physical characteristic, called biometric data, for identity verification seems, at first glance, like a perfect solution to the problem. Unfortunately, there are some basic problems with using biometric information that way. If the biometric data can be gathered by others, it no longer makes such a good identifier.
As part of a political protest against including fingerprints in passports, the Chaos Computer Club (CCC) published a fingerprint of German Home Secretary Wolfgang Schäuble. Schäuble is a supporter of collecting fingerprint data to combat terrorism. The club not only published the picture, but also a film that can be placed over a finger to deceive fingerprint scanners. A club spokesman has usage recommendations as reported in heise online:
It seems unlikely that CCC's distributed finger film will actually leave the Secretary's print on a glass surface, but more sophisticated versions of the same basic idea should be able to. Various folks have shown that using an image of someone's fingerprint can fool most scanners. Even sophisticated scanners can be spoofed when that image is placed over a live finger—with body temperature and pulse. The problem is that while a fingerprint is unique, it isn't secret. CCC got theirs from a sympathizer who picked it up from a glass used by the Secretary during a speech.
Bruce Schneier is, as usual, ahead of the curve on this. In an article from nearly ten years ago, he drives home the point:
Other forms of biometric identification exist, but are susceptible to the same kinds of problems. A voiceprint or facial identification scanner could be fairly easily subverted by secretly recording or photographing the subject. Retinal scans are trickier, perhaps, but technology to remotely (and surreptitiously) read them will probably come along. In many cases, an attacker may not even need to go to that amount of trouble because they can just extract—or pay to have someone else extract—that information from some database.
More and more of this kind of information is being gathered and centralized. The US has started fingerprinting all ten fingers of non-citizens who enter the country—other countries have started doing it in retaliation. One could hope the data retention policy for that information is similar to that of White House emails, but it is probably longer. Worse yet, it is probably stored with photographs, passport information, and signature of the subject.
The key to using biometrics correctly is to repeat the Schneier mantra:
Revocation of a biometric identifier is difficult or impossible—if it is even known to be compromised. One could potentially switch fingers for fingerprint identification, or even switch eyes—once. Switching voiceprint, face, or DNA if and when that gets used, will be essentially impossible. Biometrics suffer from the same failure mode as using the same password everywhere, unless you can somehow use a different characteristic for each biometrically "protected" dataset—hard to do with limited body parts.
Biometric data does have its uses, but it has limitations as well. It seems seductively simple that your fingerprint is the same as you, but it isn't necessarily true. Now we just need to teach the politicians, which might be something that Schäuble is starting to learn.
New vulnerabilities
capp-lspp-config: privilege escalation
| Package(s): | lspp-eal4-config-ibm, capp-lspp-eal4-config-hp | CVE #(s): | CVE-2008-0884 | |||
| Created: | April 1, 2008 | Updated: | April 2, 2008 | |||
| Description: | The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain
utilities and documentation for configuring a machine for the Controlled
Access Protection Profile, or the Labeled Security Protection Profile.
It was discovered that use of the "capp-lspp-config" script results in the "/etc/pam.d/system-auth" file being set to world-writable. Authorized local users who have limited privileges could then exploit this to gain additional access, or to escalate their privileges. | |||||
| Alerts: |
| |||||
centerim: command injection
| Package(s): | centerim | CVE #(s): | CVE-2008-1467 | ||||||
| Created: | April 2, 2008 | Updated: | April 2, 2008 | ||||||
| Description: | The centerim instant messaging interface passes unescaped URLs to the shell, allowing the injection of arbitrary commands. | ||||||||
| Alerts: |
| ||||||||
cups: buffer overflows
| Package(s): | cups | CVE #(s): | CVE-2008-0053 CVE-2008-1373 | ||||||||||||||||||||||||||||||
| Created: | April 1, 2008 | Updated: | April 9, 2008 | ||||||||||||||||||||||||||||||
| Description: | Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "lp" user if the file is printed. A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious GIF file that could possibly execute arbitrary code as the "lp" user if the file was printed. | ||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||
cups: multiple vulnerabilities
| Package(s): | cups | CVE #(s): | CVE-2008-1374 CVE-2004-0888 CVE-2005-0206 | |||
| Created: | April 1, 2008 | Updated: | April 2, 2008 | |||
| Description: | Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the "lp" user if the file was printed. The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | |||||
| Alerts: |
| |||||
gnome-screensaver: information disclosure
| Package(s): | gnome-screensaver | CVE #(s): | CVE-2007-6389 | ||||||||||||
| Created: | April 2, 2008 | Updated: | April 9, 2008 | ||||||||||||
| Description: | The gnome-screensaver "leave message" feature can be used to read the contents of the user's clipboard, potentially disclosing useful information. | ||||||||||||||
| Alerts: |
| ||||||||||||||
gnome-screensaver: lock bypass
| Package(s): | gnome-screensaver | CVE #(s): | CVE-2008-0887 | |||||||||||||||
| Created: | April 2, 2008 | Updated: | April 11, 2008 | |||||||||||||||
| Description: | From the Red Hat advisory: A flaw was found in the way gnome-screensaver verified user passwords. When a system used a remote directory service for login credentials, a local attacker able to cause a network outage could cause gnome-screensaver to crash, unlocking the screen. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
lighttpd: denial of service
| Package(s): | lighttpd | CVE #(s): | CVE-2008-1531 | ||||||||||||||||||
| Created: | April 1, 2008 | Updated: | April 29, 2008 | ||||||||||||||||||
| Description: | lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
mod_suphp: symlink vulnerabilities
| Package(s): | mod_suphp | CVE #(s): | |||||||
| Created: | April 2, 2008 | Updated: | April 2, 2008 | ||||||
| Description: | mod_suphp 0.6.2 contains two symbolic link vulnerabilities which can be exploited to create a privilege escalation attack. | ||||||||
| Alerts: |
| ||||||||
phpMyAdmin: information disclosure
| Package(s): | phpMyAdmin | CVE #(s): | CVE-2008-1567 | |||||||||
| Created: | April 2, 2008 | Updated: | April 25, 2008 | |||||||||
| Description: | phpMyAdmin saves MySQL username and password information in (potentially unprotected) session data. | |||||||||||
| Alerts: |
| |||||||||||
policyd-weight: insecure temp file
| Package(s): | policyd-weight | CVE #(s): | CVE-2008-1569 | |||||||||
| Created: | March 27, 2008 | Updated: | April 11, 2008 | |||||||||
| Description: | From the Debian alert: Chris Howells discovered that policyd-weight, a policy daemon for the Postfix mail transport agent, created its socket in an insecure way, which may be exploited to overwrite or remove arbitrary files from the local system. | |||||||||||
| Alerts: |
| |||||||||||
tomcat: insecure ciphers
| Package(s): | tomcat | CVE #(s): | CVE-2007-1858 | |||
| Created: | March 28, 2008 | Updated: | April 2, 2008 | |||
| Description: | The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. | |||||
| Alerts: |
| |||||
xine-lib: multiple integer overflows
| Package(s): | xine | CVE #(s): | CVE-2008-1482 | ||||||||||||
| Created: | April 1, 2008 | Updated: | April 9, 2008 | ||||||||||||
| Description: | Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c. | ||||||||||||||
| Alerts: |
| ||||||||||||||
Page editor: Jake Edge
Next page: Kernel development>>