Security

Trust, but verify

Public-key cryptography has been an enormous boon for securing internet communication, but it suffers from a difficult-to-solve problem: authentication and key management. When presented with a public key over an insecure channel—as part of setting up a secure channel for example—how does one determine that the public key belongs to the entity that it purports to? There are several ways to solve that problem, but none are completely satisfactory. The Monkeysphere project seeks to turn the currently used system on its head, to some extent, and entrust users, rather than centralized authorities, with the power to bestow trust on a key.

There are three main ways for a key to be "trusted": the key (or its fingerprint) is transferred via some secure channel (by phone or in person for example), the key is signed by an authority which has been entrusted to only sign valid keys, or the key is signed by "enough" different entities that are fully or partially trusted (i.e. a web of trust). Most of today's secure internet communications use SSL/TLS which requires keys that have been signed by certificate authorities (CAs), which are "trusted" authorities.

There are two smaller subsets of secure communication, mostly only used by computer-savvy folks, that use other means for determining trust: SSH for interactive encrypted communication and PGP for encrypted email. SSH relies on key fingerprints being exchanged securely, at least in theory, while PGP relies on a web of trust. Monkeysphere's first project is to move the PGP web of trust into the SSH world.

A web of trust is a decentralized, user-controlled key management scheme whereby keys are signed by multiple entities, each using its own keys. The signature can be verified based on the public key of the signer and the user can decide which signers are to be trusted—and at what level to trust them. In practice, if Adam signs Bonnie's key, and Clarisse trusts Adam, that means that Clarisse can trust Bonnie's key. Whether Clarisse should trust David's key, which is signed by Bonnie, depends to a large extent on how much she trusts Adam.

Key signing only implies that the signer verified the identity of the key holder, i.e. that the key holder is the same person or organization that is identified in the key. It is not necessarily an indication that the key holder should be trusted in a general sense, only that the key holder is who they say (via the key) they are. The web of trust used by the Monkeysphere OpenSSH framework is based on the GNU Privacy Guard (GnuPG or GPG) implementation of the OpenPGP standard (RFC 4880).

There are levels of trust that a user can place on a particular signer privately in the user's GPG configuration. They can also issue a trust signature that specifies publicly what trust level they have for a particular signer. So, from the example above, if Adam has published a trust signature for Bonnie saying that she is fully trusted by him, and Clarisse fully trusts Adam (publicly or privately), she is likely to trust David's key. The number of signatures and trust levels required to fully trust a key are configurable by the user, allowing users to decide what their trust parameters are.

What Monkeysphere has done is to add some Perl around OpenSSH to manage keys, along with the known_hosts and authorized_keys files which normally live in the ~/.ssh directory. No modification to the OpenSSH client or server is required, though using Monkeysphere requires that all outbound connections go through the "monkeysphere ssh-proxycommand" command. On the server side, OpenSSH needs to be configured to use an alternate, Monkeysphere-managed AuthorizedKeysFile. The documentation page outlines the configuration needed for OpenSSH and GPG on the client or server sides.

For SSH, especially for sites with lots of hosts, it means that users or system administrators don't have to laboriously propagate keys into authorized_keys files on each new system. Instead, they can say that any key signed by their organization's key is trusted. Each user then has their key signed and can log in to any machine. Of course, ensuring that the organizational keys don't get lost, or fall into the wrong hands, is imperative.

While it is much more user-centric than a trusted authority mechanism, and does not require a separate secure channel for fingerprint exchange, a web of trust is no panacea. There are still issues with handling key revocations, especially if the user loses their key. A bigger problem may be getting a large enough web of trust, with enough trusted key signers, built such that users' keys, especially new users' keys, have a reasonable shot at being accepted.

The very user-centrism that makes a web of trust so intriguing to those who care about secure communications may in fact be one of its biggest downfalls. Non-technical users have shown very little inclination towards wanting any control over which keys they accept or decline. Someone faced with trying to decide who to trust, and at what level, along with how many different signatures/types they require is likely to throw up their hands in frustration. Non-technical users typically don't use SSH or encrypted email, but they may use other services, like SSL/TLS encrypted web traffic that might also benefit from a web of trust model.

LWN commenter dkg pointed to Monkeysphere (or similar techniques) as a possible solution for the problem of blindly trusting whatever CA root certificates a browser installs: "The more communications security is in the hands of the end users, with tools that are intelligible to end users, the more we can reject these abusive (or at least easily abused) centralized authorities." The italicized phrase is both the most important, and probably the hardest, part to get right.

Tools like Monkeysphere, and efforts like those of CAcert, are good starting points. How well those can translate into workable, user-friendly, user-centric authentication and key management mechanisms is an open question. While those of us who are technically inclined will be able to use a web of trust if desired, it would be nice one day if our parents, siblings, and others who aren't so technical could also stop relying on potentially corrupt organizations for their internet communication security. A web of trust may be a big step down that path.

Comments (38 posted)

Brief items

Debian to start deploying DNSSEC

The Debian system administrators (DSA) have announced that they will soon be deploying DNSSEC for selected Debian zones. "The plan is to introduce DNSSEC in several steps so that we can react to issues that arise without breaking everything at once. [...] We will start with serving signed debian.net and debian.com zones. Assuming nobody complains loudly enough the various reverse zones and finally the debian.org zone will follow. Once all our zones are signed we will publish our trust anchors in ISC's DLV Registry, again in stages. [...] The various child zones that are handled differently from our normal DNS infrastructure (mirror.debian.net, alioth, bugs, ftp, packages, security, volatile, www) will follow at a later date." (Thanks again to Paul Wise.)

Comments (11 posted)

Mark Cox: Red Hat's Top 11 Most Serious Flaw Types for 2009

Red Hat's director of security response, Mark Cox, has posted some information about which security flaw types were most prevalent in the security fixes made by Red Hat in 2009. He compares those fixes with the Top 25 Most Dangerous Programming Errors that were just published by MITRE and the SANS Institute. "This quick review shows us that 2009 was the year of the kernel NULL pointer dereference flaw, as they could allow local untrusted users to gain privileges, and several public exploits to do just that were released. For Red Hat, interactions with SELinux prevented them being able to be easily mitigated, until the end of the year when we provided updates. Now, in 2010, the upstream Linux kernel and many vendors ship with protections to prevent kernel NULL pointers leading to privilege escalation."

Comments (none posted)

New vulnerabilities

ajaxterm: denial of service

Package(s):	ajaxterm	CVE #(s):	CVE-2009-1629
Created:	February 12, 2010	Updated:	December 30, 2010
Description:	From the Debian advisory: It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.
Alerts:	Fedora FEDORA-2010-18867 2010-12-13 Debian DSA-1994-1 2010-02-11

Comments (none posted)

fetchmail: arbitrary code execution

Package(s):	fetchmail	CVE #(s):	CVE-2010-0562
Created:	February 16, 2010	Updated:	June 2, 2010
Description:	From the Mandriva advisory: The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.
Alerts:	Gentoo 201006-12 2010-06-01 Fedora FEDORA-2010-3800 2010-03-06 SuSE SUSE-SR:2010:005 2010-02-23 Mandriva MDVSA-2010:037 2010-02-16

Comments (none posted)

flash-plugin: information disclosure

Package(s):	flash-plugin	CVE #(s):	CVE-2010-0186 CVE-2010-0187 CVE-2010-0188
Created:	February 12, 2010	Updated:	January 21, 2011
Description:	From the Red Hat advisory: If a victim loaded a web page containing specially-crafted SWF content, it could cause Flash Player to perform unauthorized cross-domain requests, leading to the disclosure of sensitive data.
Alerts:	Gentoo 201101-09 2011-01-21 Gentoo 201009-05 2010-09-07 Red Hat RHSA-2010:0470-01 2010-06-14 SuSE SUSE-SR:2010:006 2010-03-15 Red Hat RHSA-2010:0103-01 2010-02-12 SuSE SUSE-SR:2010:004 2010-02-16 Red Hat RHSA-2010:0102-01 2010-02-12 Pardus 2010-37 2010-02-25 Red Hat RHSA-2010:0114-01 2010-02-18

Comments (none posted)

fwbuilder: symlink attack

Package(s):	fwbuilder	CVE #(s):
Created:	February 16, 2010	Updated:	February 17, 2010
Description:	From the Red Hat bugzilla: An insecure temporary file handling in the generated iptables script was found in fwbuilder. A local attacker could use this flaw to perform symlink attack against user running this script, which will result in overwrite of arbitrary file writable by this script.
Alerts:	Fedora FEDORA-2010-0157 2010-01-05 Fedora FEDORA-2010-0157 2010-01-05

Comments (none posted)

gnome-screensaver: lock bypass

Package(s):	gnome-screensaver	CVE #(s):	CVE-2010-0422
Created:	February 16, 2010	Updated:	March 8, 2010
Description:	From the Red Hat bugzilla: gnome-screensaver can lose its keyboard grab when locked, exposing the system to intrusion by adding and removing monitors.
Alerts:	Ubuntu USN-907-1 2010-03-08 Fedora FEDORA-2010-1855 2010-02-16 SuSE SUSE-SR:2010:004 2010-02-16

Comments (none posted)

kernel: several vulnerabilities

Package(s):	kernel	CVE #(s):	CVE-2010-0410 CVE-2010-0415
Created:	February 12, 2010	Updated:	October 8, 2010
Description:	From the Red Hat bugzilla: Sebastian Krahmer found a problem in the drivers/connector/connector.c code where users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. CVE-2010-0410 From the Red Hat bugzilla: Ramon de C. Valle spotted a problem in sys_move_pages, where "node" value is read from userspace, but not limited to the node set within the kernel itself. Due to the bit tests in mm/migrate.c:do_move_pages it is easy to read out the kernel memory (as node can also be negative). CVE-2010-0415
Alerts:	Mandriva MDVSA-2010:188 2010-09-23 Mandriva MDVSA-2010:198 2010-10-07 CentOS CESA-2010:0398 2010-05-28 Red Hat RHSA-2010:0398-01 2010-05-06 SuSE SUSE-SA:2010:023 2010-05-06 Mandriva MDVSA-2010:088 2010-04-30 SuSE SUSE-SA:2010:019 2010-03-30 Mandriva MDVSA-2010:066 2010-03-24 Red Hat RHSA-2010:0161-01 2010-03-23 SuSE SUSE-SA:2010:018 2010-03-22 CentOS CESA-2010:0147 2010-03-18 Red Hat RHSA-2010:0147-01 2010-03-16 Ubuntu USN-914-1 2010-03-17 SuSE SUSE-SA:2010:016 2010-03-08 SuSE SUSE-SA:2010:014 2010-03-03 Fedora FEDORA-2010-1804 2010-02-12 Pardus 2010-35 2010-02-25 Debian DSA-2003-1 2010-02-22 Fedora FEDORA-2010-1787 2010-02-12 Debian DSA-1996-1 2010-02-12 Debian DSA-2004-1 2010-02-27

Comments (none posted)

mod_security: multiple vulnerabilities

Package(s):	mod_security	CVE #(s):
Created:	February 16, 2010	Updated:	February 17, 2010
Description:	From the Red Hat bugzilla: Multiple security flaws, which might lead to bypass of intended security restrictions and denial of service, have been reported and fixed in ModSecurity.
Alerts:	Fedora FEDORA-2010-1903 2010-02-16 Fedora FEDORA-2010-1862 2010-02-16

Comments (none posted)

openoffice.org: buffer overflows

Package(s):	openoffice.org	CVE #(s):	CVE-2009-2140
Created:	February 11, 2010	Updated:	May 24, 2010
Description:	From the Mandriva alert: Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file.
Alerts:	Mandriva MDVSA-2010:105 2010-05-21 Mandriva MDVSA-2010:091 2010-05-04 Mandriva MDVSA-2010:056 2010-03-05 Mandriva MDVSA-2010:035 2010-02-11

Comments (none posted)

openoffice.org: multiple vulnerabilities

Package(s):	openoffice.org	CVE #(s):	CVE-2009-2949 CVE-2009-2950 CVE-2009-3301 CVE-2009-3302
Created:	February 12, 2010	Updated:	November 8, 2010
Description:	From the Red Hat advisory: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially-crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially-crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially-crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950)
Alerts:	Mandriva MDVSA-2010:221 2010-11-05 Pardus 2010-67 2010-06-04 SuSE SUSE-SA:2010:017 2010-03-16 CentOS CESA-2010:0101 2010-02-14 CentOS CESA-2010:0101 2010-02-14 Fedora FEDORA-2010-1941 2010-02-16 Fedora FEDORA-2010-1847 2010-02-16 Ubuntu USN-903-1 2010-02-24 Debian DSA-1995-1 2010-02-12 Red Hat RHSA-2010:0101-02 2010-02-12

Comments (none posted)

openoffice.org: insufficient macro security

Package(s):	openoffice.org	CVE #(s):	CVE-2010-0136
Created:	February 12, 2010	Updated:	November 8, 2010
Description:	From the Debian advisory: It was discovered that macro security settings were insufficiently enforced for VBA macros.
Alerts:	Mandriva MDVSA-2010:221 2010-11-05 SuSE SUSE-SA:2010:017 2010-03-16 Debian DSA-1995-1 2010-02-12 Ubuntu USN-903-1 2010-02-24

Comments (none posted)

otrs2: SQL injection vulnerability

Package(s):	otrs2	CVE #(s):	CVE-2010-0438
Created:	February 11, 2010	Updated:	August 2, 2010
Description:	From the Debian alert: It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2.
Alerts:	SUSE SUSE-SR:2010:014 2010-08-02 openSUSE openSUSE-SU-2010:0366-1 2010-07-13 Debian DSA-1993-1 2010-02-10

Comments (none posted)

postfix: insecure default configuration

Package(s):	postfix	CVE #(s):	CVE-2010-0230
Created:	February 15, 2010	Updated:	February 17, 2010
Description:	From the SUSE advisory: The value of SMTPD_LISTEN_REMOTE accidentally defaulted to 'yes'. The postfix smtp daemon therefore was reachable over the network by default. This update resets the value to 'no' in /etc/sysconfig/mail. If you intentionally want postfix to listen for remote connections you need to manually set it to 'yes' again.
Alerts:	SuSE SUSE-SA:2010:011 2010-02-15

Comments (none posted)

ruby: arbitrary code execution

Package(s):	ruby1.9	CVE #(s):	CVE-2009-4124
Created:	February 16, 2010	Updated:	February 17, 2010
Description:	From the Ubuntu advisory: Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges.
Alerts:	Ubuntu USN-900-1 2010-02-16

Comments (none posted)

samba: read/write access on protected files

Package(s):	samba	CVE #(s):
Created:	February 15, 2010	Updated:	February 17, 2010
Description:	From the Pardus advisory: The weakness is caused due to the insecure "wide links" option being enabled by default, which allows the creation of symlinks to directories placed outside a writable share. This can be exploited to gain read and write access to restricted directories with the privileges of the e.g. guest account user via directory traversal attacks. Successful exploitation without authentication requires that a public writable share is exported and that the option "wide links" is set to "yes" (default).
Alerts:	Pardus 2010-32 2010-02-14

Comments (none posted)

sun-java: arbitrary code execution

Package(s):	sun-jdk sun-jre	CVE #(s):
Created:	February 15, 2010	Updated:	February 17, 2010
Description:	From the Pardus advisory: The vulnerability is caused from package.py, postInstall script of sun-java package. It tries to create /opt/sun-jdk/jre/.systemPrefs directory with "os.makedirs()" function, however default permission of the directories created by os.makedirs() is 0777. This allows anyone to replace sun java binaries, which can be used to execute arbitrary code. NOTE: This vulnerability is Pardus specific.
Alerts:	Pardus 2010-31 2010-02-14

Comments (none posted)

tomcat6: multiple vulnerabilities

Package(s):	tomcat6	CVE #(s):	CVE-2009-2693 CVE-2009-2901 CVE-2009-2902
Created:	February 12, 2010	Updated:	March 30, 2011
Description:	From the Ubuntu advisory: It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted.
Alerts:	Debian DSA-2207-1 2011-03-30 Pardus 2011-38 2011-02-14 Mandriva MDVSA-2010:177 2010-09-12 Mandriva MDVSA-2010:176 2010-09-12 CentOS CESA-2010:0580 2010-08-03 Red Hat RHSA-2010:0582-01 2010-08-02 Red Hat RHSA-2010:0580-01 2010-08-02 SuSE SUSE-SR:2010:008 2010-04-07 Ubuntu USN-899-1 2010-02-11

Comments (none posted)

webmin: cross-site scripting

Package(s):	webmin	CVE #(s):	CVE-2009-4568
Created:	February 15, 2010	Updated:	February 17, 2010
Description:	From the Mandriva advisory: [...] a cross-site scripting issue which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (CVE-2009-4568).
Alerts:	Mandriva MDVSA-2010:036 2010-02-12

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>