User: Password:
|
|
Subscribe / Log in / New account

Security

Brief items

Domain Keys for email sender authentication

June 21, 2006

This article was contributed by Jake Edge.

Last week, this page described Sender Policy Framework (SPF) and some of its shortcomings. A different technique with similar goals is Domain Keys (DK) which appears to be gaining support. This week, DK will be examined along with the related Domain Keys Identified Mail (DKIM) proposal.

DK was proposed by Yahoo as a way to authenticate the sender of an email. Essentially, the email is signed using a public key cryptographic signature. A receiving Mail Transfer Agent (MTA) or Mail User Agent (MUA) can look up the public key in the DNS record for the sending domain and compute the signature. If it matches the entry in the DomainKey-Signature header, the email has been verified to have come from that domain.

The DK header can specify which other headers are signed and the email body is always included. The domain in the "From:" (or, in some cases, "Sender:") header must always match the domain in the DK header and that provides the linkage that verifies the sender. Because of the way the signature algorithm works, any modification to the signed parts will result in a signature mismatch -- this provides some email integrity protection.

Domains and subdomains will maintain public keys as TXT records in their DNS entries. DK uses a standard section of a domain's DNS space to contain the public keys for that domain. In addition, a selector is specified in the DK header which can be used to restrict keys to specific organizations and to revoke keys periodically. To retrieve a key, one queries for the TXT record associated with selector._domainkey.example.com.

DK has been adopted by two of the larger email providers: Yahoo and Gmail. Banks and other financial institutions are also starting to adopt it because it provides very good phishing protection for their customers. It allows customers the opportunity to verify that the mail is authentic. Unfortunately, the support for DK checking in MTAs and MUAs has not been widely deployed yet, but the early adopters appear to be betting that it will be.

There are several issues with DK, but they do not fundamentally break the store and forward nature of email as SPF does. The main problem is that users will need to use an SMTP server associated with the domain that they are sending from or their MUA will need to generate a DK signature using a personal private key (that is listed appropriately in the domain's DNS). Another issue is that the signing of the body only works if the body is not modified after the signing. Unfortunately some mailing lists and other software (virus scanners for example) tack on a few lines to the body and this will cause the signature check to fail.

A potentially bigger problem is that DK is covered by patents held by Yahoo. Microsoft's Sender ID proposal never gained any traction in the free software world because of patent issues, but it appears that Yahoo's liberal licensing terms have removed that issue, at least for free software. Yahoo licenses the patents under either the GPL or their own license agreement. A patent peace provision and a notice that acknowledges Yahoo's intellectual property are all that are required for those who do not wish to license under the GPL.

Shortly after Yahoo released the Domain Keys specification, Cisco proposed Identified Internet Email. The two are similar in many respects and have since been merged into a proposal called Domain Keys Identified Mail (DKIM). The IETF has formed a DKIM working group that plans to guide the proposal towards adoption as an internet standard. Depending on whose opinion you believe, that could happen within the next year or two. It remains to be seen whether there is widespread adoption and conversion from Domain Keys if and when DKIM becomes a standard.

Comments (11 posted)

New vulnerabilities

aRts: privilege escalation

Package(s):arts CVE #(s):CVE-2006-2916
Created:June 16, 2006 Updated:June 28, 2006
Description: artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
Alerts:
Slackware SSA:2006-178-03 arts 2006-06-28
Gentoo 200606-22 aRts 2006-06-22
Mandriva MDKSA-2006:107 arts 2006-06-20
rPath rPSA-2006-0105-1 arts 2006-06-15

Comments (none posted)

asterisk: buffer overflow

Package(s):asterisk CVE #(s):CVE-2006-2898
Created:June 15, 2006 Updated:July 27, 2006
Description: The Asterisk PBX application has a buffer overflow vulnerability in the IAX2 channel driver that can be used for the remote execution of arbitrary code.
Alerts:
Debian DSA-1126-1 asterisk 2006-07-27
Gentoo 200606-15 asterisk 2006-06-14

Comments (none posted)

dokuwiki: PHP code injection

Package(s):dokuwiki CVE #(s):CVE-2006-2878
Created:June 15, 2006 Updated:June 21, 2006
Description: The DokuWiki spell checker has a PHP code injection vulnerability, arbitrary PHP commands can be executed without proper authentication.
Alerts:
Gentoo 200606-16 dokuwiki 2006-06-14

Comments (none posted)

gnupg: remote denial of service

Package(s):gnupg CVE #(s):CVE-2006-3082
Created:June 21, 2006 Updated:July 28, 2006
Description: A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length.
Alerts:
SuSE SUSE-SR:2006:018 gpg2 2006-07-28
Debian DSA-1115-1 gnupg2 2006-07-21
Debian DSA-1107-1 gnupg 2006-07-10
Fedora FEDORA-2006-757 gnupg 2006-06-30
Fedora FEDORA-2006-755 gnupg 2006-06-30
SuSE SUSE-SR:2006:015 wv2, perl-Crypt-CBC, arts, dhcdbd, gpg, asterisk 2006-06-30
rPath rPSA-2006-0120-1 gnupg 2006-06-29
Slackware SSA:2006-178-02 gnupg 2006-06-28
Ubuntu USN-304-1 gnupg 2006-06-26
OpenPKG OpenPKG-SA-2006.010 gnupg 2006-06-26
Mandriva MDKSA-2006:110 gnupg 2006-06-20

Comments (1 posted)

horde: missing input sanitizing

Package(s):horde CVE #(s):CVE-2006-2195
Created:June 15, 2006 Updated:June 29, 2006
Description: The Horde3 web application framework does not perform sufficient input sanitizing, allowing the possible injection of web script code through a cross-site scripting attack.
Alerts:
Gentoo 200606-28 horde 2006-06-29
Debian DSA-1099-1 horde2 2006-06-14
Debian DSA-1098-1 horde3 2006-06-14

Comments (none posted)

kdebase: privilege escalation

Package(s):kdebase CVE #(s):CVE-2006-2449
Created:June 15, 2006 Updated:August 28, 2006
Description: The KDE Display Manager(KDM) is vulnerable to a local symlink attack. A local user can use this to read arbitrary files that they do not have permission to access. See this KDE advisory for more information.
Alerts:
Fedora FEDORA-2006-942 kdebase 2006-08-28
Debian DSA-1156-1 kdebase 2006-08-27
Red Hat RHSA-2006:0576-01 kdebase 2006-07-25
SuSE SUSE-SA:2006:039 kdebase3-kdm 2006-07-03
Slackware SSA:2006-178-01 kdebase 2006-06-28
Gentoo 200606-23 kdm 2006-06-22
Fedora FEDORA-2006-726 kdebase 2006-06-19
Fedora FEDORA-2006-725 kdebase 2006-06-19
Mandriva MDKSA-2006:106 mdkkdm 2006-06-15
Mandriva MDKSA-2006:105 kdebase 2006-06-15
rPath rPSA-2006-0106-1 kdebase 2006-06-15
Ubuntu USN-301-1 kdebase 2006-06-14
Red Hat RHSA-2006:0548-01 kdebase 2006-06-14

Comments (none posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CVE-2006-2193
Created:June 15, 2006 Updated:September 1, 2008
Description: The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters in the DocumentName tag to overflow a buffer, causing a denial of service, and possibly the execution of arbitrary code.
Alerts:
CentOS CESA-2008:0848 libtiff 2008-08-30
Red Hat RHSA-2008:0848-01 libtiff 2008-08-28
Fedora FEDORA-2006-952 libtiff 2006-09-05
SuSE SUSE-SA:2006:044 libtiff 2006-08-01
Gentoo 200607-03 tiff 2006-07-09
SuSE SUSE-SR:2006:014 tiff, snort, xine-lib 2006-06-20
Trustix TSLSA-2006-0036 fcron, libtiff 2006-06-16
Mandriva MDKSA-2006:102 libtiff 2006-06-14

Comments (none posted)

pam_mysql: multiple vulnerabilities

Package(s):pam_mysql CVE #(s):
Created:June 15, 2006 Updated:June 21, 2006
Description: PAM-MySQL has multiple vulnerabilities involving the handling of pam_get_item() results and other unspecified issues, this can be used for a denial of service attack, users can be prevented from logging in.
Alerts:
Gentoo 200606-18 pam_mysql 2006-06-15

Comments (none posted)

sendmail: denial of service

Package(s):sendmail CVE #(s):CVE-2006-1173
Created:June 15, 2006 Updated:November 1, 2006
Description: Sendmail has a vulnerability in the way it handles multi-part MIME messages. A remote attacker can create a specially crafted email message that can be used to crash the sendmail process, causing a denial of service.
Alerts:
Fedora-Legacy FLSA:195418 sendmail 2006-10-29
Debian DSA-1155-2 sendmail 2006-08-24
Debian DSA-1155-1 sendmail 2006-08-24
rPath rPSA-2006-0134-1 sendmail 2006-07-21
Fedora FEDORA-2006-837 sendmail 2006-07-18
Fedora FEDORA-2006-836 sendmail 2006-07-18
Gentoo 200606-19 sendmail 2006-06-15
SuSE SUSE-SA:2006:032 sendmail 2006-06-14
Slackware SSA:2006-166-01 sendmail 2006-06-15
Red Hat RHSA-2006:0515-01 sendmail 2006-06-14
Mandriva MDKSA-2006:104 sendmail 2006-06-14

Comments (none posted)

wv2: integer overflow

Package(s):wv2 CVE #(s):CVE-2006-2197
Created:June 15, 2006 Updated:June 23, 2006
Description: The wv2 library, which is used to access Microsoft Word documents, has a boundary checking error that can be used to create an integer overflow when processing word files.
Alerts:
Gentoo 200606-24 wv2 2006-06-23
Mandriva MDKSA-2006:109 wv2 2006-06-20
Ubuntu USN-300-1 wv2 2006-06-14
Debian DSA-1100-1 wv2 2006-06-15

Comments (none posted)

Page editor: Rebecca Sobol
Next page: Kernel development>>


Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds