Security
Rainbow tables for password cracking
An announcement about a new site offering free 'rainbow tables' on the bugtraq mailing list sparked our interest; what are these tables and what can they be used for? It turns out that rainbow tables are the result of pre-computing various one-way hash functions to facilitate decrypting them. In effect, the right set of tables makes a one-way hash function reversible for certain inputs and the inputs of interest are passwords.
Many applications use one-way hash functions (such as MD5 or SHA1) to store passwords because they hide the password value from prying eyes, but it is easy to compare hashed passwords when a user logs in. This relies on the fact that it is difficult to reverse the hash function and produce the original password, but the application can just apply the hash function to the password presented and compare the output to the stored hash. Operating systems, database management systems, web and other applications often use this method to store their users' passwords.
For those that might want to crack a password, a straightforward, but very time consuming method would be to brute force it. Generate the hashed values for each string in the password search space and compare it to the hashed value of interest; when they match, the password is cracked. If one needed to crack passwords regularly, it might make sense to store the password to hash mappings so that it would just take a lookup to find any previously cracked password. The storage requirements of that kind of table, for any plausible set of potential passwords (say 1-8 alphanumeric characters) are huge. Rainbow tables are a way to reduce the storage requirements substantially while still preserving much of the speed benefits of using a lookup table.
To create a rainbow table, you must first come up with a reduction function that takes a hash as input and maps it to a password in the search space. You then start with a password and repeatedly hash and reduce it several thousand times creating a chain of passwords. You discard all but the first and last password and store that pair. To reverse a particular hash value, you reduce the hash value and look for that password as the end of one of the chains. If you do not find it, then you hash and reduce again. Once you find a matching end of the chain, you use the first password to recreate the chain and the cracked password is the second to last in the chain.
This ingenious scheme comes from a paper presented at the CRYPTO 2003 conference. The paper is a bit dense if you are unfamiliar with the references cited, so the author has a simplified explanation as well.
Rainbow tables are specific to a particular hash algorithm and password search space and that is where the free rainbow tables site comes in handy. There are currently two tables available there, one for MD5 and one for the older Windows DES-based password algorithm. The MD5 version is 36Gb in size and will crack 99.9% of lowercase alphanumeric passwords that are eight characters or less in length. The site also has links to other sites with tables as well as to the Project RainbowCrack site which has source for various programs to generate and use the tables.
The best defense against rainbow tables is 'salt', which has been a part of UNIX passwords since near the beginning of time (UNIX epoch time anyway). Salt is a random string that is added to the password before hashing it and then stored with the password. Linux MD5 passwords store the salt between two dollar signs in the password field in /etc/shadow. This random string effectively multiplies the number of tables required to do a dictionary lookup by the number of individual salt values available. Even just eight bits of salt (and Linux uses much more than that) would require nine terabytes of rainbow table.
While this technique is not particularly effective at recovering OS passwords (at least on Linux), there are quite a number of web applications that store straight MD5 passwords without any salt (and some, sadly, store plaintext passwords). Other applications may do that as well. If the password hashes become exposed via a SQL injection or other flaw, rainbow tables could be just the ticket to breaking into those systems.
New vulnerabilities
imlib2: arbitrary code execution
| Package(s): | imlib2 | CVE #(s): | CVE-2006-4806 CVE-2006-4807 CVE-2006-4808 CVE-2006-4809 | ||||||||||||||||||||||||||||
| Created: | November 6, 2006 | Updated: | August 13, 2007 | ||||||||||||||||||||||||||||
| Description: | M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
ingo1: missing input sanitizing
| Package(s): | ingo1 | CVE #(s): | CVE-2006-5449 | ||||||||
| Created: | November 3, 2006 | Updated: | November 27, 2006 | ||||||||
| Description: | It was discovered that the Ingo email filter rules manager performs insufficient escaping of user-provided data in created procmail rules files, which allows the execution of arbitrary shell commands. | ||||||||||
| Alerts: |
| ||||||||||
kernel: denial of service
| Package(s): | kernel | CVE #(s): | CVE-2006-4572 CVE-2006-4997 | ||||||||||||||||||||
| Created: | November 6, 2006 | Updated: | January 17, 2007 | ||||||||||||||||||||
| Description: | Some vulnerabilities were discovered in the Linux 2.6 kernel:
There are possibly exploitable bugs in the netfilter for IPv6 code. (CVE-2006-4572) The ATM subsystem of the Linux kernel could allow a remote attacker to cause a Denial of Service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed. (CVE-2006-4997) | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
libpam-ldap: insecure password control
| Package(s): | libpam-ldap | CVE #(s): | CVE-2006-5170 | ||||||||||||||||||||||||
| Created: | November 3, 2006 | Updated: | December 21, 2006 | ||||||||||||||||||||||||
| Description: | Steve Rigler discovered that the PAM module for authentication against LDAP servers processes PasswordPolicyReponse control messages incorrectly, which might lead to an attacker being able to login into a suspended system account. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
libX11: file descriptor leak
| Package(s): | libX11 | CVE #(s): | CVE-2006-5397 | ||||
| Created: | November 7, 2006 | Updated: | November 8, 2006 | ||||
| Description: | The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. | ||||||
| Alerts: |
| ||||||
Mozilla products: multiple vulnerabilities
| Package(s): | thunderbird firefox seamonkey | CVE #(s): | CVE-2006-5463 CVE-2006-5747 CVE-2006-5748 CVE-2006-5464 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 8, 2006 | Updated: | December 11, 2006 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Numerous vulnerabilities have been found in the Mozilla JavaScript and HTML rendering code, leading to possible remote code execution attacks. This CERT advisory contains details. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
openssh: privilege separation issue
| Package(s): | openssh | CVE #(s): | CVE-2006-5794 | ||||||||||||||||||||||||||||||||||||
| Created: | November 8, 2006 | Updated: | April 5, 2007 | ||||||||||||||||||||||||||||||||||||
| Description: | From the OpenSSH 4.5 announcement: "Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. This bug is not known to be exploitable in the absence of additional vulnerabilities." | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
php: buffer overflows
| Package(s): | php | CVE #(s): | CVE-2006-5465 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 3, 2006 | Updated: | January 18, 2010 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used) | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
postgresql: several vulnerabilities
| Package(s): | postgresql-8.1 | CVE #(s): | CVE-2006-5540 CVE-2006-5541 CVE-2006-5542 | ||||
| Created: | November 3, 2006 | Updated: | November 8, 2006 | ||||
| Description: | Michael Fuhr discovered an incorrect type check when handling unknown
literals. By attempting to coerce such a literal to the ANYARRAY type, a
local authenticated attacker could cause a server crash. (CVE-2006-5541)
Josh Drake and Alvaro Herrera reported a crash when using aggregate functions in UPDATE statements. A local authenticated attacker could exploit this to crash the server backend. This update disables this construct, since it is not very well defined and forbidden by the SQL standard. (CVE-2006-5540) Sergey Koposov discovered a flaw in the duration logging. This could cause a server crash under certain circumstances. (CVE-2006-5542) | ||||||
| Alerts: |
| ||||||
rpm: arbitrary code execution
| Package(s): | rpm | CVE #(s): | CVE-2006-5466 | ||||||||||||||||
| Created: | November 6, 2006 | Updated: | August 28, 2007 | ||||||||||||||||
| Description: | An error was found in the RPM library's handling of query reports. In some locales, certain RPM packages would cause the library to crash. If a user was tricked into querying a specially crafted RPM package, the flaw could be exploited to execute arbitrary code with the user's privileges. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
texinfo: buffer overflow
| Package(s): | texinfo | CVE #(s): | CVE-2006-4810 | ||||||||||||||||||||||||||||||||||||
| Created: | November 8, 2006 | Updated: | November 27, 2006 | ||||||||||||||||||||||||||||||||||||
| Description: | Texinfo contains a buffer overflow which could be exploited (via a specially-crafted info file) to run arbitrary code. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
thttpd: insecure temporary files
| Package(s): | thttpd | CVE #(s): | CVE-2006-4248 | ||||||||
| Created: | November 3, 2006 | Updated: | December 1, 2006 | ||||||||
| Description: | Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. | ||||||||||
| Alerts: |
| ||||||||||
wireshark: multiple vulnerabilities
| Package(s): | wireshark ethereal | CVE #(s): | CVE-2006-4574 CVE-2006-4805 CVE-2006-5468 CVE-2006-5469 CVE-2006-5740 | ||||||||||||||||||||||||||||
| Created: | November 3, 2006 | Updated: | November 14, 2006 | ||||||||||||||||||||||||||||
| Description: | There are multiple vulnerabilities in Wireshark (formerly Ethereal):
| ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
wv: integer overflow
| Package(s): | wv | CVE #(s): | CVE-2006-4513 | ||||||||||||
| Created: | November 2, 2006 | Updated: | December 7, 2006 | ||||||||||||
| Description: | The wv library has an integer overflow vulnerability in the DOC file parser. If a user can be tricked into opening a maliciously crafted MSWord file, a remote attacker can execute arbitrary code with the privileges of the user. | ||||||||||||||
| Alerts: |
| ||||||||||||||
Page editor: Jonathan Corbet
Next page:
Kernel development>>