User: Password:
|
|
Subscribe / Log in / New account

Security

Fingerprint recognition using fprint

By Jake Edge
November 21, 2007

Fingerprint scanners are becoming more commonplace, especially on laptops, to add a layer of biometric authentication. Linux support for these devices has been somewhat varied, with each scanner model supported by its own driver and API, or not supported at all. In addition, a number of the drivers are closed source; something that should worry anyone installing security software. The fprint project aims to change that by providing a standardized API for as many different scanners as it can.

Born out of a Computer Science academic project for founder Daniel Drake, fprint was released this month under the LGPL. Unlike other scanner projects, fprint is not targeted at a specific device, it supports quite a few using a half-dozen or so different drivers. The drivers, as the name would imply, handle the low-level details of talking to the devices using libusb.

Fingerprint scanners all work differently; some process the image of the print internally, while others present the image to the driver. In order to have a standard API, regardless of the scanner used, the libfprint library handles those differences internally. If required, it uses image processing code from the US National Institute of Standards and Technology that is specifically designed for fingerprint matching.

In order to use fingerprints for authentication, there must be a training or enrollment mode where the scanned fingerprint is stored away for later use. Once that has been done, fingerprints can be verified for a particular user. fprint does not yet support identification mode, where an unknown finger is scanned and a database of stored prints is checked for a match. The current code requires a username or other identifier, comparing the print stored for that user with the one scanned.

Because it handles multiple devices, there could be occasions where there is a print stored for a particular user, but it was scanned with a different device. Some fprint drivers can handle multiple similar scanners, so it distinguishes between them using a device type assigned by the driver. It tags each stored print with the driver ID as well as the device type. To be comparable, the prints must have come from the same driver with the same device type.

Application writers do not want to have to interface to multiple different library APIs to support fingerprint authentication. The libfprint API provides a single interface for applications. All phases of dealing with the scanners are available through the API: device discovery, print enrollment, print discovery, and verification. In addition, pam_fprint has integrated with Pluggable Authentication Modules (PAM) to handle logging in via fingerprint instead of password.

There are other projects out there solving similar problems, but none seems to have taken the big picture view that fprint has. The Debian FingerForce team has gathered a list of Linux fingerprint scanning solutions, most of which are specific to a particular scanner or family of scanners. BioAPI also tries to abstract away the specifics of biometric authentication, but it is not a free standard.

By trying to support as many scanners as they can, while providing a generic interface, fprint seems to have the right approach to fingerprint authentication. There is still plenty to be worked on, fingerprint data is currently stored unencrypted for example, but the approach seems sound. For anyone with a scanner on their laptop, or a USB version that they carry around, applications supporting fprint will be very welcome. Anyone creating software that is interested in supporting fingerprint authentication, will definitely want to give fprint a look.

Comments (18 posted)

Brief items

Wordpress Cookie Authentication Vulnerability

A Wordpress cookie vulnerability exploit is floating around in the wild according to the advisory (Full Story link below). Anyone who has (or can get) access to the wp_users table can authenticate as any user, including the administrative user. Passwords are stored in the table as MD5 hashes, but the cookies contain the MD5 of that value (i.e. a double MD5 of the password). Attackers just need to provide the MD5 of the value they find in the database in a cookie to be authenticated as that user. There is no patch and there are no very satisfactory workarounds other than changing every user password and ensuring that no one can access the database after that.

Full Story (comments: 22)

Schneier: The Strange Story of Dual_EC_DRBG

Bruce Schneier has posted an interesting look at a U.S. random number generator standard. "What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

Comments (4 posted)

Google as a password cracker (Light Blue Touchpaper)

Light Blue Touchpaper covers a somewhat surprising use of Google to crack Wordpress passwords. Other passwords stored as hashed values without salt would also be vulnerable to this kind of search. "Instead, I asked Google. I found, for example, a genealogy page listing people with the surname 'Anthony', and an advert for a house, signing off 'Please Call for showing. Thank you, Anthony'. And indeed, the MD5 hash of 'Anthony' was the database entry for the attacker. I had discovered his password."

Comments (6 posted)

New vulnerabilities

apache2: denial of service

Package(s):apache2 CVE #(s):CVE-2007-1863
Created:November 19, 2007 Updated:February 18, 2008
Description:

From the CVE entry:

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

Alerts:
Fedora FEDORA-2008-1711 httpd 2008-02-15
SuSE SUSE-SA:2007:061 apache2 2007-11-19

Comments (1 posted)

bochs: denial of service

Package(s):bochs CVE #(s):CVE-2007-2894
Created:November 19, 2007 Updated:November 21, 2007
Description:

From the CVE entry:

The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.

Alerts:
Gentoo 200711-21 bochs 2007-11-17

Comments (none posted)

mailman: error log spoof

Package(s):mailman CVE #(s):CVE-2006-4624
Created:November 15, 2007 Updated:November 21, 2007
Description: The Mailman mailing list manager is vulnerable to log file spoofing. A remote attacker can insert carriage return/line feed sequences, causing invalid error log messages to be recorded. This makes it possible to trick the administrator into visiting malicious URLs.
Alerts:
Red Hat RHSA-2007:0779-02 mailman 2007-11-15

Comments (1 posted)

MySQL: denial of service

Package(s):mysql CVE #(s):CVE-2007-5925
Created:November 19, 2007 Updated:February 8, 2008
Description:

From the CVE entry:

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Alerts:
Ubuntu USN-1397-1 mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 2012-03-12
SuSE SUSE-SR:2008:003 java, nss_ldap, cairo, geronimo, moodle, SDL_image, python, mysql, nx, xemacs 2008-02-07
Ubuntu USN-559-1 mysql-dfsg-5.0 2007-12-21
Red Hat RHSA-2007:1157-01 mysql 2007-12-19
Fedora FEDORA-2007-4471 mysql 2007-12-15
Mandriva MDKSA-2007:243 MySQL 2007-12-10
Fedora FEDORA-2007-4465 mysql 2007-12-15
Red Hat RHSA-2007:1155-01 mysql 2007-12-18
Gentoo 200711-25 mysql 2007-11-18
Debian DSA-1413-1 mysql-dfsg 2007-11-26

Comments (none posted)

net-snmp: denial of service

Package(s):net-snmp CVE #(s):CVE-2007-5846
Created:November 16, 2007 Updated:February 7, 2008
Description: A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service.
Alerts:
Debian DSA-1483-1 net-snmp 2008-02-06
Ubuntu USN-564-1 net-snmp 2008-01-09
SuSE SUSE-SR:2007:025 net-snmp, htdig, e2fsprogs, nagios-plugins, libpng, emacs, rubygem-actionpack, gnump3d, glib2 2007-12-05
Gentoo 200711-31 net-snmp 2007-11-20
Mandriva MDKSA-2007:225 net-snmp 2007-11-19
Red Hat RHSA-2007:1045-01 net-snmp 2007-11-15
Fedora FEDORA-2007-3019 net-snmp 2007-11-20

Comments (none posted)

openssh: log file corruption

Package(s):openssh CVE #(s):CVE-2007-3102
Created:November 15, 2007 Updated:November 21, 2007
Description: The ssh server can incorrectly write account names to the audit subsystem. A remote attacker can inject strings with parts of audit messages in order to corrupt logs. This can mislead administrators and confuse log parsing tools.
Alerts:
Red Hat RHSA-2007:0703-02 openssh 2007-11-15
Red Hat RHSA-2007:0737-02 pam 2007-11-15

Comments (1 posted)

pcre: CVE consolidation

Package(s):pcre CVE #(s):CVE-2005-4872 CVE-2006-7227 CVE-2006-7224
Created:November 15, 2007 Updated:May 13, 2008
Description: PCRE has flaws in the way it handles malformed regular expressions. If an application linked against PCRE, such as Konqueror, encounters a maliciously created regular expression, it may be possible to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227 have been combined into CVE-2006-7224.
Alerts:
Gentoo 200805-11 chicken 2008-05-12
Debian DSA-1570-1 kazehakase 2008-05-06
Mandriva MDVSA-2008:030 pcre 2008-01-31
SuSE SUSE-SA:2008:004 php4, php5 2008-01-29
Gentoo 200711-30 libpcre 2007-11-20
SuSE SUSE-SA:2007:062 pcre 2007-11-23
Red Hat RHSA-2007:1052-02 pcre 2007-11-15

Comments (5 posted)

php5: multiple vulnerabilities

Package(s):php5 CVE #(s):CVE-2007-4783 CVE-2007-4840 CVE-2007-5898 CVE-2007-5899 CVE-2007-5900
Created:November 20, 2007 Updated:January 18, 2010
Description: The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code.
Alerts:
Mandriva MDVSA-2010:007 php 2010-01-15
Ubuntu USN-720-1 php5 2009-02-12
Ubuntu USN-628-1 php5 2008-07-23
CentOS CESA-2008:0545 php 2008-07-16
CentOS CESA-2008:0544 PHP 2008-07-16
Red Hat RHSA-2008:0545-01 php 2008-07-16
Red Hat RHSA-2008:0546-01 PHP 2008-07-16
Red Hat RHSA-2008:0544-01 PHP 2008-07-16
Red Hat RHSA-2008:0582-01 PHP 2008-07-22
Mandriva MDVSA-2008:127 php 2008-07-03
Mandriva MDVSA-2008:125 php 2008-07-03
Mandriva MDVSA-2008:126 php 2007-07-03
Red Hat RHSA-2008:0505-01 RH Application Stack 2008-07-02
Fedora FEDORA-2008-3606 php 2008-06-20
Fedora FEDORA-2008-3864 php 2008-06-20
SuSE SUSE-SA:2008:004 php4, php5 2008-01-29
Debian DSA-1444-2 php5 2008-01-23
Debian DSA-1444-1 php5 2008-01-03
Ubuntu USN-549-2 php5 2007-12-03
rPath rPSA-2007-0242-1 php5 2007-11-19
Ubuntu USN-549-1 php5 2007-11-29

Comments (none posted)

php-pear-MDB2: URL injection

Package(s):php-pear-MDB2-Driver-mysql CVE #(s):CVE-2007-5934
Created:November 16, 2007 Updated:December 10, 2007
Description: The PEAR MDB2 in versions prior to 2.5.0a1 can interpret a request to store a URL string as a request to retrieve and store the contents of the URL. This can allow remote attackers to obtain information by inserting a URL in a form field in an MDB2 application.
Alerts:
Gentoo 200712-05 PEAR-MDB2 2007-12-09
Fedora FEDORA-2007-3376 php-pear-MDB2-Driver-mysqli 2007-11-15
Fedora FEDORA-2007-3369 php-pear-MDB2-Driver-mysql 2007-11-15

Comments (none posted)

pioneers: denial of service

Package(s):pioneers CVE #(s):CVE-2007-5933
Created:November 15, 2007 Updated:November 30, 2007
Description: Bas Wijnen discovered a vulnerability in the Pioneers server. Sessions objects may be freed while in use, allowing unauthorized memory access. A remote attacker can use this to cause a denial of service.
Alerts:
Gentoo 200711-20:04 pioneers 2007-11-14
Gentoo 200711-20 pioneers 2007-11-14

Comments (none posted)

rails: multiple vulnerabilities

Package(s):rails CVE #(s):CVE-2007-5380 CVE-2007-3227 CVE-2007-5379
Created:November 15, 2007 Updated:December 21, 2009
Description: Ruby on Rails has the following vulnerabilities: ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.

The session_id can be set from the URL from the session management.

The to_json() function does not properly sanitize input before it is returned to the user.

Alerts:
Gentoo 200912-02 rails 2009-12-20
SuSE SUSE-SR:2007:025 net-snmp, htdig, e2fsprogs, nagios-plugins, libpng, emacs, rubygem-actionpack, gnump3d, glib2 2007-12-05
SuSE SUSE-SR:2007:024 cacti, openldap2, phpPgAdmin, ruby, perl, rubygem-activesupport, yast2-core, librpcsecgss, liblcms 2007-11-22
Gentoo 200711-17 rails 2007-11-14

Comments (none posted)

samba: buffer overflow

Package(s):samba CVE #(s):CVE-2007-5398
Created:November 15, 2007 Updated:December 3, 2008
Description: Samba's mechanism for creating NetBIOS replies is vulnerable to a buffer overflow. Samba servers that are configured to run as a WINS server can be crashed by a remote unauthenticated user, execution of arbitrary code may also be possible.
Alerts:
Fedora FEDORA-2008-10638 samba 2008-12-02
Gentoo 200711-29 samba 2007-11-20
Mandriva MDKSA-2007:224-2 samba 2007-11-23
Debian DSA-1409-2 samba 2007-11-26
Debian DSA-1409-1 samba 2007-11-22
Fedora FEDORA-2007-751 samba 2007-11-21
Ubuntu USN-544-2 USN-544-1 fixed two 2007-11-16
Mandriva MDKSA-2007:224 samba 2007-11-17
Fedora FEDORA-2007-3403 samba 2007-11-16
Fedora FEDORA-2007-3402 samba 2007-11-16
Red Hat RHSA-2007:1013-01 samba 2007-11-15
Gentoo GLSA 200711-29:02 samba 2007-11-20
SuSE SUSE-SA:2007:065 samba 2007-12-05
Mandriva MDKSA-2007:224-3 samba 2007-11-29
Debian DSA-1409-3 samba 2007-11-29
Mandriva MDKSA-2007:224-1 samba 2007-11-21
Slackware SSA:2007-320-01 samba 2007-11-19
rPath rPSA-2007-0241-1 samba 2007-11-16
Ubuntu USN-544-1 samba 2007-11-16
Red Hat RHSA-2007:1017-01 samba 2007-11-15
Red Hat RHSA-2007:1016-01 samba 2007-11-15

Comments (none posted)

samba: buffer overflow

Package(s):samba CVE #(s):CVE-2007-4572
Created:November 15, 2007 Updated:December 3, 2008
Description: The Samba user authentication is vulnerable to a heap-based buffer overflow. Remote unauthenticated users can use this to crash the Samba server and cause a denial of service.
Alerts:
Fedora FEDORA-2008-10638 samba 2008-12-02
Ubuntu USN-617-2 samba 2008-06-30
Ubuntu USN-617-1 samba 2008-06-17
Red Hat RHSA-2007:1114-01 samba 2007-12-10
Fedora FEDORA-2007-760 samba 2007-12-03
Debian DSA-1409-3 samba 2007-11-29
Gentoo 200711-29 samba 2007-11-20
Mandriva MDKSA-2007:224-2 samba 2007-11-23
Debian DSA-1409-1 samba 2007-11-22
Mandriva MDKSA-2007:224-1 samba 2007-11-21
Ubuntu USN-544-2 USN-544-1 fixed two 2007-11-16
Fedora FEDORA-2007-3403 samba 2007-11-16
Fedora FEDORA-2007-3402 samba 2007-11-16
SuSE SUSE-SA:2007:065 samba 2007-12-05
Mandriva MDKSA-2007:224-3 samba 2007-11-29
Debian DSA-1409-2 samba 2007-11-26
Fedora FEDORA-2007-751 samba 2007-11-21
Slackware SSA:2007-320-01 samba 2007-11-19
rPath rPSA-2007-0241-1 samba 2007-11-16
Mandriva MDKSA-2007:224 samba 2007-11-17
Ubuntu USN-544-1 samba 2007-11-16
Red Hat RHSA-2007:1017-01 samba 2007-11-15
Red Hat RHSA-2007:1016-01 samba 2007-11-15
Red Hat RHSA-2007:1013-01 samba 2007-11-15

Comments (none posted)

teTeX: multiple vulnerabilities

Package(s):tetex CVE #(s):CVE-2007-5937 CVE-2007-5936 CVE-2007-5935
Created:November 19, 2007 Updated:May 10, 2010
Description:

From the Gentoo advisory:

Joachim Schrod discovered several buffer overflow vulnerabilities and an insecure temporary file creation in the "dvilj" application that is used by dvips to convert DVI files to printer formats (CVE-2007-5937, CVE-2007-5936). Bastien Roucaries reported that the "dvips" application is vulnerable to two stack-based buffer overflows when processing DVI documents with long \href{} URIs (CVE-2007-5935). teTeX also includes code from Xpdf that is vulnerable to a memory corruption and two heap-based buffer overflows (GLSA 200711-22); and it contains code from T1Lib that is vulnerable to a buffer overflow when processing an overly long font filename (GLSA 200710-12).

Alerts:
CentOS CESA-2010:0399 tetex 2010-05-08
CentOS CESA-2010:0401 tetex 2010-05-08
Red Hat RHSA-2010:0401-01 tetex 2010-05-06
Red Hat RHSA-2010:0399-01 tetex 2010-05-06
SuSE SUSE-SR:2008:011 rsync, MozillaFirefox, poppler, nagios, lighttpd, sarg, squid, bzip2, kdelibs3, texlive-bin, kdelibs4, Sun Java 2008-05-09
Foresight FLEA-2008-0006-1 tetex 2008-02-11
SuSE SUSE-SR:2008:001 libexiv2 dvips libsndfile squid rsync clamav xen 2008-01-09
rPath rPSA-2007-0266-1 tetex 2007-12-17
Ubuntu USN-554-1 tetex-bin, texlive-bin 2007-12-06
Fedora FEDORA-2007-3308 tetex 2007-11-20
Fedora FEDORA-2007-3390 tetex 2007-11-20
Mandriva MDKSA-2007:230 tetex 2007-11-20
Gentoo 200711-26 tetex 2007-11-18

Comments (none posted)

tomcat: arbitrary file disclosure via path traversal

Package(s):tomcat5 CVE #(s):CVE-2007-5461
Created:November 19, 2007 Updated:February 17, 2009
Description:

From the CVE entry:

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Alerts:
SuSE SUSE-SR:2009:004 apache, audacity, dovecot, libtiff-devel, libvirt, mediawiki, netatalk, novell-ipsec-tools,opensc, perl, phpPgAdmin, sbl, sblim-sfcb, squirrelmail, swfdec, tomcat5, virtualbox, websphere-as_ce, wine, xine-devel 2009-02-17
Red Hat RHSA-2008:0862-02 tomcat 2008-10-02
Fedora FEDORA-2008-8130 tomcat5 2008-09-16
Red Hat RHSA-2008:0195-01 tomcat 2008-04-28
Gentoo 200804-10 tomcat 2008-04-10
Red Hat RHSA-2008:0042-01 tomcat 2008-03-11
SuSE SUSE-SR:2008:005 acroread, asterisk, cacti, compat-openssl097g, icu, libcdio, wireshark/ethereal, Jakarta, perl-tk 2008-03-06
Fedora FEDORA-2008-1603 tomcat5 2008-02-13
Fedora FEDORA-2008-1467 tomcat5 2008-02-13
Debian DSA-1447-1 tomcat5.5 2008-01-03
Mandriva MDKSA-2007:241 tomcat5 2007-12-10
Fedora FEDORA-2007-3456 tomcat5 2007-11-17
Fedora FEDORA-2007-3474 tomcat5 2007-11-17

Comments (none posted)

VMware: unspecified vulnerability

Package(s):VMware CVE #(s):CVE-2007-5617
Created:November 19, 2007 Updated:November 21, 2007
Description:

From the CVE entry:

Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images.

Alerts:
Gentoo 200711-23 VMware 2007-11-18

Comments (none posted)

vmware-player-kernel: several vulnerabilities

Package(s):linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 CVE #(s):CVE-2007-0061 CVE-2007-0062 CVE-2007-0063 CVE-2007-4496 CVE-2007-4497
Created:November 16, 2007 Updated:March 13, 2009
Description: Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server did not correctly handle certain packet structures. Remote attackers could send specially crafted packets and gain root privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)

Rafal Wojtczvk discovered multiple memory corruption issues in VMWare Player. Attackers with administrative privileges in a guest operating system could cause a denial of service or possibly execute arbitrary code on the host operating system. (CVE-2007-4496, CVE-2007-4497)

Alerts:
rPath rPSA-2009-0041-1 dhclient 2009-03-12
SuSE SUSE-SR:2009:005 dhcp, ntp/xntp, squid, wireshark, libpng, pam_mount, enscript, eID-belgium, gstreamer-0_10-plugins-good 2009-03-02
Gentoo 200808-05 dhcp 2008-08-06
Gentoo 200711-23 VMware 2007-11-18
Ubuntu USN-543-1 linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 2007-11-15

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds