User: Password:
Subscribe / Log in / New account


Dealing with weakness in SHA-1

June 17, 2009

This article was contributed by Nathan Willis

The SHA-1 hash function serves an auxiliary role in a number of cryptography utilities, notably OpenPGP, where it is used to sign documents and generate key fingerprints. Researchers recently published an attack on SHA-1 that can find collisions in drastically shorter time than previously thought, accelerating the move to replace SHA-1. A contest is underway to select a replacement, that will be designated SHA-3, but it will not be standardized until 2012. Between now and then, there are several steps interested individuals can take to harden themselves against attack — starting with understanding just what a hash collision can and cannot compromise.

SHA-1 was created by the National Security Agency (NSA) in 1995. It computes a 160-bit hash or "digest" of any message less than 2^64 bits long. Like any cryptographic hash function, its value as a message authentication tool depends on it being mathematically hard to find a collision: two messages that generate the same hash value. A brute-force search would, on average, take 2^80 evaluations of the function to find a collision (80 being half of the 160 bit digest length). Such a search would find two arbitrary messages that result in the same hash, not allow an attacker to find a collision with any specific message, but the 2^80 steps of a brute-force attack serves as a metric for the comparative efficiency of other attacks.

In recent years, the most efficient known attack on SHA-1 required 2^63 evaluations — around 1/100,000th the number of steps for a brute force search, but still safely outside the reach of a real-world attacker. That changed in April of 2009, when Cameron McDonald, Josef Pieprzyk, and Phil Hawkes presented findings [PDF] at the Eurocrypt 2009 conference that lowered the bar to 2^52 — a 2,000-fold speedup over 2^63. The existence of such an attack is far from a crisis-level weakness, but the upshot is that it is better to start migrating away from SHA-1 while it is still relatively safe.

SHA-1 in free software cryptography

SHA-1 is used in public-key cryptographic systems, including the OpenPGP specification (RFC 4880) implemented on most Linux desktop and server distributions by GnuPG. Since SHA-1 is a hash function, and not a cipher, it does not play a direct role in encryption, but it is used for digital signatures. In addition, OpenPGP key fingerprints are created with SHA-1, and key fingerprints are in turn used in key revocation and modification detection codes (MDC).

An OpenPGP digital signature involves computing a hash of the original message, then encrypting the hash with the signer's private encryption key. To verify the signed message's integrity, the recipient also needs to be able to compute the same hash on the received text. That requires support from the software and the keys used — although OpenPGP supports multiple hash algorithms in addition to SHA-1, old DSA keys can only use 160-bit signatures. Historically, that meant SHA-1, although RIPEMD-160 is compatible as well. Consequently, selecting a stronger algorithm when signing messages is possible with an application like GnuPG, but in the worst case scenario a user wishing to avoid SHA-1 would need to create a new DSA2 or RSA signing key.

Key fingerprints are digests of public keys, useful for key management because they are considerably shorter than the key from which they are hashed — thus making them human-readable so they can be compactly referenced more easily. Applications often list keys in a user's keyring by their fingerprint, so a SHA-1 collision that results in two keys having the same fingerprint could cause user confusion or unpredictable application behavior. Perhaps more importantly, key revocation certificates reference keys using fingerprints, again opening the door to unpredictable behavior if the application finds two keys with identical fingerprints. OpenPGP specifies SHA-1 as the only hash algorithm for version 4 keys (the latest revision), so there is no current workaround for fingerprint collisions.

MDC is an OpenPGP system to provide message integrity-checking with less overhead and less stringent requirements than full digital signatures. RFC 4880 describes it as "analogous to a checksum." MDC also specifies SHA-1 as its sole hash algorithm, but because its modest goals cover message integrity but not authentication, the existence of collisions does not adversely affect it. The checksum-like usage of the hash algorithm in this context simply verifies that the message content was not altered or corrupted in transit.

Although 2^52-evaluation collisions represent a significant weakening of SHA-1, it is important to note that hash collisions are not as easy to exploit as broken ciphers. On the GnuPG users' mailing list, maintainer David Shaw evaluated some of the possible scenarios, such as attempting to forge a signature. Even with the easier-to-exploit MD5 collision problem, thus far no one has been able to create a phony signature to match the signature of an existing key; the closest anyone has come is to generate two keys that can be used to create the same signature — an attack with little practical value. The prevailing opinion on the IETF's OpenPGP Working Group list was much the same. A more likely problem is the unexpected behavior of applications when confronted with fingerprint collisions.

Practical migration and looking forward

Nevertheless, users are encouraged to transition away from SHA-1 usage to stronger hash algorithms. The US government has mandated deprecation of SHA-1 for its use by the end of 2010. There are several alternative hash functions available today, including the family known as SHA-2. SHA-2 includes several functions that are related but use different digest lengths: SHA-224, SHA-256, SHA-384, and SHA-512. The SHA-2 functions are algorithmically similar to SHA-1, and so would be vulnerable to the same type of attacks, but because of their larger digest size they remain significantly more secure.

The National Institute of Standards and Technology (NIST) is currently holding a competition to select a next-generation hash algorithm to be designated SHA-3. Submissions were due in October of 2008, and the final winner is expected to be announced in 2012.

Debian's Daniel Kahn Gillmor posted a step-by-step guide to migrating away from SHA-1 in GnuPG. Included are instructions for setting up signing algorithm preferences in gpg.conf, attaching digest preferences to a public key so that other users will select a stronger algorithm when sending a message, and generating a replacement for an old DSA key. It is an important read particularly for key replacement, because setting strong digest preferences must be done before generating a new key — otherwise GnuPG will default to using SHA-1.

GnuPG for its part is planning to change its defaults in future releases, so that newly-created keys will default to RSA instead of DSA, and be able to use newer hash algorithms. Gillmor has also proposed a tool to scan OpenPGP keys and offer suggestions to the user for strengthening them — including using the current format, key type and size, appropriate sub-keys, and several other parameters.

The trickier problem is the OpenPGP specification's inclusion of SHA-1 as the "hardwired" choice for fingerprinting, revocation, and MDC. A thread on the OpenPGP Working Group's mailing list exposes several points of view. Some think that the group should wait for SHA-3, some think a change is due now, and others think that hash collisions even on fingerprints are not a significant enough security risk to warrant changing the specification.

As Gillmor's migration guide indicates, Debian is trying migrate its developers, maintainers, and teams away from SHA-1 digests and DSA keys and towards RSA keys with SHA-512 digests. Likewise, the Fedora project has undertaken a concerted migration to SHA-2 hashes. Ubuntu's security team administrator Kees Cook says that that distribution will update its keys over time, but that there is no rush. OpenSUSE's Marcus Meissner echos that sentiment, observing that the distribution is phasing out SHA-1 and MD5 for signing, but that collisions do not constitute a security threat for simple download integrity checking. All four distributions already use RSA master keys to sign packages.

Shaw emphasized that the recent attacks on SHA-1 still require a significant amount of work, and at best would allow an attacker to produce two original documents that hash to the same value, which does not directly impact most people's usage of OpenPGP. "This is not an attack where someone could take an existing OpenPGP-signed document and make a new document that matches the signature or the like." He advised individuals and maintainers who know that their intended recipients can accept larger hashes to use larger hashes, particularly when signing documents created by someone else (such as at a key-signing event), but not to worry unduly about using SHA-1 when that is the only option. In other words, he said, walk, but don't run, for the exits.

Comments (11 posted)

Brief items

Researchers Build Anonymous, Browser-Based 'Darknet' (DarkReading)

DarkReading reports on an upcoming Black Hat presentation which creates a "darknet" from within browsers. A darknet is a network like Tor or Freenet that allows for secure, anonymous use. "Veiled is basically a 'zero footprint' network, in which groups can rapidly form and disappear without a trace. It connects the user's HTML 5-based browser to a single PHP file, which downloads some JavaScript code into the browser. Pieces of the file are spread among the members of the Veiled darknet. It's not peer-to-peer, but rather a chain of 'repeaters' of the PHP file, the researchers say."

Comments (none posted)

New vulnerabilities

acroread: multiple vulnerabilities

Package(s):acroread CVE #(s):CVE-2009-0198 CVE-2009-0509 CVE-2009-0510 CVE-2009-0511 CVE-2009-0512 CVE-2009-0888 CVE-2009-0889 CVE-2009-1855 CVE-2009-1856 CVE-2009-1857 CVE-2009-1858 CVE-2009-1859 CVE-2009-1861 CVE-2009-2028
Created:June 17, 2009 Updated:September 1, 2009
Description: acroread has a number of vulnerabilities. From the Red Hat alert: Multiple security flaws were discovered in Adobe Reader. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-0198, CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889, CVE-2009-1855, CVE-2009-1856, CVE-2009-1857, CVE-2009-1858, CVE-2009-1859, CVE-2009-1861, CVE-2009-2028)
SuSE SUSE-SR:2009:014 dnsmasq, icu, libcurl3/libcurl2/curl/compat-curl2, Xerces-c/xerces-j2, tiff/libtiff, acroread_ja, xpdf, xemacs, mysql, squirrelmail, OpenEXR, wireshark 2009-09-01
Gentoo 200907-06 acroread 2009-07-12
SuSE SUSE-SR:2009:012 optipng, cups, quagga, pango, strongswan, perl-DBD-Pg, irssi, openssl/libopenssl-devel, net-snmp, ImageMagick/GraphicsMagick, perl, ipsec-tools/novell-ipsec-tools, poppler/libpoppler3/libpoppler4, yast2-ldap-server, tomcat6, gstreamer-plugins/gstreamer010-plugins-bad, apache2-mod_php5 2009-07-03
Red Hat RHSA-2009:1109-01 acroread 2009-06-17

Comments (none posted)

coccinelle: symlink attack

Package(s):coccinelle CVE #(s):CVE-2009-1753
Created:June 16, 2009 Updated:June 17, 2009
Description: From the CVE entry: Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."
Fedora FEDORA-2009-5368 coccinelle 2009-05-25

Comments (none posted)

drupal-views: cross site scripting

Package(s):drupal-views CVE #(s):
Created:June 16, 2009 Updated:June 17, 2009
Description: From the Fedora advisory: The Views module provides a flexible method for Drupal site designers to control how lists of content are presented. In the Views UI administrative interface when configuring exposed filters, user input presented as possible exposed filters is not correctly filtered, potentially allowing malicious users to insert arbitrary HTML and script code into these pages. In addition, content entered by users with 'administer views' permission into the View name when defining custom views is subsequently displayed without being filtered. Such cross site scripting (XSS) attacks may lead to a malicious user gaining full administrative access. An access bypass may exist where unpublished content owned by the anonymous user (e.g. content created by a user whose account was later deleted) is visible to any anonymous user there is a view already configured to show it incorrectly. An additional access bypass may occur because Views may generate queries which disrespect node access control. Users may be able to access private content if they have permission to see the resulting View.
Fedora FEDORA-2009-6171 drupal-views 2009-06-15
Fedora FEDORA-2009-6389 drupal-views 2009-06-15
Fedora FEDORA-2009-6049 drupal-views 2009-06-15

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2009-2043 CVE-2009-2044 CVE-2009-2061 CVE-2009-2065
Created:June 17, 2009 Updated:August 3, 2009
Description: Firefox has a multiple vulnerabilities. From the Mandriva alert:

CVE-2009-2043: firefox - remote TinyMCE denial of service

CVE-2009-2044: firefox - remote GIF denial of service

CVE-2009-2061: firefox - man-in-the-middle exploit

CVE-2009-2065: firefox - man-in-the-middle exploit

Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2009:185 firefox 2009-07-30
Mandriva MDVSA-2009:134 firefox 2009-06-17

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841
Created:June 12, 2009 Updated:August 3, 2009
Description: From the Red Hat advisory:

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838, CVE-2009-1841)

Multiple flaws were found in the processing of malformed, local file content. If a user loaded malicious, local content via the file:// URL, it was possible for that content to access other local data. (CVE-2009-1835, CVE-2009-1839)

A script, privilege elevation flaw was found in the way Firefox loaded XML User Interface Language (XUL) scripts. Firefox and certain add-ons could load malicious content when certain policy checks did not happen. (CVE-2009-1840)

A flaw was found in the way Firefox displayed certain Unicode characters in International Domain Names (IDN). If an IDN contained invalid characters, they may have been displayed as spaces, making it appear to the user that they were visiting a trusted site. (CVE-2009-1834)

A flaw was found in the way Firefox handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Firefox instance that is using a proxy server, they may be able to steal sensitive information from the site the user is visiting. (CVE-2009-1836)

Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2009:185 firefox 2009-07-30
Fedora FEDORA-2009-7614 seamonkey 2009-07-15
Fedora FEDORA-2009-7567 seamonkey 2009-07-15
Debian DSA-1830-1 icedove 2009-07-12
Slackware SSA:2009-178-01 thunderbird 2009-06-29
Mandriva MDVSA-2009:141 mozilla-thunderbird 2009-06-17
Ubuntu USN-782-1 thunderbird 2009-06-25
CentOS CESA-2009:1126 thunderbird 2009-06-26
Red Hat RHSA-2009:1126-01 thunderbird 2009-06-25
Red Hat RHSA-2009:1125-01 thunderbird 2009-06-25
CentOS CESA-2009:1095 firefox 2009-06-19
Debian DSA-1820-1 xulrunner 2009-06-18
Slackware SSA:2009-167-01 mozilla 2009-06-17
Mandriva MDVSA-2009:134 firefox 2009-06-17
Fedora FEDORA-2009-6411 totem 2009-06-15
Fedora FEDORA-2009-6411 gtkmozembedmm 2009-06-15
Fedora FEDORA-2009-6411 evolution-rss 2009-06-15
Fedora FEDORA-2009-6411 chmsee 2009-06-15
Fedora FEDORA-2009-6411 mugshot 2009-06-15
Fedora FEDORA-2009-6366 mugshot 2009-06-15
Fedora FEDORA-2009-6411 Miro 2009-06-15
Fedora FEDORA-2009-6366 Miro 2009-06-15
Fedora FEDORA-2009-6411 google-gadgets 2009-06-15
Fedora FEDORA-2009-6366 google-gadgets 2009-06-15
Fedora FEDORA-2009-6411 mozvoikko 2009-06-15
Fedora FEDORA-2009-6366 mozvoikko 2009-06-15
Fedora FEDORA-2009-6411 gnome-python2-extras 2009-06-15
Fedora FEDORA-2009-6366 gnome-python2-extras 2009-06-15
Fedora FEDORA-2009-6366 perl-Gtk2-MozEmbed 2009-06-15
Fedora FEDORA-2009-6366 gecko-sharp2 2009-06-15
Fedora FEDORA-2009-6411 gnome-web-photo 2009-06-15
Fedora FEDORA-2009-6366 gnome-web-photo 2009-06-15
Fedora FEDORA-2009-6411 kazehakase 2009-06-15
Fedora FEDORA-2009-6366 kazehakase 2009-06-15
Fedora FEDORA-2009-6411 ruby-gnome2 2009-06-15
Fedora FEDORA-2009-6366 ruby-gnome2 2009-06-15
Fedora FEDORA-2009-6366 pcmanx-gtk2 2009-06-15
Fedora FEDORA-2009-6411 yelp 2009-06-15
Fedora FEDORA-2009-6366 yelp 2009-06-15
Fedora FEDORA-2009-6411 blam 2009-06-15
Fedora FEDORA-2009-6366 blam 2009-06-15
Fedora FEDORA-2009-6411 xulrunner 2009-06-15
Fedora FEDORA-2009-6366 xulrunner 2009-06-15
Fedora FEDORA-2009-6411 devhelp 2009-06-15
Fedora FEDORA-2009-6366 devhelp 2009-06-15
Fedora FEDORA-2009-6411 galeon 2009-06-15
Fedora FEDORA-2009-6366 galeon 2009-06-15
Fedora FEDORA-2009-6411 epiphany-extensions 2009-06-15
Fedora FEDORA-2009-6366 epiphany-extensions 2009-06-15
Fedora FEDORA-2009-6411 epiphany 2009-06-15
Fedora FEDORA-2009-6366 epiphany 2009-06-15
Fedora FEDORA-2009-6411 firefox 2009-06-15
Fedora FEDORA-2009-6366 firefox 2009-06-15
SuSE SUSE-SA:2009:034 MozillaFirefox 2009-06-16
Ubuntu USN-779-1 firefox-3.0, xulrunner-1.9 2009-06-12
CentOS CESA-2009:1096 seamonkey 2009-06-12
Red Hat RHSA-2009:1096-01 seamonkey 2009-06-11
Red Hat RHSA-2009:1095-01 firefox 2009-06-11

Comments (none posted)

gupnp: crash on zero length content

Package(s):gupnp CVE #(s):
Created:June 16, 2009 Updated:June 17, 2009
Description: From the Fedora advisory: Version 0.12.8 fixes a bug where the gupnp stack crashes when passed empty content.
Fedora FEDORA-2009-5861 gupnp 2009-06-04
Fedora FEDORA-2009-5865 gupnp 2009-06-04

Comments (none posted)

icu: cross-site scripting

Package(s):icu CVE #(s):CVE-2009-0153
Created:June 16, 2009 Updated:October 8, 2009
Description: From the CVE entry: International Components for Unicode (ICU) in Apple Mac OS X 10.5 before 10.5.7 does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Debian DSA-1889-1 icu 2009-09-16
SuSE SUSE-SR:2009:014 dnsmasq, icu, libcurl3/libcurl2/curl/compat-curl2, Xerces-c/xerces-j2, tiff/libtiff, acroread_ja, xpdf, xemacs, mysql, squirrelmail, OpenEXR, wireshark 2009-09-01
CentOS CESA-2009:1122 icu 2009-06-26
Red Hat RHSA-2009:1122-01 icu 2009-06-25
Fedora FEDORA-2009-6121 icu 2009-06-15
Fedora FEDORA-2009-6273 icu 2009-06-15
Ubuntu USN-846-1 icu 2009-10-08

Comments (none posted)

irssi: off-by-one error

Package(s):irssi CVE #(s):CVE-2009-1959
Created:June 16, 2009 Updated:December 8, 2009
Description: From the Mandriva advisory: Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
Mandriva MDVSA-2009:133-1 irssi 2009-12-08
Gentoo 200909-13 irssi 2009-09-12
Fedora FEDORA-2009-7004 irssi 2009-06-27
Fedora FEDORA-2009-7012 irssi 2009-06-27
Ubuntu USN-800-1 irssi 2009-07-13
SuSE SUSE-SR:2009:012 optipng, cups, quagga, pango, strongswan, perl-DBD-Pg, irssi, openssl/libopenssl-devel, net-snmp, ImageMagick/GraphicsMagick, perl, ipsec-tools/novell-ipsec-tools, poppler/libpoppler3/libpoppler4, yast2-ldap-server, tomcat6, gstreamer-plugins/gstreamer010-plugins-bad, apache2-mod_php5 2009-07-03
Mandriva MDVSA-2009:133 irssi 2009-06-16

Comments (none posted)

libtorrent-rasterbar: directory traversal

Package(s):libtorrent-rasterbar CVE #(s):CVE-2009-1760
Created:June 15, 2009 Updated:July 17, 2009
Description: From the Debian advisory: It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.
Gentoo 200907-14 rb_libtorrent 2009-07-17
Fedora FEDORA-2009-6760 deluge 2009-06-19
Fedora FEDORA-2009-6682 deluge 2009-06-19
Fedora FEDORA-2009-6502 rb_libtorrent 2009-06-18
Fedora FEDORA-2009-6547 rb_libtorrent 2009-06-18
Fedora FEDORA-2009-6619 rb_libtorrent 2009-06-18
Mandriva MDVSA-2009:139 libtorrent-rasterbar 2009-06-24
Debian DSA-1815-1 libtorrent-rasterbar 2009-06-14

Comments (none posted)

mingw32-libpng: information disclosure

Package(s):mingw32-libpng CVE #(s):CVE-2009-2042
Created:June 16, 2009 Updated:August 17, 2010
Description: From the CVE entry: libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
Gentoo 201412-08 insight, perl-tk, sourcenav, tk, partimage, bitdefender-console, mlmmj, acl, xinit, gzip, ncompress, liblzw, splashutils, m4, kdm, gtk+, kget, dvipng, beanstalkd, pmount, pam_krb5, gv, lftp, uzbl, slim, iputils, dvbstreamer 2014-12-11
Oracle ELSA-2012-0317 libpng 2012-02-21
CentOS CESA-2010:0534 libpng 2010-08-16
CentOS CESA-2010:0534 libpng 2010-07-21
CentOS CESA-2010:0534 libpng 2010-07-21
CentOS CESA-2010:0534 libpng 2010-07-14
Red Hat RHSA-2010:0534-01 libpng 2010-07-14
Debian DSA-2032-1 libpng 2010-04-11
Mandriva MDVSA-2010:063 libpng 2010-03-22
Ubuntu USN-913-1 libpng 2010-03-16
Gentoo 200906-01 libpng 2009-06-27
Slackware SSA:2009-170-01 libpng 2009-06-22
Fedora FEDORA-2009-6506 libpng 2009-06-18
Fedora FEDORA-2009-6531 libpng 2009-06-18
Fedora FEDORA-2009-6603 libpng 2009-06-18
Fedora FEDORA-2009-6400 mingw32-libpng 2009-06-15
Fedora FEDORA-2009-5977 mingw32-libpng 2009-06-15

Comments (1 posted)

mutt: SSL certificate vulnerability

Package(s):mutt CVE #(s):CVE-2009-1390
Created:June 16, 2009 Updated:June 17, 2009
Description: From the Fedora advisory: Version 1.5.19 fixes a problem with SSL certificate chain verification.
Fedora FEDORA-2009-6465 mutt 2009-06-15

Comments (none posted)

perl: buffer overflow

Package(s):perl CVE #(s):CVE-2009-1391
Created:June 16, 2009 Updated:December 4, 2009
Description: From the Red Hat bugzilla: Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause the perl process at least to hang or to crash.
Mandriva MDVSA-2009:157-1 perl-Compress-Raw-Zlib 2009-12-03
Mandriva MDVSA-2009:207 perl-Compress-Raw-Bzip2 2009-08-19
Gentoo 200908-07 Compress::Raw 2009-08-18
Mandriva MDVSA-2009:174 perl-Compress-Raw-Zlib 2009-07-29
Mandriva MDVSA-2009:157 perl-Compress-Raw-Zlib 2009-07-19
Fedora FEDORA-2009-7680 perl 2009-07-15
SuSE SUSE-SR:2009:012 optipng, cups, quagga, pango, strongswan, perl-DBD-Pg, irssi, openssl/libopenssl-devel, net-snmp, ImageMagick/GraphicsMagick, perl, ipsec-tools/novell-ipsec-tools, poppler/libpoppler3/libpoppler4, yast2-ldap-server, tomcat6, gstreamer-plugins/gstreamer010-plugins-bad, apache2-mod_php5 2009-07-03
Ubuntu USN-794-1 libcompress-raw-zlib-perl, perl 2009-07-02
Fedora FEDORA-2009-6033 perl 2009-06-15

Comments (none posted)

php-ZendFramework: local file inclusion

Package(s):php-ZendFramework CVE #(s):
Created:June 16, 2009 Updated:June 17, 2009
Description: From the Red Hat bugzilla: Upstream Zend Framework 1.7.5 contains a security fix for a potential Local File Inclusion (LFI) vulnerability in the Zend_View::render() method. This fixed is tagged upstream as "controversial", as it breaks backwards compatibility and existing uses of method.
Fedora FEDORA-2009-2823 php-ZendFramework 2009-03-18

Comments (none posted)

tomcat: multiple vulnerabilities

Package(s):tomcat6 CVE #(s):CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783
Created:June 15, 2009 Updated:November 2, 2010
Description: From the Ubuntu advisory:

Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. (CVE-2008-5515)

Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. (CVE-2009-0033)

D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. (CVE-2009-0580)

Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-0781)

Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files. (CVE-2009-0783)

Gentoo 201206-24 tomcat 2012-06-24
Fedora FEDORA-2010-16248 tomcat6 2010-10-14
Mandriva MDVSA-2010:176 tomcat5 2010-09-12
CentOS CESA-2010:0580 tomcat5 2010-08-03
Red Hat RHSA-2010:0580-01 tomcat5 2010-08-02
SuSE SUSE-SR:2010:008 gnome-screensaver tomcat libtheora java-1_6_0-sun samba 2010-04-07
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
CentOS CESA-2009:1164 tomcat 2009-07-29
Mandriva MDVSA-2009:163 tomcat5 2009-07-28
Red Hat RHSA-2009:1164-01 tomcat 2009-07-21
Red Hat RHSA-2009:1563-01 tomcat 2009-11-09
Red Hat RHSA-2009:1562-01 tomcat 2009-11-09
SuSE SUSE-SR:2009:012 optipng, cups, quagga, pango, strongswan, perl-DBD-Pg, irssi, openssl/libopenssl-devel, net-snmp, ImageMagick/GraphicsMagick, perl, ipsec-tools/novell-ipsec-tools, poppler/libpoppler3/libpoppler4, yast2-ldap-server, tomcat6, gstreamer-plugins/gstreamer010-plugins-bad, apache2-mod_php5 2009-07-03
Mandriva MDVSA-2009:138 tomcat5 2009-06-22
Mandriva MDVSA-2009:136 tomcat5 2009-06-22
Fedora FEDORA-2009-11352 tomcat6 2009-11-11
Fedora FEDORA-2009-11374 tomcat6 2009-11-11
Fedora FEDORA-2009-11356 tomcat6 2009-11-11
Ubuntu USN-788-1 tomcat6 2009-06-15

Comments (1 posted)

Page editor: Jake Edge
Next page: Kernel development>>

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds