Security
A hole in crypt_blowfish
A longstanding bug that was recently found in the crypt_blowfish password hashing library highlights the problems that can occur when a bug is found in a widely used low-level library. Because crypt_blowfish has been around for so long (this bug is said to go back to 1998 or possibly 1997), it has been used by various other packages (PHP for example) as well as some Linux distributions. The security impact is not likely to be huge, because it only affects passwords with somewhat uncommon characteristics, but the impact on those who have stored hashed passwords generated using the library may be a bit more painful.
Password hashing is a standard technique that is used by authentication mechanisms (for logging into a system or web application for example), so that the plaintext password does not need to be stored. Instead, something derived from the plaintext password is stored. Typically, one-way cryptographic hash functions like SHA-1 or the Blowfish cipher are used for that purpose. When the user presents the password, the same function is applied to that input and compared to what is stored. The idea is that even if an attacker gets access to the password database, they would need to "crack" the hashed values stored there. As its name implies, crypt_blowfish implements password hashing based on Blowfish.
The bug itself is quite simple, and the change to fix it will likely make the problem obvious to C programmers:
tmp |= *ptr;
to:
tmp |= (unsigned char)*ptr;
The problem was actually discovered in the John the Ripper (JtR) password cracking program. As part of creating a test suite, "magnum" was attempting to crack a password that consisted of a single non-ASCII character (£ or 0xa3), which was hashed using a library other than crypt_blowfish. Because JtR and crypt_blowfish share their implementation of the Blowfish encryption algorithm, tests using both would pass, but independent implementations would generate the correct hash, thus failing to match what was generated by JtR.
JtR and crypt_blowfish developer Alexander Peslyak (aka Solar Designer) analyzed the effects of the bug and found that some password pairs would hash to the same value with only minimal differences (e.g. "ab£" hashed to the same value as "£"), which would make password cracking easier. A further analysis shows that some characters appearing just before one with the high bit set may be effectively ignored when calculating the hash. That would mean that a simpler password than that given by the user could be used and would still be considered valid—a significant weakening of the user's password.
It should be noted that Solar Designer has been very forthcoming with details of the problem and its effects. His CVE request is quite detailed, and he takes full responsibility for the error. Other projects who find security holes in their code would do well to follow his lead here.
There is no real problem for JtR, as it can get the updated code so that it can crack passwords with high-bit-set characters in them. In addition, it could continue to use the broken code to crack passwords that were hashed incorrectly. But for applications that use crypt_blowfish, it's a different story. Passwords with the high bit set may be fairly uncommon—at least for sites with typically ASCII-only users—but there is no easy way to determine whether stored hashes are invalid or not.
The safest solution for administrators with potentially bad password hashes (which could include those running Openwall Linux (Owl), SUSE, and ALT Linux which can use crypt_blowfish for hashing the password database) is to invalidate all passwords and have their users input new ones. That could prove to be a logistical nightmare, however, depending on how easily, and securely, users can set new passwords without authenticating with their existing password. Requiring that users change their existing passwords after logging in is an alternative, but one that might give attackers a window in which to operate. It also leaves passwords unchanged for any users that do not log in.
The risks of attackers using this flaw to log in to a site are likely to be fairly small, but they do exist. If a site's login process is susceptible to brute force attacks, this bug makes it somewhat easier to do so, at least for specific password types. On the other hand, if the password database has been exposed, and some passwords were not crackable (at least for attackers using cracking programs other than JtR), this information would give them the means to crack those passwords. In the end analysis, it is an exploitable hole, but not the kind to send administrators into panic mode.
It is somewhat amazing that this bug has existed for 13+ years in a fairly widely used library. Up until now, no one has tested it in this way, at least publicly, which should serve as something of a warning to those who are using well-established software, both free and proprietary. With free software (crypt_blowfish has been placed into the public domain which may be a bit legally murky but is in keeping with free software ideals) there are more and easier opportunities to examine and test the code, but that's only effective if the testing is actually done.
There are, without doubt, bugs still lurking in various security-oriented libraries that we depend on every day, so testing those libraries (as well as code that is not being used for security purposes) regularly and systematically can only help find them. While it took more than a decade for this bug to come to light, it's worth pointing out that it certainly could have been discovered by others in the interim. Attackers clearly do their own testing, and are generally not inclined to release their results. That may not be the case here, but one should always recognize that public disclosure of a vulnerability is not necessarily tied to its discovery.
Brief items
Security quotes of the week
Actually, we are prolonging the security support for 4 and later, it's not just a minimum of six months any more, now it's "forever", just that the security updates always bring features and a new "version" as well. ;-)
Twenty minutes passed, and all four were still actively using Facebook.
The story behind the mysterious CyanogenMod update
A group called Lookout Mobile Security has put out an alert regarding malware which is targeting custom Android builds. "The application follows the common pattern of masquerading as a legitimate application, though a few extra permissions have been added. At first glance, it appears like other recent Android Trojans that tries to take control over the mobile phone by rooting the phone (breaking out of the Android security container), but instead jSMSHider exploits a vulnerability found in the way most custom ROMs sign their system images. The issue arises since publicly available private keys in the Android Open Source Project (AOSP) are often used to sign the custom ROM builds. In the Android security model, any application signed with the same platform signer as the system image can request permissions not available to normal applications, including the ability to install or uninstall applications without user intervention." This, it seems, is the vulnerability closed by the May 2011 CyanogenMod security update. (Seen on The H).
New vulnerabilities
ffmpeg mplayer: arbitrary code execution
| Package(s): | ffmpeg mplayer | CVE #(s): | CVE-2011-1931 | ||||||||||||||||
| Created: | June 21, 2011 | Updated: | September 20, 2011 | ||||||||||||||||
| Description: | From the Pardus advisory:
A vulnerability has been fixed in ffmpeg, which can be result in an out of array write and potentially arbitrary code execution. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
groff: insecure tmp file usage
| Package(s): | groff | CVE #(s): | CVE-2009-5044 | ||||||||||||||||||||||||||||||||
| Created: | June 16, 2011 | Updated: | June 8, 2012 | ||||||||||||||||||||||||||||||||
| Description: | From the openSUSE advisory: groff created temporary files in an insecure way. Local attackers could potentially exploit that to overwrite files of other users. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2011-1768 CVE-2011-2182 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | June 20, 2011 | Updated: | March 7, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
CVE-2011-1768: Alexecy Dobriyan reported an issue in the IP tunnels implementation. Remote users can cause a denial of service by sending a packet during module initialization. CVE-2011-2182: Ben Hutchings reported an issue with the fix for CVE-2011-1017 that made it insufficient to resolve the issue. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
klibc: command injection
| Package(s): | klibc | CVE #(s): | CVE-2011-1930 | ||||||||
| Created: | June 21, 2011 | Updated: | September 27, 2013 | ||||||||
| Description: | From the Pardus advisory:
A vulnerability has been fixed in klibc, which allows attackers to injection command. | ||||||||||
| Alerts: |
| ||||||||||
libvirt: arbitrary host file access
| Package(s): | libvirt | CVE #(s): | CVE-2011-2178 | ||||||||||||||||
| Created: | June 16, 2011 | Updated: | July 12, 2011 | ||||||||||||||||
| Description: | From the openSUSE advisory: A regression re-introduced automatic disk probing again which potentially allowed to uses to access arbitrary files (CVE-2011-2178). | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
libxml2: code execution
| Package(s): | libxml2 | CVE #(s): | CVE-2011-1944 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | June 16, 2011 | Updated: | March 1, 2013 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Ubuntu advisory: Chris Evans discovered that libxml2 incorrectly handled memory allocation. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
moodle: multiple vulnerabilities
| Package(s): | moodle | CVE #(s): | |||||
| Created: | June 16, 2011 | Updated: | June 22, 2011 | ||||
| Description: | From the Debian advisory: MSA-11-0011 Multiple cross-site scripting problems in media filter MSA-11-0015 Cross Site Scripting through URL encoding MSA-11-0013 Group/Quiz permissions issue | ||||||
| Alerts: |
| ||||||
movabletype-opensource: multiple vulnerabilities
| Package(s): | movabletype-opensource | CVE #(s): | |||||||||
| Created: | June 17, 2011 | Updated: | December 30, 2011 | ||||||||
| Description: | From the Debian advisory:
It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities: A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances. | ||||||||||
| Alerts: |
| ||||||||||
Mozilla products: multiple vulnerabilities
| Package(s): | firefox | CVE #(s): | CVE-2011-2374 CVE-2011-2375 CVE-2011-2373 CVE-2011-2377 CVE-2011-2371 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2370 CVE-2011-2369 CVE-2011-2364 CVE-2011-0083 CVE-2011-2362 CVE-2011-0085 CVE-2011-2363 CVE-2011-2365 CVE-2011-2376 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | June 22, 2011 | Updated: | July 23, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The firefox, thunderbird, and seamonkey teams have issued updated versions of their products to address a long list of "critical" security vulnerabilities. See the firefox 3.6.18, and firefox 5 "fixed vulnerability" lists for more. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nagios: cross-site scripting
| Package(s): | nagios3 | CVE #(s): | CVE-2011-1523 CVE-2011-2179 | ||||||||||||||||
| Created: | June 16, 2011 | Updated: | April 2, 2012 | ||||||||||||||||
| Description: | From the Ubuntu advisory: Stefan Schurtz discovered than Nagios did not properly sanitize its input when processing certain requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
pam_ssh: privilege escalation
| Package(s): | pam_ssh | CVE #(s): | |||||||||||||
| Created: | June 21, 2011 | Updated: | June 22, 2011 | ||||||||||||
| Description: | From the Red Hat bugzilla:
It was found that pam_ssh, PAM module for use with SSH keys and ssh-agent, did not properly drop root SGID privileges prior executing the ssh-agent authentication agent. A local attacker could use this flaw to potentially escalate their privileges. | ||||||||||||||
| Alerts: |
| ||||||||||||||
php: code execution
| Package(s): | php5 | CVE #(s): | CVE-2011-1938 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | June 16, 2011 | Updated: | August 25, 2011 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Novell bug database: Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SUSE Manager: multiple vulnerabilities
| Package(s): | SUSE Manager | CVE #(s): | CVE-2009-4139 CVE-2011-1594 | ||||
| Created: | June 20, 2011 | Updated: | June 22, 2011 | ||||
| Description: | From the SUSE advisory:
CVE-2009-4139: A cross-site request forgery (CSRF) attack can be used to execute web-actions within the SUSE Manager web user interface with the privileges of the attacked user. CVE-2011-1594: Open Redirect bug at the login page (Phishing)
| ||||||
| Alerts: |
| ||||||
SUSE Manager Proxy: insecure SSL settings
| Package(s): | SUSE Manager Proxy | CVE #(s): | |||||
| Created: | June 20, 2011 | Updated: | June 22, 2011 | ||||
| Description: | From the SUSE advisory:
This security update of SUSE Manger Proxy improves the SSL cipher suite setting to only allow secure SSLCipher and SSLProtocols. | ||||||
| Alerts: |
| ||||||
torque: remote code execution
| Package(s): | torque | CVE #(s): | CVE-2011-2193 | ||||||||||||||||||||
| Created: | June 21, 2011 | Updated: | September 5, 2012 | ||||||||||||||||||||
| Description: | From the Red Hat bugzilla:
Torque server does not check the length of the "job name" argument before using it - this string is verified only on the client side. It is possible to use a modified Torque client or DRMAA interface to submit a job with an arbitrary chosen job name in terms of length and content. Thus, it is possible for the attacker to overflow buffer and overwrite some Torque server process internal data causing its specific behavior. Note that this data overwriting could lead to remote code execution. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
unixODBC: buffer overflow
| Package(s): | unixODBC | CVE #(s): | CVE-2011-1145 | ||||
| Created: | June 20, 2011 | Updated: | June 22, 2011 | ||||
| Description: | From the openSUSE advisory:
Specially crafted reply of a malicious server could overflow a buffer in unixODBC | ||||||
| Alerts: |
| ||||||
Page editor: Jake Edge
Next page:
Kernel development>>