User: Password:
|
|
Subscribe / Log in / New account

Security

Unpredictable sequence numbers

By Jake Edge
August 17, 2011

It has been known for 15 years or more that using predictable network sequence numbers is a security risk, so most implementations, including Linux, have randomized the initial sequence number (ISN) for TCP connections. Due to performance concerns, though, Linux used a combination of the MD4 cryptographic hash, along with changing the random seed every five minutes, to create the ISN. In addition, only a partial MD4 implementation was used, which effectively limited the ISNs to 24 bits of randomness. That's all changed with a recent patch that has been merged into the mainline as well as the stable and longterm kernels.

Sequence numbers are used by TCP to keep the bytes in the connection stream in order. An ISN is established at the time the connection is made, and incremented by the number of data bytes in each packet. That way, both sides of the connection can recognize when they have received out-of-order packets and ensure that the data that gets handed off to the application is properly sequenced.

Initially, TCP specified that ISNs would increment every four microseconds to avoid having multiple outstanding connections with the same sequence number. But, in the mid-90s, it was recognized that predictability in choosing ISNs could be used by attackers to potentially inject packets into the set up of a connection, or into an established session itself. That led to RFC 1948, which suggested establishing a separate sequence number space for each connection, and randomizing the ISNs based on the connection parameters.

Basically, the idea is that by using the source address/port and destination address/port as input to a cryptographic hash (the RFC suggests MD5), along with a random seed generated at boot time, an unpredictable ISN can be created. But Linux went its own way, using the partial MD4 and resetting the random seed frequently (which was meant to add some additional unpredictability).

According to the description in David Miller's patch, Dan Kaminsky recently alerted the kernel security mailing list (i.e. security@kernel.org, which is a closed list for security discussions) that the Linux ISN generation was vulnerable to brute force attacks. Presumably, the increased speed of today's computers coupled with the higher bandwidth available means that a brute force attack against a 24-bit space is more plausible today. Also, as Miller points out, the increase in computer speed also means that the need for using MD4 for performance reasons has likely passed.

Over the years since RFC 1948, MD5 has been considerably weakened, so SHA-1 was also considered for the Linux fix. But, as Miller describes it, the performance cost was simply too high:

MD5 was selected as a compromise between performance loss and theoretical ability to be compromised. Willy Tarreau did extensive testing and SHA1 was found to harm performance too much to be considered seriously at this time.

Down the road, a sysctl knob may be added to select different modes, Miller said. That could include the "super secure" SHA-1 version, as well as a mode that turns off any hashing for networks that run in trusted environments.

While it may have made sense at the time, it is clear that using MD4 (and effectively limiting it to 24 bits of randomness) is just too risky today. Attacks against the earlier implementation may be hard to pull off, but the effects can be rather serious. The RFC describes an attack that would inject commands into a remote shell session. While rsh is not used very frequently—at all?—any more, there are other kinds of attacks that are possible too. It's good to see this particular hole get filled.

Comments (11 posted)

Brief items

Security quotes of the week

Turns out we have a large index of the web, so we cranked through 20 terabytes of SWF file downloads followed by 1 week of run time on 2,000 CPU cores to calculate the minimal set of about 20,000 files. Finally, those same 2,000 cores plus 3 more weeks of runtime were put to good work mutating the files in the minimal set (bitflipping, etc.) and generating crash cases. These crash cases included an interesting range of vulnerability categories, including buffer overflows, integer overflows, use-after-frees and object type confusions.
-- Google security team on fuzzing Flash at "Google scale"

Is losing your genomic privacy an excessive price to pay for surviving cancer and evading plagues?

Is compromising your sensory privacy through lifelogging a reasonable price to pay for preventing malicious impersonation and apprehending criminals?

Is letting your insurance company know exactly how you steer and hit the gas and brake pedals, and where you drive, an acceptable price to pay for cheaper insurance?

-- Charlie Stross's USENIX 2011 keynote: Network Security in the Medium Term, 2061-2561 AD

Comments (4 posted)

One year of Android malware

Paolo Passeri has put up a list of malevolent Android applications discovered over the last year. "Scroll down my special compilation showing the long malware trail which characterized this hard days for information security. Commenting the graph, in my opinion, probably the turning point was Android.Geinimi (end of 2010), featuring the characteristics of a primordial Botnet, but also Android.DroidDream (AKA RootCager) is worthwhile to mention because of its capability to root the phone and potentially to remotely install applications without direct user intervention."

Comments (2 posted)

Cox: Six years of Red Hat Enterprise Linux 4

Red Hat security team lead Mark J. Cox writes about the "Six Years of Red Hat Enterprise Linux 4" report [PDF] on his blog. It looks at the vulnerabilities that were found and fixed in RHEL 4, along with their severity. "The data we publish is interesting to get a feel for the risk of running Enterprise Linux, but isn't really useful for comparisons with other distributions, or operating systems. One important difference is that it is Red Hat policy to count vulnerabilities and allocate CVE names to all issues that we fix, including ones that are found internally. This is not true for many other vendors including folks like Microsoft and Adobe who do not count or disclose issues they fix which were found internally."

Comments (5 posted)

New vulnerabilities

cgit: cross-site scripting

Package(s):cgit CVE #(s):CVE-2011-2711
Created:August 11, 2011 Updated:August 17, 2011
Description: cgit 0.9.0.2 and prior have a cross-site scripting vulnerability exploitable by authenticated users.
Alerts:
Fedora FEDORA-2011-9588 cgit 2011-07-23
Fedora FEDORA-2011-9589 cgit 2011-07-23
openSUSE openSUSE-SU-2011:0891-1 cgit 2011-08-11

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2011-2989 CVE-2011-2991 CVE-2011-2985 CVE-2011-2993 CVE-2011-2988 CVE-2011-2987 CVE-2011-2990 CVE-2011-2992
Created:August 17, 2011 Updated:July 23, 2012
Description: From the Ubuntu advisory:

Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2989)

Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)

Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2985)

Rafael Gieschke discovered that unsigned JavaScript could call into a script inside a signed JAR. This could allow an attacker to execute arbitrary code with the identity and permissions of the signed JAR. (CVE-2011-2993)

Michael Jordon discovered that an overly long shader program could cause a buffer overrun. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2988)

Michael Jordon discovered a heap overflow in the ANGLE library used in Firefox's WebGL implementation. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2987)

Mike Cardwell discovered that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. This could allow a malicious website to capture proxy authorization credentials. Daniel Veditz discovered that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. This could allow a malicious website to circumvent the Content Security Policy of another website. (CVE-2011-2990)

Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2992)

Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Mageia MGASA-2012-0176 iceape 2012-07-21
openSUSE openSUSE-SU-2012:0567-1 firefox, thunderbird, seamonkey, xulrunner 2012-04-27
Ubuntu USN-1192-3 libvoikko 2011-10-19
openSUSE openSUSE-SU-2011:0957-2 MozillaFirefox 2011-08-30
SUSE SUSE-SA:2011:037 MozillaFirefox,MozillaThunderbird,seamonkey 2011-08-29
openSUSE openSUSE-SU-2011:0957-1 seamonkey 2011-08-29
openSUSE openSUSE-SU-2011:0935-1 mozilla-nss 2011-08-23
Fedora FEDORA-2011-11084 gnome-web-photo 2011-08-18
Fedora FEDORA-2011-11084 galeon 2011-08-18
Fedora FEDORA-2011-11084 mozvoikko 2011-08-18
Fedora FEDORA-2011-11084 xulrunner 2011-08-18
Fedora FEDORA-2011-11084 perl-Gtk2-MozEmbed 2011-08-18
Fedora FEDORA-2011-11084 gnome-python2-extras 2011-08-18
Fedora FEDORA-2011-11084 firefox 2011-08-18
Ubuntu USN-1192-2 mozvoikko 2011-08-17
Fedora FEDORA-2011-11106 gnome-python2-extras 2011-08-18
Fedora FEDORA-2011-11106 mozvoikko 2011-08-18
Fedora FEDORA-2011-11106 perl-Gtk2-MozEmbed 2011-08-18
Fedora FEDORA-2011-11106 firefox 2011-08-18
Fedora FEDORA-2011-11106 xulrunner 2011-08-18
Ubuntu USN-1192-1 firefox 2011-08-17

Comments (none posted)

isc-dhcp: denial of service

Package(s):isc-dhcp CVE #(s):CVE-2011-2748 CVE-2011-2749
Created:August 11, 2011 Updated:September 23, 2011
Description: The ISC DHCP server crashes "when processing certain packets."
Alerts:
Gentoo 201301-06 dhcp 2013-01-09
CentOS CESA-2011:1160 dhcp 2011-09-22
openSUSE openSUSE-SU-2011:1021-1 dhcp 2011-09-07
Fedora FEDORA-2011-10705 dhcp 2011-08-12
Pardus 2011-113 dhcp 2011-09-05
Fedora FEDORA-2011-10740 dhcp 2011-08-12
Mandriva MDVSA-2011:128 dhcp 2011-08-18
CentOS CESA-2011:1160 dhcp 2011-08-16
Scientific Linux SL-dhcp-20110815 dhcp 2011-08-15
Red Hat RHSA-2011:1160-01 dhcp 2011-08-15
Ubuntu USN-1190-1 dhcp3, isc-dhcp 2011-08-15
Debian DSA-2292-1 isc-dhcp 2011-08-11

Comments (none posted)

libmodplug: multiple vulnerabilities

Package(s):libmodplug CVE #(s):CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915
Created:August 17, 2011 Updated:March 16, 2012
Description: From the Red Hat bugzilla:

A number of vulnerabilities were reported in libmodplug, which can be exploited to cause a DoS or possibly compromise an application using the library:

1) An integer overflow error exists within the "CSoundFile::ReadWav()" function (src/load_wav.cpp) when processing certain WAV files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted WAV file.

2) Boundary errors within the "CSoundFile::ReadS3M()" function (src/load_s3m.cpp) when processing S3M files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted S3M file.

3) An off-by-one error within the "CSoundFile::ReadAMS()" function (src/load_ams.cpp) can be exploited to cause a stack corruption by tricking a user into opening a specially crafted AMS file.

4) An off-by-one error within the "CSoundFile::ReadDSM()" function (src/load_dms.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted DSM file.

5) An off-by-one error within the "CSoundFile::ReadAMS2()" function (src/load_ams.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted AMS file.

Alerts:
Gentoo 201203-16 libmodplug 2012-03-16
Gentoo 201203-14 audacious-plugins 2012-03-16
Debian DSA-2415-1 libmodplug 2012-02-22
CentOS CESA-2011:1264 gstreamer-plugins 2011-09-08
Scientific Linux SL-gstr-20110906 gstreamer-plugins 2011-09-06
Ubuntu USN-1255-1 libmodplug 2011-11-09
Red Hat RHSA-2011:1264-01 gstreamer-plugins 2011-09-06
Pardus 2011-112 libmodplug 2011-09-05
openSUSE openSUSE-SU-2011:0943-1 libmodplug 2011-08-25
Fedora FEDORA-2011-10503 libmodplug 2011-08-09
Fedora FEDORA-2011-10544 libmodplug 2011-08-09

Comments (none posted)

libxfont: privilege escalation

Package(s):libxfont CVE #(s):CVE-2011-2895
Created:August 12, 2011 Updated:December 19, 2011
Description: From the Debian advisory:

Tomas Hoger found a buffer overflow in the X.Org libXfont library, which may allow for a local privilege escalation through crafted font files.

Alerts:
Fedora FEDORA-2015-3948 nx-libs 2015-03-26
Fedora FEDORA-2015-3964 nx-libs 2015-03-26
Gentoo 201402-23 libXfont 2014-02-21
SUSE SUSE-SU-2012:0553-1 freetype2 2012-04-23
Red Hat RHSA-2011:1834-01 libXfont 2011-12-19
SUSE SUSE-SU-2011:1306-1 freetype2 2011-12-08
SUSE SUSE-SU-2011:1035-2 Xorg-X11 2011-12-07
openSUSE openSUSE-SU-2011:1299-1 xorg-x11-libs 2011-12-05
Mandriva MDVSA-2011:153 libxfont 2011-10-17
Mandriva MDVSA-2011:146 cups 2011-10-11
CentOS CESA-2011:1154 libXfont 2011-09-22
SUSE SUSE-SU-2011:1035-1 Xorg X11 2011-09-13
CentOS CESA-2011:1161 freetype 2011-08-16
Scientific Linux SL-free-20110815 freetype 2011-08-15
Scientific Linux SL-xorg-20110811 xorg-x11 2011-08-11
Scientific Linux SL-libX-20110811 libXfont 2011-08-11
Red Hat RHSA-2011:1161-01 freetype 2011-08-15
Ubuntu USN-1191-1 libxfont 2011-08-15
CentOS CESA-2011:1155 xorg-x11 2011-08-14
Red Hat RHSA-2011:1155-01 xorg-x11 2011-08-11
Red Hat RHSA-2011:1154-01 libXfont 2011-08-11
Debian DSA-2293-1 libxfont 2011-08-12

Comments (none posted)

Mozilla products: multiple vulnerabilities

Package(s):firefox, thunderbird, seamonkey CVE #(s):CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984
Created:August 17, 2011 Updated:September 23, 2011
Description: From the Red Hat advisory:

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982)

A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084)

A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378)

A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981)

A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983)

It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984)

Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Mageia MGASA-2012-0176 iceape 2012-07-21
CentOS CESA-2011:1164 firefox 2011-09-22
CentOS CESA-2011:1164 firefox 2011-09-22
CentOS CESA-2011:1165 thunderbird 2011-09-22
openSUSE openSUSE-SU-2011:0957-2 MozillaFirefox 2011-08-30
openSUSE openSUSE-SU-2011:0935-2 MozillaThunderbird 2011-08-30
SUSE SUSE-SU-2011:0967-1 Mozilla Firefox 2011-08-30
SUSE SUSE-SA:2011:037 MozillaFirefox,MozillaThunderbird,seamonkey 2011-08-29
openSUSE openSUSE-SU-2011:0958-1 firefox 2011-08-29
openSUSE openSUSE-SU-2011:0957-1 seamonkey 2011-08-29
Ubuntu USN-1185-1 thunderbird 2011-08-26
openSUSE openSUSE-SU-2011:0935-1 mozilla-nss 2011-08-23
Fedora FEDORA-2011-11084 gnome-web-photo 2011-08-18
Fedora FEDORA-2011-11084 galeon 2011-08-18
Fedora FEDORA-2011-11084 mozvoikko 2011-08-18
Fedora FEDORA-2011-11084 xulrunner 2011-08-18
Fedora FEDORA-2011-11084 perl-Gtk2-MozEmbed 2011-08-18
Fedora FEDORA-2011-11084 gnome-python2-extras 2011-08-18
Fedora FEDORA-2011-11084 firefox 2011-08-18
Fedora FEDORA-2011-11084 thunderbird-lightning 2011-08-18
Fedora FEDORA-2011-11087 thunderbird-lightning 2011-08-18
Fedora FEDORA-2011-11084 thunderbird 2011-08-18
Fedora FEDORA-2011-11087 thunderbird 2011-08-18
Debian DSA-2297-1 icedove 2011-08-21
Ubuntu USN-1184-1 firefox, xulrunner-1.9.2 2011-08-19
Ubuntu USN-1192-2 mozvoikko 2011-08-17
Debian DSA-2296-1 iceweasel 2011-08-17
Ubuntu USN-1192-1 firefox 2011-08-17
Debian DSA-2295-1 iceape 2011-08-17
Mandriva MDVSA-2011:127 mozilla 2011-08-17
Scientific Linux SL-fire-20110816 firefox 2011-08-16
Scientific Linux SL-thun-20110816 thunderbird 2011-08-16
Scientific Linux SL-thun-20110816 thunderbird 2011-08-16
Scientific Linux SL-seam-20110816 seamonkey 2011-08-16
CentOS CESA-2011:1164 firefox 2011-08-17
CentOS CESA-2011:1165 thunderbird 2011-08-17
CentOS CESA-2011:1167 seamonkey 2011-08-17
Red Hat RHSA-2011:1166-01 thunderbird 2011-08-16
Red Hat RHSA-2011:1165-01 thunderbird 2011-08-16
Red Hat RHSA-2011:1167-01 seamonkey 2011-08-16
Red Hat RHSA-2011:1164-01 firefox 2011-08-16

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds