Security
Quantum random numbers
Good sources of random numbers are sometimes hard to come by. Random numbers need to be, well, random, which is something that random number tests can measure, but they also need to be readily available—in enormous quantities if at all possible. The recently announced Quantum Random Number Generator from the Australian National University (ANU) fits that bill nicely. It is, according to ScienceDaily, the fastest random number generator in the world.
The researchers have derived "true" random numbers by measuring the fluctuations in a quantum vacuum and providing them on a web site for anyone to use. True random numbers are those that come from a completely unpredictable physical process, as opposed to the more frequently encountered pseudo-random numbers generated by computer algorithms. The site describes the measurements used as follows:
The apparatus used is capable of generating 5.7 gigabits of random numbers
per second, but the site doesn't stream random bits at that rate due to
network bandwidth constraints. As the FAQ points out, there is no actual
guarantee that the numbers are truly random, but the statistics (many of
which are available on the site) show that the output is "consistent
with true randomness
". While any measured physical process could
have some unexpected bias, the only way to detect such a thing is via
statistical measurements of the output. That's true whether you are
flipping a coin 5.7 billion times a second or measuring a quantum vacuum.
So what can one do with such a source of (seemingly) true randomness? The ANU researchers have developed a few amusing examples, including a Matrix-like display driven by the random number stream, but there are practical uses as well. While Linux random numbers are generated using an algorithm (thus, pseudo-random), the entropy pool that feeds the algorithm is filled from (hopefully) unpredictable hardware events (e.g. keyboard, mouse, disk, and network). In some cases, especially for servers or embedded devices, many of the sources of entropy are not available. One could conceivably add entropy from a source of true randomness, either locally via a hardware random number generator or by retrieving some bits from afar.
In his "Wielding the ANU Quantum Random Number Generator" blog post, Luke Macken presents some code to use the stream. There are three parts to his quantumrandom project, a command-line tool to retrieve random data, a Python API for use in programs, and a character devices in user space (CUSE) based /dev/qrandom device. The latter will start three threads (by default) to fetch random numbers from the server, which can then be read from the device.
This isn't the first online source of true random numbers, nor will it be the last, presumably. Also, hardware random number generators are becoming more common, though they may not be producing data at anywhere near the rate of the ANU generator. Doing so would likely be serious overkill for a device targeted at a single system anyway.
As Macken points out, though, there is a potential problem lurking in ANU random numbers. Currently, there is no way to get them via an encrypted connection, which means that a man-in-the-middle adversary could gain access to the random bits. Depending on the application, that may not really be a problem. One could certainly take a suitably small random sample from a giant chunk of the random numbers supplied. Of course, choosing the random number for where to take the sample had better not be predictable either. Maybe a simulated lottery draw could help with that.
There is another question that should at least be considered: how trustworthy can random numbers downloaded from a server really be? One hopes that the researchers are on the level, but the security of the server itself may be in question. Since it is difficult to gather a large enough sample to preclude the possibility that some attacker has tampered with the data—by replaying chunks from a big static file of random numbers for example—that possibility exists. The fact that the data "looks" random from the outside is not any kind of guarantee. Caveat "emptor".
Brief items
Security quotes of the week
The rest of the article is pretty depressing. The TSA refuses to back down on any of its security theater measures. At the same time, its budget is being cut and more people are flying. The result: longer waiting times at security.
When the related server systems were seized, it created a quandary. If the servers were simply disconnected, all user systems currently infected with the trojan would no longer resolve Internet domain names to addresses, and would for all practical purposes be "cut off" from the Internet.
Android trojan steals keystrokes using phone movements (ars technica)
This ars technica article looks at a paper [PDF] describing an interesting technique for stealing data input on Android devices. "TapLogger, as their proof-of-concept application for phones running Google's Android operating system is called, masquerades as a benign game that challenges the end user to identify identical icons from a collection of similar-looking images. In the background, the trojan monitors readings returned by the phone's built-in accelerometer, gyroscope, and orientation sensors to infer phone numbers and other digits entered into the device. This then surreptitiously uploads them to a computer under the control of the attackers."
CERT Linux Triage Tools 1.0 Released
CERT has announced the release of version 1.0 of its "triage tools" for Linux. At its core, it is a Python-based GDB extension called "exploitable" that be used to determine the severity of a given vulnerability.
New vulnerabilities
asterisk: privilege escalation
| Package(s): | asterisk | CVE #(s): | CVE-2012-2414 CVE-2012-2415 | ||||||||||||||||
| Created: | April 25, 2012 | Updated: | May 7, 2012 | ||||||||||||||||
| Description: | From the Debian advisory:
CVE-2012-2414: David Woolley discovered a privilege escalation in the Asterisk manager interface. CVE-2012-2415: Russell Bryant discovered a buffer overflow in the Skinny driver. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
cobbler: privilege escalation
| Package(s): | cobbler | CVE #(s): | CVE-2011-4953 | ||||||||||||
| Created: | April 23, 2012 | Updated: | April 25, 2012 | ||||||||||||
| Description: | From the SUSE advisory:
privilege escalation via unsafe call to yaml.load instead of yaml.safe_load | ||||||||||||||
| Alerts: |
| ||||||||||||||
cobbler: code execution
| Package(s): | cobbler | CVE #(s): | CVE-2011-4952 CVE-2011-4954 | ||||||||
| Created: | April 24, 2012 | Updated: | April 25, 2012 | ||||||||
| Description: | From the openSUSE advisory:
Specially crafted YAML could allow attackers to execute arbitrary code due to the use of yaml.load instead of yaml.safe_load. | ||||||||||
| Alerts: |
| ||||||||||
csound: multiple vulnerabilities
| Package(s): | csound | CVE #(s): | CVE-2012-2106 CVE-2012-2107 CVE-2012-2108 | ||||
| Created: | April 23, 2012 | Updated: | April 25, 2012 | ||||
| Description: | From the Novell bugzilla [1], [2], [3]:
[1] csound: buffer overflow in pv_import [2] buffer overflow in lpc_import [3] Stack-based buffer overflow in lpc_import | ||||||
| Alerts: |
| ||||||
dropbear: code execution
| Package(s): | dropbear | CVE #(s): | CVE-2012-0920 | ||||||||||||||||
| Created: | April 25, 2012 | Updated: | September 27, 2013 | ||||||||||||||||
| Description: | From the Debian advisory:
Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
gallery2: cross-site scripting
| Package(s): | gallery2 | CVE #(s): | CVE-2012-1113 | ||||||||||||||||
| Created: | April 23, 2012 | Updated: | April 25, 2012 | ||||||||||||||||
| Description: | From the CVE entry:
Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2012-2123 CVE-2012-2121 CVE-2012-2119 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | April 24, 2012 | Updated: | December 4, 2013 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla [1], [2], [3]:
[1] Reported by Steve Grubb, if a process increases permissions using fcaps all of the dangerous personality flags which are cleared for suid apps should also be cleared. Thus programs given priviledge with fcaps will continue to have address space randomization enabled even if the parent tried to disable it to make it easier to attack. (CVE-2012-2123) [2] Currently we do not validate the vector length before calling get_user_pages_fast(), host stack could be easily overflowed by malicious guest driver who gives us a descriptors with length greater than MAX_SKB_FRAGS. A privileged guest user could use this flaw to induce stack overflow on the host with attacker non-controlled data (some bits can be guessed, as it will be pointers to kernel memory) but with attacker controlled length. (CVE-2012-2119) [3] KVM uses memory slots to track and map guest regions of memory. When device assignment is used, the pages backing these slots are pinned in memory using get_user_pages and mapped into the iommu. The problem is that when a memory slot is destroyed the pages for the associated memory slot are neither unpinned nor unmapped from the iommu. The problem is that those pages are now never unpinned and continue to have an increased reference count. This is therefore a potential page leak from the kvm kernel module. (CVE-2012-2121) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
mozilla: multiple vulnerabilities
| Package(s): | firefox, thunderbird | CVE #(s): | CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | April 25, 2012 | Updated: | July 23, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries:
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2012-0467) Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." (CVE-2012-0470) Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. (CVE-2012-0471) Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. (CVE-2012-0477) Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. (CVE-2012-0479) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
mozilla: multiple vulnerabilities
| Package(s): | firefox, thunderbird | CVE #(s): | CVE-2012-0468 CVE-2012-0469 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0478 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | April 25, 2012 | Updated: | June 13, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries:
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. (CVE-2012-0468) Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. (CVE-2012-0469) The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. (CVE-2012-0472) The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. (CVE-2012-0473) Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." (CVE-2012-0474) The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. (CVE-2012-0478) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
mysql: multiple vulnerabilities
| Package(s): | mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 | CVE #(s): | |||||
| Created: | April 24, 2012 | Updated: | April 25, 2012 | ||||
| Description: | Multiple security issues were discovered in MySQL.
See the MySQL documentation for version 5.1.62 and version 5.0.96. | ||||||
| Alerts: |
| ||||||
openssl: exploitable vulnerability
| Package(s): | openssl | CVE #(s): | CVE-2012-2110 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | April 19, 2012 | Updated: | May 10, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | A rather unhelpful description from the OpenSSL advisory: A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
openssl: exploitable vulnerability
| Package(s): | openssl0.9.8 | CVE #(s): | CVE-2012-2131 | ||||||||||||||||||||||||||||||||
| Created: | April 24, 2012 | Updated: | April 25, 2012 | ||||||||||||||||||||||||||||||||
| Description: | From the Mandriva advisory:
It was discovered that the fix for CVE-2012-2110 [an exploitable vulnerability] was not sufficient to correct the issue for OpenSSL 0.9.8. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
php5: directory traversal attack
| Package(s): | php5 | CVE #(s): | CVE-2012-1172 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | April 23, 2012 | Updated: | July 2, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the openSUSE advisory:
Scripts that accept multiple file uploads in a single request were potentially vulnerable to a directory traversal attack. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
quagga: multiple vulnerabilities
| Package(s): | quagga | CVE #(s): | CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | April 23, 2012 | Updated: | September 14, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries:
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. (CVE-2012-0249) Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. (CVE-2012-0250) The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). (CVE-2012-0255) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
typo3-src: cross-site scripting
| Package(s): | typo3-src | CVE #(s): | CVE-2012-2112 | ||||
| Created: | April 23, 2012 | Updated: | April 25, 2012 | ||||
| Description: | From the Debian advisory:
Helmut Hummel of the typo3 security team discovered that typo3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this output on their own or in the presence of extensions using the extbase MVC framework which accept objects to controller actions. | ||||||
| Alerts: |
| ||||||
wicd: local privilege escalation
| Package(s): | wicd | CVE #(s): | CVE-2012-2095 | ||||||||||||
| Created: | April 24, 2012 | Updated: | April 25, 2012 | ||||||||||||
| Description: | From the Fedora advisory:
The wicd daemon suffered from a local privilege escalation flaw due to incomplete input sanitization. A local attacker sould use this to inject arbitrary code through the D-Bus interface. | ||||||||||||||
| Alerts: |
| ||||||||||||||
wireshark: multiple vulnerabilities
| Package(s): | wireshark | CVE #(s): | CVE-2012-1595 CVE-2012-1596 | ||||||||||||||||||||||||||||||||
| Created: | April 19, 2012 | Updated: | April 25, 2012 | ||||||||||||||||||||||||||||||||
| Description: | From the Red Hat Bugzilla [1, 2]: CVE-2012-1595: An integer underflow, subsequently leading to request to allocate a large amount of memory was found in the way pcap and pcap-ng file parsers of Wireshark, a network traffic analyzer, processed Extension and / or Multi-Channel header information in ERF files. A remote attacker could provide a specially-crafted packet capture file (with size of full pseudoheader being greater than the packet size), which once opened by a local unsuspecting user would lead to wireshark executable abort. CVE-2012-1596: A memory allocation flaw was found in the way the MP2T dissector of Wireshark, a network traffic analyzer, processed capture files containig invalid pointer values used for packet length specification. A remote attacker could provide a specially-crafted packet capture file (causing unsigned length value to be reduced by more than its value, resulting into it being a very large value and attempt to allocate large amount of memory when reassembling the packet tvbuff to the requested length), which once opened by a local unsuspecting user would lead to wireshark executable abort. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
wireshark: multiple vulnerabilities
| Package(s): | wireshark | CVE #(s): | CVE-2012-1593 CVE-2012-1594 | ||||||||
| Created: | April 19, 2012 | Updated: | April 25, 2012 | ||||||||
| Description: | From the Red Hat Bugzilla [1, 2]: CVE-2012-1593: A NULL pointer dereference flaw was found in the way ANSI A dissector of the Wireshark, a network traffic analyzer, processed certain capture files (those causing wireshark to pass NULL packet information via a global variable to the call_dissector() routine). A remote attacker could provide a specially-crafted packet capture file, which once opened by a local unsuspecting user would lead to wireshark executable crash. CVE-2012-1594: A denial of service flaw was found in the way IEEE 802.11 dissector of Wireshark, a network traffic analyzer, processed certain capture files (16-bit integers were used as counters during loading of capture files for certain protocols). A remote attacker could provide a specially-crafted packet capture file, which once opened by a local unsuspecting user would lead to situation, where wireshark executable would never finish loading of such capture file (infinite loop). | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jake Edge
Next page:
Kernel development>>