Security
GNU virtual private Ethernet
Virtual private networks (VPNs) are designed to overlay a second, secure network on top of the existing (insecure) Internet, but that network overlay can take a number of different forms depending on the precise security needs in question, how static or dynamic the network is, and other factors. GNU Virtual Private Ethernet (GVPE) is a free software VPN suite that takes a different approach to the problem than that of popular projects like OpenVPN. In particular, GVPE creates an actual network where all participating nodes can talk directly to one another, rather than setting up a point-to-point tunnel, and it tries to simplify VPN deployment by making encryption and other settings into compile-time options.
The latest release is version 2.25, from July 2013. Prior to 2.25's release, the last update was from February 2011, and the one before that from 2009. Suffice it to say, then, that GVPE is not a rapidly moving target. But there are several changes in 2.25 that users should take note of. It is also noteworthy, however, that developer Marc Lehmann announced in the release notes that 2.25 would be the final release in the 2.x line—subsequent releases will be changing the underlying message protocol, and will be numbered 3.x to indicate the ABI break.
Background
GVPE is designed to handle a use case most other VPN tools do not: connecting multiple nodes—as in "more than two"—into a single virtual network. The difference is not in how many clients computers can use the VPN, but in how the participating nodes connect. Most other VPN software is optimized for creating site-to-site tunnels that provide a link from one LAN to another, which serves the commonplace usage scenario of connecting to an office VPN from a single laptop or remote home office. For example, a gateway router or a machine on the LAN is set up to serve as an OpenVPN server, creating either a layer-2 (link-layer) or layer-3 (IP layer) tunnel to a remote OpenVPN client, using the kernel's TUN/TAP driver. OpenVPN is generally geared toward IP-layer tunneling, however.
While multiple network sites can be connected in such a fashion, the more sites there are, the more difficult the configuration is to set up and maintain. A separate tunnel needs to be configured between each site and at least one other—either in a star topology with one site serving as a hub, or else with routing rules for each tunnel configured at each site.
GVPE, is designed to simplify this multi-site configuration. It runs separately on each node participating in the VPN, with the same configuration file at each node. The "virtual Ethernet" segment that connects the nodes is, in a sense, a separate network—it provides a network interface for the VPN that exists alongside the normal network. The VPN provides multiple entry points, each client can talk directly to the others, and any node can be taken offline at any time without disconnecting the rest. GVPE is very much a link-layer VPN in this respect; even broadcast Ethernet frames are supported. Consequently, any network protocol stack that can run over Ethernet can run over a GVPE network, which provides considerable flexibility in setting up the virtual network.
On the other hand, the flexibility in GVPE's network topology comes at the cost of a bit less flexibility where the security design is concerned. GVPE uses public-private key pairs for each node to secure its traffic. But the ciphers and digest algorithms that are used must be chosen when GVPE is configured and built (the defaults are RIPEMD-160 for the digest and AES-128 for encryption). The cipher and digest choices are passed to the configure script. Selecting just one of each makes it possible to build smaller binaries (with, in theory, a smaller attack surface). The transport protocols over which GVPE will run (raw IP, UDP, ICMP, TCP, and even DNS are supported) are specified in the configuration file, along with a list of all of the GVPE nodes participating in the virtual network. The nodes can be specified by IP address or by hostname.
Compared to OpenVPN, this configuration file is quite simple; for example, a three-site network could make do with:
enable-rawip = yes
ifname = vpn0
node = site1
hostname = 192.168.1.100
node = site2
hostname = db.example.com
node = secrethq
hostname = tahiti.nsa.gov
and be fully connected. On the other hand, the configuration file must be distributed to every node, so adding, removing, or reconfiguring nodes and options necessitates propagating the changed file to all sites. Tools like rsync help, of course, but for large networks it could become a hassle—or worse, should the need arise to quickly remove a node from the VPN. Each node must also have an ifup script for the interface named in the configuration which assigns it an IP address for the private network. Finally, each node needs to have its own key pair created and its public key distributed to all of the other nodes. The private keys need to be distributed to their respective nodes securely, of course.
GVPE provides a command line tool called gvpectrl that can automatically read in the configuration file and create the key pairs needed for each node. Once the configuration file and appropriate keys are all in place, each node can start the GVPE daemon with:
gvpe -D theappropriatenodename
Subsequently, applications that need to use the private network may need to be configured either for the vpn0 virtual interface or for the private network IP address. Simple applications like ping may require no configuration; others like Apache need to be bound to the specific interface. Apart from being pointed at the VPN, however, applications should work automatically—an IMAP client just needs to know the IP address of its servers, whether they are on the VPN or the Internet. GVPE nodes establish a connection with Elliptic-Curve Diffie-Hellman key exchange, and the packets include hash message authentication codes (HMAC) as checksums.
The protocol header includes the source and destination IDs of each node, so that nodes can route messages. These IDs can be assigned in the configuration file, but by default they are the integer number of the nodes in the order they are listed in the file. That has the benefit of being generic, rather than being taken from (and revealing) some property of the node, like MAC address. Node-to-node traffic is connection-oriented, with sequence numbers in each packet; retries include exponential back-off.
GVPE does not have to run on the actual client machines; it can also be run on gateway routers to connect entire networks. However, the routing configuration in such a scenario is understandably more complex, as is setting up firewall rules to restrict access to the private network. But GVPE is designed to eliminate much of this complexity by running on each client node—one of the project's repeated bullet-point features is that it allows clients to conduct private networking without trusting any of the intermediary network.
The future
GVPE has not changed much in recent releases. Version 2.25 introduces two changes that affect backward compatibility with existing deployments—although neither change demands much reconfiguration.
First, it is no longer possible to enable UDP as the sole transport protocol. The release notes say that this is necessary because, in some situations, nodes need to negotiate their connection to another node without knowing what transport protocols the other node can speak. That negotiation requires contacting a third GVPE node that can act as a router, and UDP's connection-less nature prohibits that negotiation. Second, the DNS transport protocol has been altered; the change breaks compatibility with previous releases (changing the encoding used for SYNs and headers, among other things), although the project warns users to use DNS transport only as a last resort to sneak through stubborn firewalls anyway. Other changes include the addition of the SHA-256 and SHA-512 digests as HMAC options and additional options for configuring the GVPE daemon's chroot behavior.
Considering the fact that changes to the DNS transport and the
allowable transport protocol settings may force some current 2.x users
to update their configurations, one might well ask what to expect in
the forthcoming 3.x series. To that question, Lehmann's announcement
only says that the GVPE message protocol itself will change, "to
take advances in the last decade into account
". What that
means is not entirely clear, although he does note how key lengths and
hash functions have evolved in the intervening years.
In the meantime, though, GVPE offers an interesting feature set that differs considerably from the "traditional" VPN model. Not only can nodes communicate without trusting the network itself, but the endpoint-to-endpoint encryption means that they do not have to trust other nodes on the network, either. True, the manual propagation of the configuration file and keys does mean that users need to trust the administrator who sets up the system, but that is ultimately true in almost all networks, private and virtual ones included.
Brief items
Security quotes of the week
It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive.
Your visual how-to guide for SELinux policy enforcement (opensource.com)
Over at opensource.com, SELinux hacker Dan Walsh describes SELinux policy enforcement using dogs and cats. It has lots of cute cartoons (by Máirín Duffy) of the interaction between various types of dogs, a cat, food meant for each, and Tux as an enforcer of the food policies. It looks at type enforcement (TE), multi-category security (MCS), and multi-level security (MLS) using dog/cat analogies as well as relating them to the "real world". "SElinux is a labeling system. Every process has a label. Every file/directory object in the operating system has a label. Even network ports, devices, and potentially hostnames have labels assigned to them. We write rules to control the access of a process label to an a object label like a file. We call this policy. The kernel enforces the rules."
New vulnerabilities
chromium: multiple vulnerabilities
| Package(s): | chromium-browser-stable | CVE #(s): | CVE-2013-2931 CVE-2013-6621 CVE-2013-6622 CVE-2013-6623 CVE-2013-6624 CVE-2013-6625 CVE-2013-6626 CVE-2013-6627 CVE-2013-6628 CVE-2013-6629 CVE-2013-6630 CVE-2013-6631 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 14, 2013 | Updated: | December 13, 2013 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Mageia advisory: Various fixes from internal audits, fuzzing and other initiatives (CVE-2013-2931). Use after free related to speech input elements (CVE-2013-6621). Use after free related to media elements (CVE-2013-6622). Out of bounds read in SVG (CVE-2013-6623). Use after free related to “id” attribute strings (CVE-2013-6624). Use after free in DOM ranges (CVE-2013-6625). Address bar spoofing related to interstitial warnings (CVE-2013-6626). Out of bounds read in HTTP parsing (CVE-2013-6627). Issue with certificates not being checked during TLS renegotiation (CVE-2013-6628). libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). libjpeg-turbo will use uninitialized memory when handling Huffman tables (CVE-2013-6630). Use after free in libjingle (CVE-2013-6631). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
chromium: code execution
| Package(s): | chromium-browser | CVE #(s): | CVE-2013-6632 | ||||||||||||||||||||||||||||
| Created: | November 18, 2013 | Updated: | December 1, 2013 | ||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
Pinkie Pie discovered multiple memory corruption issues. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
curl: unchecked ssl certificate host name
| Package(s): | curl | CVE #(s): | CVE-2013-4545 | ||||||||||||||||||||||||||||||||||||||||
| Created: | November 18, 2013 | Updated: | December 13, 2013 | ||||||||||||||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain. | ||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||
Foreman: SQL injection
| Package(s): | Foreman | CVE #(s): | CVE-2013-4386 | ||||
| Created: | November 15, 2013 | Updated: | November 20, 2013 | ||||
| Description: | From the Red Hat advisory: It was found that Foreman did not correctly sanitize values of the "fqdn" and "hostgroup" parameters, allowing an attacker to provide a specially crafted value for these parameters and perform an SQL injection attack. | ||||||
| Alerts: |
| ||||||
gnutls: off-by-one error
| Package(s): | gnutls | CVE #(s): | CVE-2013-4487 | ||||||||
| Created: | November 18, 2013 | Updated: | November 20, 2013 | ||||||||
| Description: | From the Red Hat bugzilla:
GnuTLS upstream recently fixed a bug, which seems to have emerged due to the fix implemented in CVE-2013-4466. | ||||||||||
| Alerts: |
| ||||||||||
ibus: password disclosure
| Package(s): | ibus | CVE #(s): | CVE-2013-4509 | ||||||||||||||||||||||||
| Created: | November 18, 2013 | Updated: | February 24, 2014 | ||||||||||||||||||||||||
| Description: | From the openSUSE advisory:
This is an additional fix patch for ibus to avoid the wrong IBus.InputPurpose.PASSWORD advertisement, which leads to the password text appearance on GNOME3 lockscreen | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
mozilla: plaintext-recovery attack
| Package(s): | firefox | CVE #(s): | CVE-2013-2566 | ||||||||||||||||||||||||||||
| Created: | November 20, 2013 | Updated: | November 20, 2013 | ||||||||||||||||||||||||||||
| Description: | From the CVE entry:
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
nagios: symbolic link attack
| Package(s): | nagios | CVE #(s): | CVE-2013-2029 CVE-2013-4214 | ||||
| Created: | November 19, 2013 | Updated: | November 20, 2013 | ||||
| Description: | From the Red Hat advisory:
Multiple insecure temporary file creation flaws were found in Nagios. A local attacker could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2029, CVE-2013-4214) | ||||||
| Alerts: |
| ||||||
nss: multiple vulnerabilities
| Package(s): | mozilla-nss | CVE #(s): | CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 19, 2013 | Updated: | June 13, 2014 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries:
Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. (CVE-2013-1741) Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. (CVE-2013-5605) The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (CVE-2013-5606) From the openSUSE advisory: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
python-django: cross-site scripting
| Package(s): | python-django | CVE #(s): | CVE-2013-6044 | ||||
| Created: | November 15, 2013 | Updated: | November 20, 2013 | ||||
| Description: | From the Red Hat advisory: It was discovered that the django.utils.http.is_safe_url() function considered any URL that used a scheme other than HTTP or HTTPS (for example, "javascript:") as safe. An attacker could potentially use this flaw to perform cross-site scripting (XSS) attacks. | ||||||
| Alerts: |
| ||||||
python-djblets: cross-site scripting
| Package(s): | python-djblets | CVE #(s): | CVE-2013-4519 | ||||||||||||||||
| Created: | November 18, 2013 | Updated: | November 26, 2013 | ||||||||||||||||
| Description: | From the Red Hat bugzilla:
A flaw in the display of the branch field of a review request allows an attacker to inject arbitrary HTML, allowing attackers to construct scripts that run in the context of the page. A flaw in the display of the alt text for an uploaded screenshot or image file attachment allows an attacker to inject arbitrary HTML through the caption field, allowing attackers to construct scripts that run in the context of the page. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
samba: multiple vulnerabilities
| Package(s): | samba | CVE #(s): | CVE-2013-4475 CVE-2013-4476 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 19, 2013 | Updated: | December 9, 2013 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries:
Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). (CVE-2013-4475) Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. (CVE-2013-4476) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
torque: code execution
| Package(s): | torque | CVE #(s): | CVE-2013-4495 | ||||||||||||||||
| Created: | November 14, 2013 | Updated: | November 21, 2013 | ||||||||||||||||
| Description: | From the Debian advisory: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
varnish: denial of service
| Package(s): | varnish | CVE #(s): | CVE-2013-4484 | ||||||||||||||||||||||||||||||||
| Created: | November 15, 2013 | Updated: | May 6, 2014 | ||||||||||||||||||||||||||||||||
| Description: | From the openSUSE bug report: A denial of service flaw was found in the way Varnish Cache handled certain GET requests when using certain configurations. A remote attacker could use this flaw to crash a worker process. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
Page editor: Jake Edge
Next page:
Kernel development>>