User: Password:
Subscribe / Log in / New account


Brief items

A weak cryptoloop implementation in Linux?

The "cryptoloop" code in the Linux kernel allows "loopback" mounts of filesystems. Essentially, cryptoloop looks like a block driver which encrypts data on its way through. It can thus be used to add encryption to any of the standard Linux filesystems without changing the filesystem code itself.

Recently, in response to a bug report with the 2.6.1-mm3 cryptoloop implementation, Jari Ruusu made a disturbing claim:

If you want your data secure, you need to re-encrypt your data anyway. Mainline loop crypto implementation has exploitable vulnerability that is equivalent to back door. folks have always shipped back-doored loop crypto, and now mainline folks are shipping back-doored loop crypto. derivatives such as Debian, SuSE, and others are also back-doored.

It will come as no surprise that this message was followed by requests for more details on the "back-doored" cryptoloop. Jari obliged with a clear, technical explanation of what is going on. If you are using (or considering) cryptoloop. it is worth a look, even if there may be no need for immediate panic.

The problem, it seems, is that cryptoloop is susceptible to a certain kind of known plaintext attack. For any given filesystem type, the contents of certain sectors will be easy to predict. Given some time and an idle processor, an attacker can generate an exhaustive dictionary of likely passwords and the resulting ciphertext that will appear on disk. With access to the actual, encrypted disk, a quick lookup in the dictionary will yield the password and enable decryption of the entire filesystem. This attack is not practical for casual snoopers, but it would not be entirely surprising if government agencies and other, relatively organized groups had this sort of dictionary handy.

There are two ways of getting around this sort of problem. One is to choose a lengthy, non-obvious password. The other is to use salted passwords, where the password is modified by a randomly-chosen value before the data is encrypted. The salt value has to be retrievable, but it has the effect of requiring an attacker to create a separate dictionary for every possible number. If the range of salt values is large enough, salting the password will render the dictionary attack impractical.

The end result is that most cryptoloop users need not go into an immediate panic, but this weakness is worth being aware of. It would also be a good idea to get a stronger mechanism into the mainline kernel. There is little to be gained and much to be lost by shipping crypto code with known weaknesses.

Comments (23 posted)

IBM and SUSE get EAL3+ certification

IBM and SUSE have sent out an announcement stating that SUSE LINUX Enterprise Server 8 ("with service pack 3"), when running on IBM eServer systems, has been awarded Common Criteria EAL3+ certification. This certification is a step beyond the EAL2 level reached last year. SUSE's distribution, once again, becomes the first to achieve this level of security certification.

Full Story (comments: none)

New vulnerabilities

kdepim: VCF file information reader vulnerability

Package(s):kdepim CVE #(s):CAN-2003-0988
Created:January 15, 2004 Updated:May 26, 2004
Description: KDE has issued a security advisory for all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4 inclusive. A carefully crafted .VCF file potentially enables local attackers to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2003-0988 to this issue.
Fedora FEDORA-2004-133 kdepim 2004-05-19
Gentoo 200404-02 kde-pim 2004-04-06
Whitebox WBSA-2004:005-01 kdepim 2004-02-12
Conectiva CLA-2004:810 kdepim 2004-01-20
Slackware SSA:2004-014-01 kdepim 2004-01-14
Mandrake MDKSA-2004:003 kdepim 2004-01-14
Red Hat RHSA-2004:006-01 kdepim 2004-01-07

Comments (none posted)

kernel: privilege vulnerability on AMD64

Package(s):kernel CVE #(s):CAN-2004-0001
Created:January 16, 2004 Updated:February 17, 2004
Description: On AMD64 systems, a fix was made to the eflags checking in 32-bit ptrace emulation that could have allowed local users to elevate their privileges. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2004-0001 to this issue.
Gentoo 200402-06 kernel 2004-02-17
Red Hat RHSA-2004:017-01 kernel 2004-01-13

Comments (none posted)

mc: arbitrary code execution

Package(s):mc CVE #(s):CAN-2003-1023
Created:January 16, 2004 Updated:April 5, 2004
Description: A vulnerability was discovered in Midnight Commander, a file manager, whereby a malicious archive (such as a .tar file) could cause arbitrary code to be executed if opened by Midnight Commander.
OpenPKG OpenPKG-SA-2004.009 mc 2004-04-05
Gentoo 200403-09 mc 2004-03-29
Conectiva CLA-2004:833 mc 2004-03-31
SCO Group CSSA-2004-014.0 mc 2004-03-25
Whitebox WBSA-2004:035-01 mc 2004-02-12
Fedora FEDORA-2004-058 mc 2004-02-09
Red Hat RHSA-2004:035-01 mc 2004-01-19
Mandrake MDKSA-2004:007 mc 2004-01-26
Red Hat RHSA-2004:034-01 mc 2004-01-19
Debian DSA-424-1 mc 2004-01-16

Comments (none posted)

netpbm: insecure temporary files

Package(s):netpbm CVE #(s):CAN-2003-0924
Created:January 19, 2004 Updated:December 29, 2004
Description: netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool.
Conectiva CLA-2004:909 netpbm 2004-12-29
Gentoo 200410-02 netpbm 2004-10-04
Mandrake MDKSA-2004:011-1 netpbm 2004-09-27
Whitebox WBSA-2004:031-01 NetPBM 2004-02-12
Mandrake MDKSA-2004:011 netpbm 2004-02-11
Red Hat RHSA-2004:030-01 netpbm 2004-02-05
Fedora FEDORA-2004-068 netpbm 2004-02-06
Red Hat RHSA-2004:031-01 symlink 2004-01-22
Debian DSA-426-1 netpbm-free 2004-01-18

Comments (1 posted)

qmail: integer overflow

Package(s):qmail CVE #(s):
Created:January 21, 2004 Updated:January 21, 2004
Description: The qmail-smtpd server suffers from an integer overflow which may be exploited to crash (one instance of) the server process. It is not clear, at this point, whether the overflow may be exploited for more useful ends; the claims made in this advisory regarding overwriting of memory have been disputed. A patch has been posted which fixes the problem.
Alerts: (No alerts in the database for this vulnerability)

Comments (none posted)

slocate: buffer overflow

Package(s):slocate CVE #(s):CAN-2003-0848
Created:January 20, 2004 Updated:February 16, 2004
Description: A vulnerability was discovered in slocate, a program to index and search for files, whereby a specially crafted database could overflow a heap-based buffer. This vulnerability could be exploited by a local attacker to gain the privileges of the "slocate" group, which can access the global database containing a list of pathnames of all files on the system, including those which should only be visible to privileged users. This problem, and a category of potential similar problems, can be fixed by modifying slocate to drop privileges before reading a user-supplied database.
Fedora-Legacy FLSA:1232 slocate 2004-02-11
Whitebox WBSA-2004:041-01 slocate 2004-02-12
SCO Group CSSA-2004-001.0 slocate 2004-02-10
Fedora FEDORA-2004-059 slocate 2004-01-26
Red Hat RHSA-2004:041-01 slocate 2004-01-22
Mandrake MDKSA-2004:004 slocate 2004-01-23
Trustix 2004-0005 slocate 2004-01-21
Debian DSA-428-1 slocate 2004-01-20

Comments (none posted)

tcpdump: flaws in the ISAKMP decoding routines

Package(s):tcpdump CVE #(s):CAN-2003-0989 CAN-2004-0057 CAN-2004-0055
Created:January 15, 2004 Updated:April 6, 2004
Description: George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2003-0989 to this issue.

Jonathan Heusser discovered two additional flaws in the ISAKMP decoding routines of tcpdump versions up to and including 3.8.1. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2004-0057 to this issue.

Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2004-0055 to this issue.

Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these packets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user.

Gentoo 200404-03 tcpdump 2004-03-31
Fedora FEDORA-2004-091 tcpdump 2004-03-04
SCO Group CSSA-2004-008.0 tcpdump 2004-03-02
Fedora FEDORA-2004-092 tcpdump 2004-03-02
Whitebox WBSA-2004:008-01 tcpdump 2004-02-12
Fedora-Legacy FLSA:1222 tcpdump 2004-01-31
Mandrake MDKSA-2004:008 tcpdump 2004-01-26
EnGarde ESA-20040119-002 tcpdump 2004-01-19
Debian DSA-425-1 tcpdump 2004-01-16
OpenPKG OpenPKG-SA-2004.002 tcpdump 2004-01-16
Trustix 2004-0004 tcpdump 2004-01-05
SuSE SuSE-SA:2004:002 tcpdump 2004-01-14
Red Hat RHSA-2004:008-01 tcpdump 2004-01-15
Red Hat RHSA-2004:007-01 tcpdump 2004-01-14

Comments (none posted)


January CRYPTO-GRAM newsletter

Bruce Schneier's CRYPTO-GRAM newsletter for January is out. This issue looks almost exclusively at airline security in one form or another.

Full Story (comments: none)

2003 viruses caused $55B damage, antivirus firm says (ComputerWorld)

ComputerWorld is carrying a Reuters story quoting an antivirus company as estimating the total cost of viruses to businesses in 2003 at $55 billion. What the story doesn't cover is the portion of that cost which is due to Linux-based viruses. That figure is, of course, about $0.

Comments (none posted)

Page editor: Jonathan Corbet
Next page: Kernel development>>

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds