Security
Changes in the TLS certificate ecosystem, part 1
TLS certificates are the basis for most encrypted connections on the internet and for HTTPS in particular. This system, where certificate authorities issue certificates for a fee to associate the ownership of a domain with the key contained in the certificate, has gotten a bad reputation over the years. But a lot has changed recently to improve the security of the TLS certificate ecosystem. New technologies like HTTP Public Key Pinning and Certificate Transparency allow detecting and sometimes preventing the use of rogue certificates—and browser vendors have become much less willing to accept misbehavior by certificate authorities.
If one wants to get a feeling for what the situation was like just a few years ago it's worth watching a talk [YouTube] that Moxie Marlinspike gave at the Black Hat conference in 2011. Marlinspike starts his talk by reflecting about several incidents regarding the certificate authority Comodo. The company got attacked earlier that year and had issued bogus certificates for domains like www.google.com or addons.mozilla.org in an attack that presumably came from Iran. It wasn't only the incident itself that got experts like Marlinspike frustrated with Comodo, it was also the company's reaction. Public statements that downplayed the issue showed a severe lack of understanding of what was going on technically.
Although Comodo had endangered the secure connections for major internet services and it showed no ability to responsibly handle such issues, the incident had no major consequences for the company. It was often said that Comodo was "too big to fail". At that time, a quarter of the internet's HTTPS connections relied on Comodo certificates. It was unlikely that any browser vendor would take the step of removing the Comodo root certificates and declaring Comodo-signed certificates as untrusted.
It is no surprise that many people saw the whole system of certificate authorities as a big scam. Companies are taking money for the issuance of certificates, which are the basis for secure internet connections, but those companies had little accountability when problems arose. However a lot has changed in the past few years.
Certificate Transparency
One technology that is trying to improve the security of the certificate authority system is called Certificate Transparency and it was developed by Google.
The idea behind Certificate Transparency is to have public logs of certificates issued that can be verified and observed by everyone. All certificates are required to be submitted to those logs. Before a certificate authority issues a new certificate it would submit a pre-certificate, with almost the same information as the normal certificate, to the log. The only additional information that is added to the final certificate are signed certificate timestamps (SCT) from the logs that serve as a proof that the certificate has been logged. The logs use a structure called a Merkle hash tree that provides proof that the certificate has been added and allows others to check that the log is operating correctly.
Up until recently, Google required the support of Certificate Transparency for all Extended Validation certificates, which show a green bar with a company name in the Chrome browser. Those certificates require a more stringent check of the identity of the certificate owner. In the future, the plan is to require Certificate Transparency for all certificates in order to be accepted by the Chrome browser.
The basic idea of Certificate Transparency is that nobody can issue a certificate without making it public. Site operators can therefore regularly check the public logs to see whether they contain any certificates for their domains that they haven't requested themselves. That would be a red flag that something has gone awry.
A challenge remains to determine what happens when a browser cannot verify the validity of a certificate via the log. For example, if a log is offline or an attacker prevents the connection to the log, what should happen? Certificate Transparency explicitly does not try to prevent authorities from issuing bad certificates, it only tries to make sure that they are detectable. In that case that a browser sees a certificate that it cannot verify, a gossip protocol is planned for the browser to send information about that incident to other parties. However, the details of the gossip protocol still have to be worked out.
Symantec caught by transparency logs
Certificate Transparency recently played a crucial role in uncovering the issuance of rogue certificates by Symantec, which is Comodo's largest competitor in the certificate market. In a lot of ways, the issue was minor compared to what happened with Comodo a few years earlier, but was still serious. Symantec had issued a number of test certificates that were only valid for one day, but were logged, seemingly as part of the normal certificate-generation mechanism. Some of these were for Google domains. There is no evidence that any of these certificates were used in the wild and—at least if one believes Symantec's claims—the private key corresponding to these certificates never left its systems. The bad certificates were found by Google through the logs of the Certificate Transparency system.
Shortly after the incident, Symantec issued a blog post explaining the incident and announcing that the employees responsible for it had been terminated. Later, Symantec released a report [PDF] claiming that it found 76 certificates that had been issued in error.
Google wasn't happy with that report. Its own engineers were quickly able to identify more rogue certificates in the Certificate Transparency logs. Eventually, it turned out that Symantec had issued over 2,000 bad test certificates, many of them for domains that didn't exist. Since April 2014, the Baseline Requirements of the CA/Browser forum [PDF]—a rule set for the operation of certificate authorities—clearly forbids the creation of certificates for nonexistent domains.
"It's obviously concerning that a CA would have such a long-running
issue and that they would be unable to assess its scope after being alerted
to it and conducting an audit
", Google engineer Ryan Sleevi wrote
in a blog
post following that discovery. In that post, Google demanded that all certificates issued by Symantec must support the Certificate Transparency system by
June 1, 2016. Also Google demanded an independent third-party
audit to investigate the incident, along with an explanation why the first
investigation from Symantec didn't find the additional certificates that
Google found within minutes by checking the Certificate Transparency
logs. Google also made it clear that it would consider further actions if
Symantec didn't comply with the requests.
The message Google sends out here is pretty clear: It won't accept behavior that endangers the security of the TLS ecosystem—and whoever behaves badly will face consequences.
The issuance of certificates for nonexistent or invalid domains has caused other certificate authorities to look for similar issues. Comodo engineer Rob Stradling reported that the company had found a couple of certificates issued for internal domain names and IP addresses. Among others, it had accidentally issued certificates for the names "help" and "mailarchive". Comodo had also found that other certificate authorities have published similar certificates.
CNNIC removed from browsers
Earlier this year Google and Mozilla showed that they were willing to remove certificate authorities from their browsers for misbehavior. The Chinese certificate authority CNNIC was caught issuing rogue certificates. CNNIC had issued a so-called intermediate certificate to the Egyptian company MCS. There it was used to intercept TLS traffic. Such TLS-interception proxies are controversial, but they are quite common in many enterprise firewall products. They are used to create and sign certificates on the fly and are therefore able to use man-in-the-middle attacks to inspect encrypted traffic. However, usually these devices create their own certificate roots that have to be manually installed into the users' browsers.
Using browser-accepted intermediate certificates for TLS interception is nothing new. In 2012, the company Trustwave has publicly admitted that it had sold an intermediate certificate to be used in an interception device. This spurred a hot debate on whether Trustwave should be removed from the Firefox browser. In the end it was allowed to stay, but browser vendors made it clear that they find the practice not to be acceptable.
When CNNIC was caught in 2015, the vendors were less forgiving. Shortly after the incident, both Chrome and Mozilla announced that they would not accept new certificates signed by CNNIC. They would still accept existing certificates signed by CNNIC until they expired, but they would refuse to accept any new certificates.
Replace or improve?
The core problem of the TLS certificate system is that there exist hundreds of certificate authorities. And unless extra protection measures are in place, each of those can create valid certificates for any domain. Therefore the whole system is only as strong as the weakest of all certificate authorities. In addition, that means there is no advantage for users to choose an especially trustworthy certificate authority.
These failures of certificate authorities in the past have spurred many proposals of how to replace the system of certificate authorities. However, none has been successful so far.
Marlinspike proposed a system called Covergence in 2011. The concept of Convergence was that several independent notaries would check whether they all see the same certificate for a domain. Through an indirection, the notaries wouldn't know who the user was. The general idea is that an attacker may be able to fool a user with a rogue certificate via a man-in-the-middle attack, but won't be able to fool all the notaries. However, that depends on the power of an attacker. If the attacker is positioned near the target server or has control over the internet routing system via the BGP protocol, a system like Convergence may be even less secure than the existing system.
In 2011 the Electronic Frontier Foundation outlined ideas for a system called Sovereign Keys. The basic building block was an endless log—similar to the Bitcoin blockchain—that would hold information about all certificates. Sovereign Keys was just a rough proposal and it was never implemented. Many saw it as too complex. However some of the ideas from Sovereign Keys were later incorporated into Certificate Transparency.
Another idea that has been on the table for a while is called DANE (DNS-based Authentication of Name Entities). The idea is to use DNS records protected by DNSSEC to provide information about certificates. The dependency on DNSSEC is DANE's biggest problem: DNSSEC has been around for a long time, but it hasn't been deployed at any relevant scale. While there has been some movement in deploying DNSSEC on the server side, the deployment on clients—which would be needed if it were be used to verify TLS certificates—is almost zero. And there are some serious doubts whether deployment on clients is feasible at all. Many IT security experts are skeptical about DNSSEC and doubt the system will ever gain widespread adoption.
While there have been plenty of calls to abolish the system of certificate authorities, all alternatives proposed until now have failed. It looks like certificate authorities are here to stay. The debate has therefore shifted to technologies that improve the current system. Next week, we will follow up with how HTTP Public Key Pinning can make the system of TLS certificates safer and what challenges remain in the certificate ecosystem.
Brief items
Security quotes of the week
This is significantly less true in the kernel. The model up until now has largely been "Fix security bugs as we find them", an approach that fails on two levels:
1) Once we find them and fix them, there's still a window between the fixed version being available and it actually being deployed
2) The forces of good may not be the first ones to find them
This reactive approach is fine for a world where it's possible to push out software updates without having to perform extensive testing first, a world where the only people hunting for interesting kernel vulnerabilities are nice people. This isn't that world, and this approach isn't fine.
The kernel of the argument (Washington Post)
Here's a lengthy Washington Post feature on the security (or lack thereof) of the Linux kernel; it features a number of familiar names. "Even many Linux enthusiasts see a problem with this from a security perspective: There is no systemic mechanism for identifying and remedying problems before hackers discover them, or for incorporating the latest advances in defensive technologies. And there is no chief security officer for the Linux kernel."
Linux Ransomware Debut Fails on Predictable Encryption Key (Bitdefender Labs)
Bitdefender Labs takes a look at Linux.Encoder.1 ransomware. "Linux.Encoder.1 is executed on the victim’s Linux box after remote attackers leverage a flaw in the popular Magento content management system app. Once executed, the Trojan looks for the /home, /root and /var/lib/mysql folders and starts encrypting their contents. Just like Windows-based ransomware, it encrypts the contents of these files using AES (a symmetric key encryption algorithm), which provides enough strength and speed while keeping system resources usage to a minimum. The symmetric key is then encrypted with an asymmetric encryption algorithm (RSA) and is prepended to the file, along with the initialization vector used by AES." Once the files are encrypted the hackers demand a fee in exchange for the RSA private key to decrypt the AES symmetric one. However, Bitdefender researchers were able to recover the AES key without having to decrypt it with the RSA private key. One can also thwart this threat with some good backups. (Thanks to Richard Moore)
New vulnerabilities
ipsilon: denial of service
| Package(s): | ipsilon | CVE #(s): | CVE-2015-5301 | ||||||||||||
| Created: | November 9, 2015 | Updated: | November 11, 2015 | ||||||||||||
| Description: | From the Red Hat bugzilla:
It was found that Ipsilon does not check whether a user is authorized to delete a service provider. This makes it possible for any authenticated user to delete any service provider, causing a denial of service. | ||||||||||||||
| Alerts: |
| ||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2015-5307 CVE-2015-7833 CVE-2015-7990 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 10, 2015 | Updated: | December 16, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
CVE-2015-5307: Ben Serebrin from Google discovered a guest to host denial of service flaw affecting the KVM hypervisor. A malicious guest can trigger an infinite stream of "alignment check" (#AC) exceptions causing the processor microcode to enter an infinite loop where the core never receives another interrupt. This leads to a panic of the host kernel. CVE-2015-7833: Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a flaw in the processing of certain USB device descriptors in the usbvision driver. An attacker with physical access to the system can use this flaw to crash the system. CVE-2015-7990: It was discovered that the fix for CVE-2015-6937 was incomplete. A race condition when sending a message on unbound socket can still cause a NULL pointer dereference. A remote attacker might be able to cause a denial of service (crash) by sending a crafted packet. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
krb5: unspecified vulnerability
| Package(s): | krb5 | CVE #(s): | CVE-2015-2698 | ||||||||||||||||||||||||||||
| Created: | November 9, 2015 | Updated: | December 28, 2015 | ||||||||||||||||||||||||||||
| Description: | An unspecified vulnerability was fixed in krb5-1.13.2 and krb5-1.12.2.
From the Mageia advisory: In any MIT krb5 release with the patches for CVE-2015-2696 applied, an application which calls gss_export_sec_context() may experience memory corruption if the context was established using the IAKERB mechanism. Historically, some vulnerabilities of this nature can be translated into remote code execution, though the necessary exploits must be tailored to the individual application and are usually quite complicated. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
libebml: multiple vulnerabilities
| Package(s): | libebml | CVE #(s): | |||||||||
| Created: | November 6, 2015 | Updated: | January 15, 2016 | ||||||||
| Description: | From the Mageia advisory: In EbmlMaster::Read() in libebml before 1.3.3, when the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting in memory access after freeing it and multiple attempts to free the same memory address during destruction (TALOS-CAN-0037). In EbmlUnicodeString::UpdateFromUTF8() in libebml before 1.3.3, when reading from a UTF-8 string in which the length indicated by a UTF-8 character's first byte exceeds the string's actual number of bytes the parser would access beyond the end of the string resulting in a heap information leak (TALOS-CAN-0036). | ||||||||||
| Alerts: |
| ||||||||||
libreoffice: multiple vulnerabilities
| Package(s): | libreoffice | CVE #(s): | CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 6, 2015 | Updated: | December 16, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Debian advisory: CVE-2015-4551 - Federico Scrinzi discovered an information leak in the handling of ODF documents. Quoting from https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/: "The LinkUpdateMode feature controls whether documents inserted into Writer or Calc via links will either not get updated, or prompt to update, or automatically update, when the parent document is loaded. The configuration of this option was stored in the document. That flawed approach enabled documents to be crafted with links to plausible targets on the victims host computer. The contents of those automatically inserted after load links can be concealed in hidden sections and retrieved by the attacker if the document is saved and returned to sender, or via http requests if the user has selected lower security settings for that document." CVE-2015-5212 - A buffer overflow in parsing the printer setup information in ODF documents may result in the execution of arbitrary code. CVE-2015-5213 / CVE-2015-5214 - A buffer overflow and an integer oect memory management in parsing Microsoft Word documents may result in the execution of arbitrary code. | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
libxml2: denial of service
| Package(s): | libxml2 | CVE #(s): | CVE-2015-8035 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 6, 2015 | Updated: | November 11, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Mageia advisory: A denial of service in libxml2 when parsing a specially crafted XML file if XZ support is enabled may cause applications to hang as the parsing never terminates. | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
libxslt: denial of service
| Package(s): | libxslt | CVE #(s): | CVE-2015-7995 | ||||||||||||||||||||||||
| Created: | November 6, 2015 | Updated: | June 20, 2016 | ||||||||||||||||||||||||
| Description: | From the Mageia advisory: A type confusion vulnerability in libxslt in xsltStylePreCompute() in preproc.c can lead to a denial of service. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
mediawiki: multiple vulnerabilities
| Package(s): | mediawiki | CVE #(s): | CVE-2015-8006 CVE-2015-8007 CVE-2015-8008 CVE-2015-8009 | ||||||||||||
| Created: | November 6, 2015 | Updated: | November 11, 2015 | ||||||||||||
| Description: | From the CVE request: CVE-2015-8006 - Extension:PageTriage - MediaWiki user Grunny discovered a DOM-based XSS in the way the extension handled page titles. CVE-2015-8007 - Extension:Echo - Internal review discovered that Echo could display deleted or suppressed usernames when the username was previously used to Thank users. CVE-2015-8008 - Extension:OAuth - Wikipedia user Sitic discovered that the OAuth extension did not correctly enforce the IP restrictions of a Consumer when using previously negotiated credentials. CVE-2015-8009 - Extension:OAuth - Wikipedia user Sitic discovered that OAuth would accept a valid signature from any Consumer when checking the authorization signature. This allowed a registered Consumer who gained access to another Consumer's users' access tokens and secrets to use those credentials. | ||||||||||||||
| Alerts: |
| ||||||||||||||
mozilla: multiple vulnerabilities
| Package(s): | firefox nspr nss xulrunner seamonkey | CVE #(s): | CVE-2015-7185 CVE-2015-7186 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 | ||||||||||||||||
| Created: | November 10, 2015 | Updated: | November 30, 2015 | ||||||||||||||||
| Description: | From the CVE entries:
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. (CVE-2015-7185) Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. (CVE-2015-7186) The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. (CVE-2015-7190) Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." (CVE-2015-7191) The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. (CVE-2015-7192) | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
owncloud: unspecified vulnerabilities
| Package(s): | owncloud | CVE #(s): | |||||||||||||||||
| Created: | November 9, 2015 | Updated: | November 16, 2015 | ||||||||||||||||
| Description: | From the Mageia advisory:
The owncloud package has been updated to version 8.0.9, which fixes undisclosed security issues and other bugs. See the ownCloud changelog for more information. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
php-horde-horde: cross-site request forgery
| Package(s): | php-horde-horde | CVE #(s): | |||||||||||||||||||||||||||||||||||||
| Created: | November 5, 2015 | Updated: | November 11, 2015 | ||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla entry:
Multiple CSRF vulnerabilities on various admin pages were found and fixed in 5.2.11 version. Upstream patch: https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
putty: memory corruption
| Package(s): | putty | CVE #(s): | CVE-2015-5309 | ||||||||||||||||||||||||||||||||
| Created: | November 11, 2015 | Updated: | December 2, 2015 | ||||||||||||||||||||||||||||||||
| Description: | From the Mageia advisory:
Versions of PuTTY 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence in the terminal emulator. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
python-pycurl: use-after-free vulnerability
| Package(s): | python-pycurl | CVE #(s): | |||||||||||||
| Created: | November 6, 2015 | Updated: | November 30, 2015 | ||||||||||||
| Description: | From the Red Hat bug report: A use-after-free vulnerability was found in Curl object's HTTPPOST setopt when a Unicode value is passed as a value with a FORM_BUFFERPTR. The str object created from the passed in unicode object would have its buffer used but the unicode object would be stored instead of the str object. | ||||||||||||||
| Alerts: |
| ||||||||||||||
sddm: denial of service
| Package(s): | sddm | CVE #(s): | CVE-2015-0856 | ||||||||
| Created: | November 6, 2015 | Updated: | November 11, 2015 | ||||||||
| Description: | From the Mageia advisory: Pavel Avgustinov discovered that SDDM does not disable the KDE crash handler, and certain themes would allow shell access to the sddm user as a result in case of a crash. | ||||||||||
| Alerts: |
| ||||||||||
sudo: privilege escalation
| Package(s): | sudo | CVE #(s): | CVE-2015-5602 | ||||||||||||||||||||||||
| Created: | November 9, 2015 | Updated: | June 27, 2016 | ||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla:
An unauthorized privilege escalation was found in sudoedit when a user is granted with root access to modify a particular file that could be located in a subset of directories. It seems that sudoedit does not check the full path if a wildcard is used twice (e.g. /home/*/*/file.txt), allowing a malicious user to replace the file.txt real file with a symbolic link to a different location (e.g. /etc/shadow), which results into unauthorized access. Affected versions are <= 1.8.14. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
wpa: multiple vulnerabilities
| Package(s): | wpa | CVE #(s): | CVE-2015-5310 CVE-2015-5314 CVE-2015-5315 CVE-2015-5316 | ||||||||||||
| Created: | November 11, 2015 | Updated: | November 11, 2015 | ||||||||||||
| Description: | From the Debian advisory:
CVE-2015-5310: Jouni Malinen discovered a flaw in the WMM Sleep Mode Response frame processing. A remote attacker can take advantage of this flaw to mount a denial of service. CVE-2015-5314 CVE-2015-5315: Jouni Malinen discovered a flaw in the handling of EAP-pwd messages which may result in a denial of service. CVE-2015-5316: Jouni Malinen discovered a flaw in the handling of EAP-pwd Confirm messages which may result in a denial of service. | ||||||||||||||
| Alerts: |
| ||||||||||||||
xen: multiple vulnerabilities
| Package(s): | xen | CVE #(s): | CVE-2015-7970 CVE-2015-7813 CVE-2015-7814 CVE-2015-7812 CVE-2015-7972 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 9, 2015 | Updated: | November 11, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries:
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. (CVE-2015-7970) Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c. (CVE-2015-7813) Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. (CVE-2015-7814) The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure." (CVE-2015-7972) From the Red Hat bugzilla: A vulnerability allowing malicious guest to crash the host was found. Early versions of Xen on ARM did not support "multicall" functionality (the ability to perform multiple operations via a single hypercall) and therefore stubbed out the functionality needed to support preemption of multicalls in a manner which crashed the host. When multicall support was subsequently added these stubs were not replaced with the correct functionality and therefore exposed to guests a code path which crashes the host. Any guest can issue a preemptable hypercall via the multicall interface to exploit this vulnerability. Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward. (CVE-2015-7812) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
Page editor: Jake Edge
Next page:
Kernel development>>