Security
One-time passwords and GnuPG with Nitrokey
A few years ago, the hardware vendor Yubico made a bit of a splash when it introduced its YubiKey line of inexpensive hardware security tokens powered by open-source software. With its most recent product release, however, Yubico has dropped open source and started deploying only proprietary software in its devices. Consequently, many community members have started looking for a viable replacement that will adhere to open-source principles. At present, one of the leading contenders for Yubico's departed customers is Nitrokey, which manufactures a line of hardware tokens capable of generating one-time passwords (OTPs), storing and using OpenPGP keys, and several other features. The devices made by Nitrokey run open-source software and are open hardware as well.
To recap, Yubico had produced YubiKey products for several years and, historically, released its own open-source software for working with the devices. The original devices focused on OTP, and they were popularized by their ability to support the Hash-based message authentication code (HMAC)-based One-Time Password (HOTP) and the Time-based One-Time Password (TOTP) algorithms. HOTP and TOTP were already used in a number of two-factor authentication smartphone apps; the YubiKey's ability to replace a smartphone with a small, lightweight, and nigh-indestructible hardware token was a selling point.
The YubiKey NEO line expanded the available functionality by adding smartcard functionality; applets for OpenPGP and Open Authentication (OATH) were released as open-source software; source code for other applets was available on GitHub (even at that time, it should be noted, the YubiKey firmware itself was not open source). We looked at the YubiKey NEO in April 2014 and at the smartcard functionality in particular again that November.
In late 2015, Yubico released the Yubikey 4 product line,
which—for the first time—did not include source code.
When asked in a GitHub discussion, Yubico employee Dain Nilsson confirmed
that no source release would be made, and that the new devices were
running a proprietary OpenPGP implementation. "We're all for open source, and we try to open source as much of our code as possible when and where it makes sense, but in this case it was determined not to be so.
"
That response drew heavy criticism from around the open-source and free-software community. Included among the critics was kernel.org system administrator Konstantin Ryabitsev, who had helped distribute YubiKeys to kernel developers in 2014 in an effort to tighten up kernel-development security. In May 2016, Ryabitsev publicly withdrew his recommendation of YubiKey over the new, proprietary software. For its part, Yubico responded with a statement contending that trying to ship open-source software was ultimately incompatible with building secure hardware devices.
Enter the Nitro
Regardless of how one feels about Yubico's stance on open
source, though, it is good to know and evaluate the alternatives.
![[Nitrokey App]](https://static.lwn.net/images/2016/07-nitrokey-app-sm.png "Nitrokey App")
Perhaps the product line most similar to the YubiKey is the Nitrokey.
The Nitrokey line started out as a personal side project of Jan Suhr and Rudolf Böddeker, but was taken commercial in 2014. At present, the company makes three devices: the Nitrokey Start (which is a GnuPG-compatible USB smartcard), the Nitrokey Pro (which combines smartcard and OTP functionality), and the Nitrokey HSM (which is a secure key-storage token designed to hold up to 108 key pairs).
The company also offers the Nitrokey U2F, which is a rebranded third-party token for use with the Universal 2nd Factor (U2F) OTP protocol. Nitrokey makes neither the hardware nor the software for that device. A fifth product has been announced but not yet released: the Nitrokey Storage, which combines the functionality of the Pro with a built-in encrypted mass-storage volume.
Nitrokey was kind enough to send us a Pro device to test with. Physically, the key is the size of a smallish USB drive, making it fatter than a YubiKey but still not large enough to impede plugging something in to a neighboring port. The device case is plastic and has seams running lengthwise down the sides; the site highlights Nitrokey's tamper-resistance, but that feature appears to apply only to the contents of the smartcard element. Attackers might be able to crack open the plastic case without destroying the chips inside, and in various places the documentation notes that OTP secrets are not saved in tamper-proof storage.
On Linux systems, the Nitrokey Pro requires only a small amount of setup: adding a udev rule to match the device's ID and adding the vendor and product IDs to the /etc/libccid_Info.plist file, which is used by the Chip/Smart Card Interface Devices (CCID) library. Subsequently, one can plug in the Nitrokey and configure it through the Nitrokey App program, which the company provides in native packages for a number of distributions as well as in a Snap package.
OTP and traditional password usage
The App lets users manage HOTP/TOTP configuration and save passwords in a built-in password safe. The Pro includes slots for 15 separate TOTP configurations, three additional HOTP configurations, and 16 password slots. For the HOTP and TOTP slots, users can adjust the update interval and several other parameters. The password safe provides fields to store usernames and identifiers for the site or service, and the App includes a tool to generate random passwords.
In general, the password-storage and OTP functionality depends on using Nitrokey on a system with the official Nitrokey App installed; one must open the app, move to the tab of interest, copy the necessary OTP or password to the clipboard, then paste it into the appropriate application or login page.
But it is also possible to configure the Nitrokey to emit the OTP
from either the first or second HOTP slot whenever a special key
sequence is pressed. In the version of the Nitrokey App I tested, the
key-sequence options available were double pressing NumLock,
CapsLock, and ScrollLock. Once configured in
Nitrokey App, the device can be plugged in and will appear to the
system as a USB keyboard, where it will monitor the input layer,
watching for the specified key sequence.
![[Nitrokey configuration]](https://static.lwn.net/images/2016/07-nitrokey-config-sm.png "Nitrokey configuration")
Whenever the key sequence is pressed—on a real, physical USB
keyboard—the Nitrokey will
send out the HOTP code.
That last feature feels like something of an afterthought, given its odd limitations (such as supporting the first two HOTP slots but not the third), but perhaps there is simply room for improvement. In comparison to the YubiKey NEO, the Nitrokey unquestionably wins the configuration contest. The NEO provides just two configurable slots and, as mentioned in our November 2014 coverage, using the NEO for TOTP requires pairing it up with a separate application that does not store the TOTP secrets on the device.
On the other hand, the NEO includes NFC support, so its TOTP support can be used with an Android app (given an NFC-capable phone) as well as with a desktop application, and the Nitrokey evidently stores OTP secrets where they could theoretically be removed by an attacker with physical access to the device. Still, the greater number of configuration slots on the Nitrokey are a welcome change, and the password-safe functionality is useful as well.
Smartcard usage and development
The Nitrokey Pro also includes a smartcard element conforming to the OpenPGP card standard. At present, there are two use cases supported: using the card directly with GnuPG (or with OpenSSH, which can use GnuPG as an authentication agent), and using the card with a PKCS #11 driver.
Like most GnuPG-compatible cards, the Nitrokey's smartcard's storage element provides three key-storage slots that are designed to serve as subkeys attached to a single identity. The Nitrokey does support RSA key lengths of up to 4096 bits, however, in comparison to the YubiKey NEO's 2048 bits. Keys can be generated on the card or imported with the GnuPG command-line tool.
A PKCS #11 driver can be used instead, which opens the door to using the Nitrokey with several applications beyond GnuPG and SSH. The documentation notes, though, that for best results one should generate keys with GnuPG. Subsequently, those key slots can be accessed by the PKCS #11 driver from the OpenSC project. The reverse situation—initializing the card with OpenSC then trying to use with GnuPG—will not work, however.
The reason for this is that the OpenSC tools initialize the card in a different format, which GnuPG cannot read. If the card is initialized with GnuPG and the slots filled with GnuPG RSA keys, though, OpenSC can still be used to access the slots. However, if one wants to use the Nitrokey with applications that require a different type of key material (such as TLS certificate authority (CA) keys or X.509 certificates), then initializing the card for PKCS #11 is the only option.
The documentation goes on to warn users against using PKCS #11 and GnuPG in parallel, and notes a few alternative PKCS #11 projects that may someday prove more useful than OpenSC's offering.
At the moment, the Nitrokey site does not offer guidance to developers interested in writing and uploading their own smartcard applets. However, the Nitrokey does ship with a known administrator password (which the user can change), so it should be possible for knowledgeable users. The company's wiki on GitHub notes several possibilities, including switching from the OpenPGP card format to Java Card, which is a more flexible platform. In contrast, the Yuibkey NEO does use Java Card, but the devices are locked so that users can not upload their own—or update existing—applets.
For standard uses, the Nitrokey Pro is easily the equivalent of the YubiKey NEO, if one is comfortable giving up NFC support and the NEO's external "emit the password" button. In exchange, one gets longer GnuPG keys, PKCS #11 support, and more configurable OTP and password slots. Far more importantly, however, the makers of Nitrokey have committed to keeping the product line running entirely on open-source software, and have released the hardware design as well. For the security conscious, the choice is simplified.
Brief items
Security quotes of the week
EFF Lawsuit Takes on DMCA Section 1201: Research and Technology Restrictions Violate the First Amendment
The Electronic Frontier Foundation (EFF) has announced that it is suing the US government over provisions in the Digital Millennium Copyright Act (DMCA). The suit has been filed on behalf of Andrew "bunnie" Huang, who has a blog post describing the reasons behind the suit. The EFF also explained why these DMCA provisions should be ruled unconstitutional: "These provisions—contained in Section 1201 of the DMCA—make it unlawful for people to get around the software that restricts access to lawfully-purchased copyrighted material, such as films, songs, and the computer code that controls vehicles, devices, and appliances. This ban applies even where people want to make noninfringing fair uses of the materials they are accessing. Ostensibly enacted to fight music and movie piracy, Section 1201 has long served to restrict people’s ability to access, use, and even speak out about copyrighted materials—including the software that is increasingly embedded in everyday things. The law imposes a legal cloud over our rights to tinker with or repair the devices we own, to convert videos so that they can play on multiple platforms, remix a video, or conduct independent security research that would reveal dangerous security flaws in our computers, cars, and medical devices. It criminalizes the creation of tools to let people access and use those materials."
New vulnerabilities
bind: denial of service
| Package(s): | bind | CVE #(s): | CVE-2016-2775 | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 21, 2016 | Updated: | August 18, 2016 | ||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Arch Linux advisory:
Although not commonly used, the BIND package contains provisions to allow systems to resolve names using the lightweight resolver protocol, a protocol similar to (but distinct from) the normal DNS protocols. The lightweight resolver protocol can be used either by running the lwresd utility installed with BIND or by configuring named using the "lwres" statement in named.conf. An error has been discovered in the BIND implementation of the lightweight resolver protocol affecting systems which use this alternate method to do name resolution. A server which is affected by this defect will terminate with a segmentation fault error, resulting in a denial of service to client programs attempting to resolve names. A remote attacker can crash the server by sending a crafted request, causing a denial of service. | ||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||
chromium: multiple vulnerabilities
| Package(s): | chromium | CVE #(s): | CVE-2016-1705 CVE-2016-1706 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 25, 2016 | Updated: | November 1, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Arch Linux advisory:
- CVE-2016-1705 (arbitrary code execution): Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1706 (sandbox escape): Sandbox escape in PPAPI. Credit to Pinkie Pie. - CVE-2016-1708 (arbitrary code execution): Use-after-free in Extensions. Credit to Adam Varsan. - CVE-2016-1709 (arbitrary code execution): Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team. - CVE-2016-1710, CVE-2016-1711 (same-origin policy bypass): Same-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-5127 (arbitrary code execution): Use-after-free in Blink. Credit to cloudfuzzer. - CVE-2016-5128 (same-origin policy bypass): Same-origin bypass in V8. - CVE-2016-5129 (arbitrary code execution): Memory corruption in V8. Credit to Jeonghoon Shin. - CVE-2016-5130 (URL spoofing): URL spoofing. Credit to Wadih Matar. - CVE-2016-5131 (arbitrary code execution): Use-after-free in libxml. Credit to Nick Wellnhofer. - CVE-2016-5132 (same-origin policy bypass): Limited same-origin bypass in Service Workers. Credit to Ben Kelly. - CVE-2016-5133 (man-in-the-middle): Origin confusion in proxy authentication. Credit to Patch Eudor. - CVE-2016-5134 (information leakage): URL leakage via PAC script. Credit to Paul Stone. - CVE-2016-5135 (content security policy bypass): Content-Security-Policy bypass. Credit to ShenYeYinJiu of Tencent Security Response Center, TSRC. - CVE-2016-5136 (arbitrary code execution): Use after free in extensions. Credit to Rob Wu. - CVE-2016-5137 (information leakage): History sniffing with HSTS and CSP. Credit to Xiaoyin Liu. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
dietlibc: insecure default PATH
| Package(s): | dietlibc | CVE #(s): | |||||||||||||
| Created: | July 26, 2016 | Updated: | August 5, 2016 | ||||||||||||
| Description: | From the Debian LTS advisory:
It was discovered that there was an insecure default PATH in dietlibc, a libc optimized for small size. Thorsten Glaser discovered that the default PATH in dietlibc (if the environment variable is unset) contained the current working directory. | ||||||||||||||
| Alerts: |
| ||||||||||||||
drupal: proxy injection
| Package(s): | drupal php | CVE #(s): | CVE-2016-5385 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 22, 2016 | Updated: | August 17, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Arch Linux advisory: The package drupal before version 8.1.7-1 is vulnerable to proxy injection via environment variable. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
gnugk: denial of service
| Package(s): | gnugk | CVE #(s): | CVE-2012-3534 | ||||
| Created: | July 25, 2016 | Updated: | July 27, 2016 | ||||
| Description: | From the CVE entry:
GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections. | ||||||
| Alerts: |
| ||||||
harfbuzz: multiple vulnerabilities
| Package(s): | harfbuzz | CVE #(s): | CVE-2015-8947 CVE-2016-2052 | ||||||||||||||||
| Created: | July 27, 2016 | Updated: | January 31, 2017 | ||||||||||||||||
| Description: | From the CVE entries:
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. (CVE-2015-8947) Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. (CVE-2016-2052) | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
java: two unspecified vulnerabilties
| Package(s): | java-1.7.0-oracle | CVE #(s): | CVE-2016-3498 CVE-2016-3511 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 21, 2016 | Updated: | July 27, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat advisory:
CVE-2016-3498 Oracle JDK: unspecified vulnerability fixed in 7u111 and 8u101 (JavaFX) CVE-2016-3511 Oracle JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
java: unspecified vulnerability
| Package(s): | java-1.8.0-oracle | CVE #(s): | CVE-2016-3552 | ||||||||||||||||||||
| Created: | July 21, 2016 | Updated: | July 27, 2016 | ||||||||||||||||||||
| Description: | From the Red Hat advisory:
CVE-2016-3552 Oracle JDK: unspecified vulnerability fixed in 8u101 (Install) | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
java: unspecified vulnerability
| Package(s): | java-1.6.0-sun | CVE #(s): | CVE-2016-3503 | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 21, 2016 | Updated: | July 27, 2016 | ||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat advisory:
CVE-2016-3503 Oracle JDK: unspecified vulnerability fixed in 6u121, 7u111, and 8u101 | ||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||
kf5-karchive: command execution
| Package(s): | kf5-karchive | CVE #(s): | CVE-2016-6232 | ||||||||||||||||||||||||||||
| Created: | July 25, 2016 | Updated: | August 8, 2016 | ||||||||||||||||||||||||||||
| Description: | From the KDE Project Security Advisory:
A maliciously crafted archive (.zip or .tar.bz2) with "../" in the file paths could be offered for download via the KNewStuff framework (e.g. on www.kde- look.org), and upon extraction would install files anywhere in the user's home directory. Users can unwillingly install files like a modified .bashrc, or a new .desktop file associated to a common MIME type and executing a malicious command. Users should not install anything via KNewStuff until KDE Frameworks 5.24, or should at least inspect downloaded archives to make sure they don't contain relative paths containing "../". KArchive 5.24, released as part of KDE Frameworks 5.24, forbids archive extraction from installing files outside the extraction directory. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
libidn: multiple vulnerabilities
| Package(s): | libidn | CVE #(s): | CVE-2016-6263 CVE-2015-8948 CVE-2016-6262 CVE-2016-6261 | ||||||||||||||||||||||||||||||||||||||||
| Created: | July 25, 2016 | Updated: | August 9, 2016 | ||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla:
CVE-2016-6263: It was found that when presented with invalid UTF-8 data, stringprep_utf8_nfkc_normalize reject such input, causing application crash. CVE-2015-8948: An out-of-bounds read vulnerability was found in libidn due to the use of fgets with fixed-size buffer. CVE-2016-6262: An out-of-bounds read was found in libidn when reading zero byte as input. CVE-2016-6261: An out-of-bounds stack read was found in idna_to_ascii_4i. | ||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||
libupnp: unauthenticated access
| Package(s): | libupnp | CVE #(s): | CVE-2016-6255 | ||||||||||||||||||||
| Created: | July 27, 2016 | Updated: | December 16, 2016 | ||||||||||||||||||||
| Description: | From the Mageia advisory:
libupnp's default behavior allows an unauthenticated user access to a server's filesystem through POST and GET requests. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
mariadb: three unspecified vulnerabilities
| Package(s): | mariadb mysql | CVE #(s): | CVE-2016-3452 CVE-2016-3471 CVE-2016-5444 | ||||||||||||||||||||||||
| Created: | July 25, 2016 | Updated: | August 12, 2016 | ||||||||||||||||||||||||
| Description: | From the CVE entries:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. (CVE-2016-3452) Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. (CVE-2016-3471) Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Connection. (CVE-2016-5444) | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
mupdf: denial of service
| Package(s): | mupdf | CVE #(s): | CVE-2016-6265 | ||||||||||||||||||||
| Created: | July 27, 2016 | Updated: | August 30, 2016 | ||||||||||||||||||||
| Description: | From the Mageia advisory:
Use-after-free issue in mupdf in pdf_load_xref() can cause a denial of service. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
mysql: multiple unspecified vulnerabilities
| Package(s): | mysql-5.5 | CVE #(s): | CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 22, 2016 | Updated: | August 12, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries: CVE-2016-3477 - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. CVE-2016-3521 - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. CVE-2016-3615 - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. CVE-2016-5440 - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
mysql: multiple unspecified vulnerabilities
| Package(s): | mysql-5.5, mysql-5.6, mysql-5.7 | CVE #(s): | CVE-2016-3424 CVE-2016-3459 CVE-2016-3486 CVE-2016-3501 CVE-2016-3518 CVE-2016-3588 CVE-2016-3614 CVE-2016-5436 CVE-2016-5437 CVE-2016-5439 CVE-2016-5441 CVE-2016-5442 CVE-2016-5443 | ||||||||||||||||
| Created: | July 22, 2016 | Updated: | July 27, 2016 | ||||||||||||||||
| Description: | From the CVE entries: CVE-2016-3424 - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-3459 - Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. CVE-2016-3486 - Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. CVE-2016-3501 - Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. CVE-2016-3518 - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. CVE-2016-3588 - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. CVE-2016-3614 - Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. CVE-2016-5436 - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. CVE-2016-5437 - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. CVE-2016-5439 - Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. CVE-2016-5441 - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. CVE-2016-5442 - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. CVE-2016-5443 - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
openssh: user enumeration via timing side-channel
| Package(s): | openssh | CVE #(s): | CVE-2016-6210 | ||||||||||||||||||||||||||||||||||||
| Created: | July 21, 2016 | Updated: | August 2, 2016 | ||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla entry:
When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hardcoded in the SSHD source code. On this hard coded password structure the password hash is based on BLOWFISH ($2) algorithm. If real users passwords are hashed using SHA256/SHA512, then sending large passwords (10KB) will result in shorter response time from the server for non-existing users. This allows remote attacker to enumerate existing users on system logging via SSHD. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
openstack-neutron: three vulnerabilities
| Package(s): | openstack-neutron | CVE #(s): | CVE-2015-8914 CVE-2016-5362 CVE-2016-5363 | ||||||||
| Created: | July 21, 2016 | Updated: | July 27, 2016 | ||||||||
| Description: | From the Red Hat advisory:
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests. (CVE-2015-8914, CVE-2016-5362, CVE-2016-5363) | ||||||||||
| Alerts: |
| ||||||||||
perl: privilege escalation
| Package(s): | perl | CVE #(s): | CVE-2016-1238 | ||||||||||||||||||||||||||||||||||||
| Created: | July 25, 2016 | Updated: | August 22, 2016 | ||||||||||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory (which might be changed to another directory without the user realising) and potentially leading to privilege escalation, as demonstrated in Debian with certain combinations of installed packages. The problem relates to Perl loading modules from the includes directory array ("@INC") in which the last element is the current directory ("."). That means that, when "perl" wants to load a module (during first compilation or during lazy loading of a module in run- time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in "." but are not otherwise installed. With this update several modules which are known to be vulnerable are updated to not load modules from current directory. Additionally the update allows configurable removal of "." from @INC in /etc/perl/sitecustomize.pl for a transitional period. It is recommended to enable this setting if the possible breakage for a specific site has been evaluated. Problems in packages provided in Debian resulting from the switch to the removal of '.' from @INC should be reported to the Perl maintainers at perl@packages.debian.org . It is planned to switch to the default removal of '.' in @INC in a subsequent update to perl via a point release if possible, and in any case for the upcoming stable release Debian 9 (stretch). | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
php: denial of service
| Package(s): | php | CVE #(s): | CVE-2016-6207 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 22, 2016 | Updated: | July 27, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the PHP issue tracker: Secunia Research at Flexera Software has reported a vulnerability in LibGD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error within the "_gdContributionsAlloc()" function (gd_interpolation.c) and can be exploited to cause an out-of-bounds memory write access. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
php: multiple vulnerabilities
| Package(s): | php5 | CVE #(s): | CVE-2016-5399 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 27, 2016 | Updated: | August 11, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries:
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive. (CVE-2016-6289) ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. (CVE-2016-6290) The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image. (CVE-2016-6291) The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. (CVE-2016-6292) The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. (CVE-2016-6294) ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773. (CVE-2016-6295) Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. (CVE-2016-6296) Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. (CVE-2016-6297) See the PHP 5.6.24 changelog for more details. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
uclibc: three vulnerabilities
| Package(s): | uclibc | CVE #(s): | CVE-2016-2224 CVE-2016-2225 CVE-2016-6264 | ||||||||
| Created: | July 26, 2016 | Updated: | August 29, 2016 | ||||||||
| Description: | From the Debian LTS advisory:
Several vulnerabilities have been discovered in uClibc, an implementation of the standard C library that is much smaller than glibc, which makes it useful for embedded systems. CVE-2016-2224: Fix possible denial of service via a specially crafted DNS reply that could cause an infinite loop. CVE-2016-2225: Fix possible denial of service via specially crafted packet that will make the parser in libc/inet/resolv.c terminate early. CVE-2016-6264: It was found that 'BLT' instruction in libc/string/arm/memset.S checks for signed values. If the parameter of memset is negative, then value added to the PC will be large. An attacker that controls the length parameter of memset can also control the value of PC register. | ||||||||||
| Alerts: |
| ||||||||||
virtualbox: unspecified vulnerability
| Package(s): | virtualbox | CVE #(s): | CVE-2016-3597 | ||||||||
| Created: | July 27, 2016 | Updated: | September 15, 2016 | ||||||||
| Description: | From the CVE entry:
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core. | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jake Edge
Next page:
Kernel development>>