Summary: | <dev-libs/xmlsec-1.2.12 XML signature HMAC truncation authentication bypass (CVE-2009-0217) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | crypto+disabled, dev-zero |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 277872 | ||
Bug Blocks: |
Description
Robert Buchholz (RETIRED)
2009-07-15 00:55:38 UTC
(In reply to comment #0) > The default of 40 is not a sufficiently high minimum. We need to coordinate > with upstream to get this defaulting to 80 or half of the hmac digest length. So what value should I commit? well, as soon you know which value to put there: I have an updated ebuild in my overlay which fixes the magic deps and allows sane selection of the backend crypto algorithm engine (http://git.overlays.gentoo.org/gitweb/?p=dev/dev-zero.git;a=commit;h=e0ef22253bce302604694d5f6c5ab76c3987ac9b) upstream hard coded 80 now. This is the minimum value for <=160 bit HMACS. Since an attacker can opt to send signed messages with SHA1 anyway (and search only a 2^80 space), the impact of that value on SHA2-512 and other longer HMACs is limited. Fix is in (unreleased) 1.2.13, and here: http://git.gnome.org/cgit/xmlsec/commit/?id=c07c1961dc8a08d81dad6c1fd984acd09ae99028 Please apply, or bug upstream to release. Ok, diff from git applies cleanly and tests seem to run. Updated ebuild with patch is in my overlay: http://git.overlays.gentoo.org/gitweb/?p=dev/dev-zero.git;a=commit;h=cf3694febe57e8612e1e362e2f68ae90f1d86c80 @crypto: I can also move my ebuild to the tree with your blessing. (In reply to comment #4) > Ok, diff from git applies cleanly and tests seem to run. Apparently you haven't noticed that this patch causes segmentation fault on 64-bit architectures, which is hopefully early caught by Portage, and causes build failure on these architectures :) . * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * hmac.c:388: warning: implicit declaration of function ‘xmlSecBase64Encode’ * * QA Notice: Package has poor programming practices which may compile * but will almost certainly crash on 64bit architectures. * * Function `xmlSecBase64Encode' implicitly converted to pointer at hmac.c:388 * * Please file a bug about this at http://bugs.gentoo.org/ * with the maintaining herd of the package. * * * ERROR: dev-libs/xmlsec-1.2.12 failed. * Call stack: * misc-functions.sh, line 730: Called install_qa_check * misc-functions.sh, line 422: Called die * The specific snippet of code: * die "install aborted due to" \ * The die message: * install aborted due to poor programming practices shown above (In reply to comment #5) I forgot to say that it is default behavior even without FEATURES="stricter". dev-libs/xmlsec-1.2.12 is now in the tree. (In reply to comment #2) > I have an updated ebuild in my overlay which fixes the magic deps and allows > sane selection of the backend crypto algorithm engine Please file separate bugs for suggested improvements for the ebuild. (In reply to comment #8) > (In reply to comment #2) > > I have an updated ebuild in my overlay which fixes the magic deps and allows > > sane selection of the backend crypto algorithm engine > > Please file separate bugs for suggested improvements for the ebuild. > What? Would it have been too hard to just take a look at it and commit a proper ebuild instead of a dumb version bump which just happens to fix a security bug but with magic deps, etc.? |