Debian Bug report logs - #559107
weaknesses in BSD PRNG algorithms

version graph

Package: kfreebsd-7; Maintainer for kfreebsd-7 is (unknown);

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 1 Dec 2009 22:33:02 UTC

Severity: normal

Tags: security

Fixed in version 7.3-7+rm

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#559107; Package kfreebsd-7. (Tue, 01 Dec 2009 22:33:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Tue, 01 Dec 2009 22:33:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Local root exploit in rtld
Date: Tue, 01 Dec 2009 23:26:29 +0100
Package: kfreebsd-7
Severity: grave
Tags: security

http://seclists.org/fulldisclosure/2009/Nov/371

Colin Percival posted a preliminary patch, a full advisory is announced
for tomorrow.

I suppose this affects Debian/KFreeBSD?

One a side note, what's the status of CVE-2009-114[678] ? #483152 was
filed for it, but it got closed without a solution AFAICT.

Cheers,
        Moritz


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.31-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash




Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#559107; Package kfreebsd-7. (Wed, 02 Dec 2009 00:27:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thorsten Glaser <tg@mirbsd.de>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Wed, 02 Dec 2009 00:27:06 GMT) Full text and rfc822 format available.

Message #10 received at 559107@bugs.debian.org (full text, mbox):

From: Thorsten Glaser <tg@mirbsd.de>
To: Moritz Muehlenhoff <jmm@debian.org>, 559107@bugs.debian.org
Cc: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Subject: Re: Bug#559107: Local root exploit in rtld
Date: Wed, 2 Dec 2009 00:02:31 +0000 (UTC)
Moritz Muehlenhoff dixit:

>I suppose this affects Debian/KFreeBSD?

Doesn't GNU eglibc come with its own ld.so?

//mirabilos
-- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.	-- Rob Pike in "Notes on Programming in C"




Reply sent to Petr Salinger <Petr.Salinger@seznam.cz>:
You have taken responsibility. (Wed, 02 Dec 2009 08:21:05 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Wed, 02 Dec 2009 08:21:05 GMT) Full text and rfc822 format available.

Message #15 received at 559107-close@bugs.debian.org (full text, mbox):

From: Petr Salinger <Petr.Salinger@seznam.cz>
To: Moritz Muehlenhoff <jmm@debian.org>, close-559107@bugs.debian.org
Subject: Re: Bug#559107: Local root exploit in rtld
Date: Wed, 2 Dec 2009 09:25:58 +0100 (CET)
> http://seclists.org/fulldisclosure/2009/Nov/371
>
> Colin Percival posted a preliminary patch, a full advisory is announced
> for tomorrow.
>
> I suppose this affects Debian/KFreeBSD?

No, the rtld (/lib/ld*.so) comes from eglibc, not from kernel source.

Petr





Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#559107; Package kfreebsd-7. (Wed, 02 Dec 2009 19:42:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Wed, 02 Dec 2009 19:42:06 GMT) Full text and rfc822 format available.

Message #20 received at 559107@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 559107@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#559107 closed by Petr Salinger <Petr.Salinger@seznam.cz> (Re: Bug#559107: Local root exploit in rtld)
Date: Wed, 2 Dec 2009 20:37:37 +0100
reopen 559107
retitle 559107 weaknesses in BSD PRNG algorithms
thanks 

> >http://seclists.org/fulldisclosure/2009/Nov/371
> >
> >Colin Percival posted a preliminary patch, a full advisory is announced
> >for tomorrow.
> >
> >I suppose this affects Debian/KFreeBSD?
> 
> No, the rtld (/lib/ld*.so) comes from eglibc, not from kernel source.

Thanks, fixed in the Debian Security Tracker.

But the status of CVE-2008-114[678] is still open. Do they affect the
KFreeBSD port? What's the position of the FreeBSD kernel developers on
these issues?

Cheers,
        Moritz




Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 02 Dec 2009 19:42:07 GMT) Full text and rfc822 format available.

Changed Bug title to 'weaknesses in BSD PRNG algorithms' from 'Local root exploit in rtld' Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Wed, 02 Dec 2009 19:42:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#559107; Package kfreebsd-7. (Thu, 03 Dec 2009 11:03:21 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petr Salinger <Petr.Salinger@seznam.cz>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Thu, 03 Dec 2009 11:03:21 GMT) Full text and rfc822 format available.

Message #29 received at 559107@bugs.debian.org (full text, mbox):

From: Petr Salinger <Petr.Salinger@seznam.cz>
To: Moritz Muehlenhoff <jmm@inutil.org>, 559107@bugs.debian.org
Subject: Re: Bug#559107: weaknesses in BSD PRNG algorithms
Date: Thu, 3 Dec 2009 14:01:06 +0100 (CET)
severity 559107 important
--

> But the status of CVE-2008-114[678] is still open. Do they affect the
> KFreeBSD port? What's the position of the FreeBSD kernel developers on
> these issues?

I used as description this

http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf

The GNU/kFreeBSD (kfreebsd-?) is not affected by CVE-2008-1146 and CVE-2008-1148 at all.

For CVE-2008-1147 holds:

  Exploitations of the predictability of the IP fragmentation ID were made
  public almost a decade ago.
  NetBSD, FreeBSD and DragonFlyBSD do not randomize IP fragmentation ID
  field at all by default, and provide a kernel flag
  (net.inet.ip.random_id) that enables randomization through the weak algorithm.

The weak algorithm have been replaced by upstream commit (Feb 6 2008)
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype=

  Replace the random IP ID generation code we
  obtained from OpenBSD with an algorithm suggested
  by Amit Klein.  The OpenBSD algorithm has a few
  flaws; see Amit's paper for more information.

  For a description of how this algorithm works,
  please see the comments within the code.

  Note that this commit does not yet enable random IP ID
  generation by default.  There are still some concerns
  that doing so will adversely affect performance.

This commit have not been MFC-ed to STABLE-7.
The default value for net.inet.ip.random_id is 0 even in HEAD,

The FreeBSD developers/security_team did publish no "security advisory", 
no "errata notice", they did not include it in next release (7.1 - January 2009).

Petr




Severity set to 'important' from 'grave' Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Thu, 03 Dec 2009 11:51:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#559107; Package kfreebsd-7. (Thu, 03 Dec 2009 21:48:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Thu, 03 Dec 2009 21:48:10 GMT) Full text and rfc822 format available.

Message #36 received at 559107@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Petr Salinger <Petr.Salinger@seznam.cz>
Cc: Moritz Muehlenhoff <jmm@inutil.org>, 559107@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#559107: weaknesses in BSD PRNG algorithms
Date: Thu, 3 Dec 2009 22:42:59 +0100
severity 559107 normal
thanks

On Thu, Dec 03, 2009 at 02:01:06PM +0100, Petr Salinger wrote:
> severity 559107 important
> --
> 
> >But the status of CVE-2008-114[678] is still open. Do they affect the
> >KFreeBSD port? What's the position of the FreeBSD kernel developers on
> >these issues?
> 
> I used as description this
> 
> http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf
> 
> The GNU/kFreeBSD (kfreebsd-?) is not affected by CVE-2008-1146 and CVE-2008-1148 at all.

Thanks, fixed in the Debian Security Tracker.

> For CVE-2008-1147 holds:
> 
>   Exploitations of the predictability of the IP fragmentation ID were made
>   public almost a decade ago.
>   NetBSD, FreeBSD and DragonFlyBSD do not randomize IP fragmentation ID
>   field at all by default, and provide a kernel flag
>   (net.inet.ip.random_id) that enables randomization through the weak algorithm.
> 
> The weak algorithm have been replaced by upstream commit (Feb 6 2008)
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype=
> 
>   Replace the random IP ID generation code we
>   obtained from OpenBSD with an algorithm suggested
>   by Amit Klein.  The OpenBSD algorithm has a few
>   flaws; see Amit's paper for more information.
> 
>   For a description of how this algorithm works,
>   please see the comments within the code.
> 
>   Note that this commit does not yet enable random IP ID
>   generation by default.  There are still some concerns
>   that doing so will adversely affect performance.
> 
> This commit have not been MFC-ed to STABLE-7.
> The default value for net.inet.ip.random_id is 0 even in HEAD,
> 
> The FreeBSD developers/security_team did publish no "security
> advisory", no "errata notice", they did not include it in next
> release (7.1 - January 2009).

If I understand it correctly, this means that the fix is present in
kfreebsd-8, but not kfreebsd-7? Not having it enabled by default seems
good enough to me.

Will Squeeze use kfreebsd-7 or -8 or both?

Cheers,
        Moritz













Severity set to 'normal' from 'important' Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Thu, 03 Dec 2009 21:48:12 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#559107; Package kfreebsd-7. (Fri, 04 Dec 2009 10:33:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petr Salinger <Petr.Salinger@seznam.cz>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Fri, 04 Dec 2009 10:33:08 GMT) Full text and rfc822 format available.

Message #43 received at 559107@bugs.debian.org (full text, mbox):

From: Petr Salinger <Petr.Salinger@seznam.cz>
To: Moritz Muehlenhoff <jmm@inutil.org>, 559107@bugs.debian.org
Subject: Re: Bug#559107: weaknesses in BSD PRNG algorithms
Date: Fri, 4 Dec 2009 13:31:34 +0100 (CET)
> If I understand it correctly, this means that the fix is present in
> kfreebsd-8, but not kfreebsd-7?

Yes.

> Not having it enabled by default seems good enough to me.

If I understand it correctly, the security problem is
"it allows remote attackers to guess sensitive values such as IP 
fragmentation IDs by observing a sequence of previously generated values".
By default, the next_value is previous_value+1, i.e. unsecure at all.
It can be enabled to use random (secure) value, the random value is in 
kfreebsd-7 generated by weak X2 algorithm, in kfreebsd-8 by "algorithm 
suggested by Amit Klein".

So the options are:

1) leave it as is (same as native FreeBSD)
2) only backport new algorithm to kfreebsd-7
3) change default to use random algorithm in both kfreebsd-7 and kfreebsd-8
4) backport new algorithm to kfreebsd-7 and change default to use
   random algorithm in both kfreebsd-7 and kfreebsd-8

What prefers the security team ?

> Will Squeeze use kfreebsd-7 or -8 or both?

It is not yet decided, the kfreebsd-8 is really fresh.

Petr




Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#559107; Package kfreebsd-7. (Fri, 04 Dec 2009 19:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Fri, 04 Dec 2009 19:57:03 GMT) Full text and rfc822 format available.

Message #48 received at 559107@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Petr Salinger <Petr.Salinger@seznam.cz>
Cc: 559107@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#559107: weaknesses in BSD PRNG algorithms
Date: Fri, 04 Dec 2009 20:14:22 +0100
* Petr Salinger:

> If I understand it correctly, the security problem is
> "it allows remote attackers to guess sensitive values such as IP
> fragmentation IDs by observing a sequence of previously generated
> values".
> By default, the next_value is previous_value+1, i.e. unsecure at all.
> It can be enabled to use random (secure) value, the random value is in
> kfreebsd-7 generated by weak X2 algorithm, in kfreebsd-8 by "algorithm
> suggested by Amit Klein".

The state is per-flow.  It's not a global counter, right?

> So the options are:
>
> 1) leave it as is (same as native FreeBSD)
> 2) only backport new algorithm to kfreebsd-7
> 3) change default to use random algorithm in both kfreebsd-7 and kfreebsd-8
> 4) backport new algorithm to kfreebsd-7 and change default to use
>    random algorithm in both kfreebsd-7 and kfreebsd-8
>
> What prefers the security team ?

I fear that IPv4 is vulnerable no matter what you do.  If the
guessable state is global, please switch to (4).  A per-flow counter
shouldn't be that problematic.

For IPv6, you should implement (3) or (4) because the 32 bit ID
actually provides some protection against blind spoofing.







Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Fri, 17 Jun 2011 11:19:46 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Fri, 17 Jun 2011 11:19:52 GMT) Full text and rfc822 format available.

Message #53 received at 559107-done@bugs.debian.org (full text, mbox):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 322197-done@bugs.debian.org,353302-done@bugs.debian.org,357021-done@bugs.debian.org,460331-done@bugs.debian.org,477588-done@bugs.debian.org,550429-done@bugs.debian.org,551702-done@bugs.debian.org,559107-done@bugs.debian.org,593699-done@bugs.debian.org,594287-done@bugs.debian.org,601305-done@bugs.debian.org,
Cc: kfreebsd-7@packages.debian.org, kfreebsd-7@packages.qa.debian.org
Subject: Bug#630694: Removed package(s) from unstable
Date: Fri, 17 Jun 2011 11:15:01 +0000
Version: 7.3-7+rm

Dear submitter,

as the package kfreebsd-7 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/630694

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Alexander Reichle-Schmehl (the ftpmaster behind the curtain)




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 16 Jul 2011 07:34:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 02:51:12 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.