Debian Bug report logs - #700399
vulnerable to CRIME SSL attack (CVE-2012-4929)

version graph

Package: lighttpd; Maintainer for lighttpd is Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>; Source for lighttpd is src:lighttpd.

Reported by: Thijs Kinkhorst <thijs@debian.org>

Date: Tue, 12 Feb 2013 12:24:01 UTC

Severity: grave

Tags: patch, security

Found in version lighttpd/1.4.28-2+squeeze1

Fixed in version lighttpd/1.4.28-2+squeeze1.1

Done: Thijs Kinkhorst <thijs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#700399; Package lighttpd. (Tue, 12 Feb 2013 12:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Tue, 12 Feb 2013 12:24:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: vulnerable to CRIME SSL attack (CVE-2012-4929)
Date: Tue, 12 Feb 2013 13:21:01 +0100
Package: lighttpd
Version: 1.4.28-2+squeeze1
Severity: grave
Tags: security

Hi,

lighttpd in squeeze is vulnerable to the SSL attack CVE-2012-4929 dubbed
'CRIME'. The attack is related to SSL compression.

The popular solution to the attack is to disable SSL compression. This is
what Apache has done and also lighttpd upstream: the issue is addressed
in wheezy and above because lighttpd disables SSL compression at compile
time.

There's an upstream issue here http://redmine.lighttpd.net/issues/2445.

I believe a good approach would be to follow what was done in later
releases and port the compile time check for SSL compression to the
version in squeeze.


Cheers,
Thijs


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (400, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash



Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#700399; Package lighttpd. (Tue, 12 Feb 2013 15:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@uvt.nl>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Tue, 12 Feb 2013 15:18:03 GMT) Full text and rfc822 format available.

Message #10 received at 700399@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@uvt.nl>
To: 700399@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#700399: vulnerable to CRIME SSL attack (CVE-2012-4929)
Date: Tue, 12 Feb 2013 16:08:56 +0100
[Message part 1 (text/plain, inline)]
tags 700399 +patch
thanks

Hi,

Attached is a proposed update for squeeze-security to address this issue.

Upstream's patch for client side renegotiation also fixed the SSL compression
issue in the same commit. The SSL compression fix however only works with
openssl >= 1. Therefore, I had to backport another fix (the same one as used 
by Apache) to this version in a second patch. I didn't think it was worthwhile 
to remove upstream's fix from the renegotiation patch as it's a no-op on 
squeeze.

I have not backported the commit that updates the example configuration file 
to add an example for the renegotiation option, as this would introduce a 
config file prompt in stable.

I've built the package and we're currently running this on our test 
environment. It works fine. Also, all compliance tests are now green again.
Built packages for amd64 are available at 
https://lissers.uvt.nl/~thijs/lighttpd/

Do you agree on the approach? Barring any objections I'm planning to release 
this as a DSA after the weekend.


Cheers,
Thijs


-- 
Thijs Kinkhorst <thijs@uvt.nl> – LIS Unix

Universiteit van Tilburg – Library and IT Services • Postbus 90153, 5000 LE
Bezoekadres > Warandelaan 2 • Tel. 013 466 3035 • G 236 • http://www.uvt.nl
[700399.diff (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from Thijs Kinkhorst <thijs@uvt.nl> to control@bugs.debian.org. (Tue, 12 Feb 2013 15:18:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#700399; Package lighttpd. (Thu, 14 Feb 2013 13:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Arno Töll <arno@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Feb 2013 13:33:03 GMT) Full text and rfc822 format available.

Message #17 received at 700399@bugs.debian.org (full text, mbox):

From: Arno Töll <arno@debian.org>
To: Thijs Kinkhorst <thijs@uvt.nl>, 700399@bugs.debian.org
Subject: Re: [pkg-lighttpd] Bug#700399: vulnerable to CRIME SSL attack (CVE-2012-4929)
Date: Thu, 14 Feb 2013 14:31:32 +0100
[Message part 1 (text/plain, inline)]
Hi Thijs,

On 12.02.2013 16:08, Thijs Kinkhorst wrote:
> Do you agree on the approach? Barring any objections I'm planning to release 
> this as a DSA after the weekend.

I am by no means an expert with the SSL API, but I believe your patch to
disable SSL compression looks fine (although diverging from upstream's
fix as you noted). Yours looks pretty much like the fix we applied to
Apache.

Are you sure, the negotiation patch has no side effects with respect to
SSL compression?


Moreover, I would suggest to announce your change in a NEWS entry for
stable updates. People might rely on the renegotiation feature in multi
vhost SSL setups.

Otherwise I'm happy you provided a patch. The renegotiation fix should
also be in Wheezy.


[1]
http://redmine.lighttpd.net/projects/lighttpd/repository/entry/branches/lighttpd-1.4.x/src/network.c#L576

-- 
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#700399; Package lighttpd. (Thu, 14 Feb 2013 14:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@uvt.nl>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Feb 2013 14:27:03 GMT) Full text and rfc822 format available.

Message #22 received at 700399@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@uvt.nl>
To: 700399@bugs.debian.org
Subject: Re: [pkg-lighttpd] Bug#700399: vulnerable to CRIME SSL attack (CVE-2012-4929)
Date: Thu, 14 Feb 2013 15:23:21 +0100
[Message part 1 (text/plain, inline)]
Op donderdag 14 februari 2013 14:31:32 schreef Arno Töll:
> On 12.02.2013 16:08, Thijs Kinkhorst wrote:
> > Do you agree on the approach? Barring any objections I'm planning to
> > release this as a DSA after the weekend.
> 
> I am by no means an expert with the SSL API, but I believe your patch to
> disable SSL compression looks fine (although diverging from upstream's
> fix as you noted). Yours looks pretty much like the fix we applied to
> Apache.
> 
> Are you sure, the negotiation patch has no side effects with respect to
> SSL compression?

I'm pretty sure, and our tests show that the new packages both disabled the 
renegotiation and compression.

> Moreover, I would suggest to announce your change in a NEWS entry for
> stable updates. People might rely on the renegotiation feature in multi
> vhost SSL setups.

Yes, I'll make a NEWS item based on the one in Apache then, and upload to 
security-master.

> Otherwise I'm happy you provided a patch. The renegotiation fix should
> also be in Wheezy.

Yes, agreed.


Cheers,
Thijs
[signature.asc (application/pgp-signature, inline)]

Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. (Sun, 17 Feb 2013 12:51:03 GMT) Full text and rfc822 format available.

Notification sent to Thijs Kinkhorst <thijs@debian.org>:
Bug acknowledged by developer. (Sun, 17 Feb 2013 12:51:03 GMT) Full text and rfc822 format available.

Message #27 received at 700399-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 700399-close@bugs.debian.org
Subject: Bug#700399: fixed in lighttpd 1.4.28-2+squeeze1.1
Date: Sun, 17 Feb 2013 12:47:27 +0000
Source: lighttpd
Source-Version: 1.4.28-2+squeeze1.1

We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 700399@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated lighttpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 12 Feb 2013 13:56:53 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav
Architecture: source amd64 all
Version: 1.4.28-2+squeeze1.1
Distribution: stable-security
Urgency: high
Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 lighttpd   - A fast webserver with minimal memory footprint
 lighttpd-doc - Documentation for lighttpd
 lighttpd-mod-cml - Cache meta language module for lighttpd
 lighttpd-mod-magnet - Control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 700399
Changes: 
 lighttpd (1.4.28-2+squeeze1.1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Backport upstream fixes for SSL attacks:
     + Disable client triggered renegotiation by default (CVE-2009-3555).
       Can be re-enabled with ssl.disable-client-renegotiation = "disable".
     + Disable SSL compression at build time (CVE-2012-4929, 'CRIME').
     (closes: #700399)
Checksums-Sha1: 
 889b4f79fb0dc138c03fcaf983e8a9f8af5394a1 2264 lighttpd_1.4.28-2+squeeze1.1.dsc
 6b20e8d7b83655f0f28627b922b37028eb6ef2ab 30685 lighttpd_1.4.28-2+squeeze1.1.debian.tar.gz
 d7c42189b60dff1a4b0e902e7fc5f9070ec44506 287844 lighttpd_1.4.28-2+squeeze1.1_amd64.deb
 949344bbf28a0f35616b1494a95179c75df987bc 18810 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.1_amd64.deb
 8125f8d908b6fec9e34f18ab500bb32769185fc3 20424 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.1_amd64.deb
 2ae83514f205e4a5810d11da2a7d2e49bed8c192 23584 lighttpd-mod-cml_1.4.28-2+squeeze1.1_amd64.deb
 58288edcc27e7f5d1fb585299142901dc3457409 24776 lighttpd-mod-magnet_1.4.28-2+squeeze1.1_amd64.deb
 522d109122479f54e1ad78282408fe1c068f152b 30800 lighttpd-mod-webdav_1.4.28-2+squeeze1.1_amd64.deb
 ba19288e3cfd9cdcc722f50a9e0d5e5d0e958f61 60720 lighttpd-doc_1.4.28-2+squeeze1.1_all.deb
Checksums-Sha256: 
 d081ee8a04ac3caf1113e5bf56dc4ff4d32d754793580d0e9f177c53eafd4278 2264 lighttpd_1.4.28-2+squeeze1.1.dsc
 5cea176e40f9acb5fa74371cef5c94c798fd916f2410e9622af8f48eb39b8838 30685 lighttpd_1.4.28-2+squeeze1.1.debian.tar.gz
 ddf7c322dd974104eac33567a24c912820edc587b0566231f5141fc335d5d1bf 287844 lighttpd_1.4.28-2+squeeze1.1_amd64.deb
 45ae1d7589a6fa3d79a2aa348cfe0fc2598121420f7c56036398bf4eecdfe6c9 18810 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.1_amd64.deb
 e8bbd39ce52e63d09169fd44bd3552aa562f547f9e437029abcf6bcaf63742a7 20424 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.1_amd64.deb
 b4b7009fbbdd0929abe802b2c5a6faa7dcb7dbe4d3191f960e5dfdba51bc8136 23584 lighttpd-mod-cml_1.4.28-2+squeeze1.1_amd64.deb
 5c9bdbc0015c50aa18a291c1100f0c691cfb0e2c9e8a29175ae94ba9fb932a91 24776 lighttpd-mod-magnet_1.4.28-2+squeeze1.1_amd64.deb
 6cfb58a2acf1c3d7328ae218d5de115b65f29d41c2d30bfd1f296cbb406e45d2 30800 lighttpd-mod-webdav_1.4.28-2+squeeze1.1_amd64.deb
 a0a76196dae0eda49765da6be416a1df72adb4d00d464e119cadc78f9a5752d0 60720 lighttpd-doc_1.4.28-2+squeeze1.1_all.deb
Files: 
 a4e30ed85b270eb3964c628b8e3982a3 2264 httpd optional lighttpd_1.4.28-2+squeeze1.1.dsc
 a6ec51a245a2722bad541684297d437a 30685 httpd optional lighttpd_1.4.28-2+squeeze1.1.debian.tar.gz
 23e64654ff76f9df2bc11468bde97b39 287844 httpd optional lighttpd_1.4.28-2+squeeze1.1_amd64.deb
 b86a028e8cc0f80ff7130d8f8735d3e9 18810 httpd optional lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.1_amd64.deb
 61a3cc20faaeae6ed893bc15b71c0467 20424 httpd optional lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.1_amd64.deb
 4d39a47d48eb63c0d732a816dae39614 23584 httpd optional lighttpd-mod-cml_1.4.28-2+squeeze1.1_amd64.deb
 10ddca1e10e43d87bccbada03ef2c551 24776 httpd optional lighttpd-mod-magnet_1.4.28-2+squeeze1.1_amd64.deb
 4f0225ac98d401eb749fdb44af7027cd 30800 httpd optional lighttpd-mod-webdav_1.4.28-2+squeeze1.1_amd64.deb
 0a2a5fe842a8fc5a8add445e605d37c0 60720 doc optional lighttpd-doc_1.4.28-2+squeeze1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJRHTH8AAoJEFb2GnlAHawEdb4IAKwkDdvjKGqySG6xIbifwenN
x28s1NI4l5PmDSgkQuebMvqQTzjTP+WtG6AGy97kBH5k8d4Hp3LiM1+/fVQlgJhR
XnNokisHDL8b7mRshNjCyBynGk/Gp0irtBBk+qqglXcV9SoX9IN4P9v5lvgJBcrr
rgVXJstN4iDO0c90k1qqPFOomrfICzNc6227PE1TPzTiNxjfaf/bTqR3304iH7gi
Qi/IRMMHO6MkP/m9BqUrp8dEr2YyHNZFWWBlatKZX260W559zteZhfc/zRWQkdHr
mRy/QQVVU5t4fbg4mRxCp5F8J59gLJOfji0i/oyc746VNgKtbKI519Iinwgi8wU=
=qvkW
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 Mar 2013 07:27:46 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 19:46:17 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.