Date: Mon, 06 May 2013 16:10:59 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Vincent Danen <vdanen@...hat.com> Subject: Re: CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/06/2013 10:33 AM, Vincent Danen wrote: > Could a CVE be assigned to this issue? Copying and pasting from > the upstream announcement: > > > Exploit summary OpenVPN 2.3.0 and earlier running in UDP mode are > subject to chosen ciphertext injection due to a non-constant-time > HMAC comparison function. Plaintext recovery may be possible using > a padding oracle attack on the CBC mode cipher implementation of > the crypto library, optimistically at a rate of about one character > per 3 hours. PolarSSL seems vulnerable to such an attack; the > vulnerability of OpenSSL has not been verified or tested. > > Severity OpenVPN servers are typically configured to silently drop > packets with the wrong HMAC. For this reason measuring the > processing time of the packets is not trivial without a MITM > position. In practice, the attack likely needs some target-specific > information to be effective. > > The severity of this vulnerability can be considered low. Only if > OpenVPN is configured to use a null-cipher, arbitrary plain-text > can be injected which can completely open up this attack vector. > > Affected versions OpenVPN 2.3.0 and earlier are vulnerable. A fix > (commit f375aa67cc) is included in OpenVPN 2.3.1 and later. > > > References: > > https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc > > https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee > > https://bugs.gentoo.org/show_bug.cgi?id=468756 > https://bugzilla.redhat.com/show_bug.cgi?id=960192 Please use CVE-2013-2061 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRiCpzAAoJEBYNRVNeJnmTIDsQAJ5sDruwZcqFRIB6LoV2i6Dk mOzs0HPV+S+zi7cBfv9mG+++nvn7GxXjl2h4sICo8l4hbMYDcBO242sg1x8e8IWV SetEQe9o4x3cz3qJGU8s0GsmT9uTwrjigdJNb56OEKKQPdXb+hsBKpzZ5aF5hfBr U1WviV3/HxZSfnDeJ1NHYHK3FqsA/s/fVHdt9B8r1zBi0/fQx4DyHbFg66bzCW8t bZiPGvveSc6BwuIvLYHdtQfzXud6uW63Gs/gSsnk2ew0ahwtC4JlnntLXeGcTipz MXA3s6T8sU3nK1YuQGuYaz8hrflimxek7YzIHNDaRb0k95f3Kma7Xb1QKdHSMjDU ePVzsev1EXoGZogs/1C/RO5NSKu7aL69fmOg+M0BC/+fqvMSiFfJXB0FP0X2+VZ4 NwVJXyrhIMXozeWfZX0E/UhmwbeFIaMkcfc6MIgfkxS2jStUEJnqB9VpBEg2O/gC A8FCskScJyUtGvNFv0neZR867LqQ6Rzb3HKbS1rAmV4OwNf0kEl6V7wjdkms2Wus 3mUFEVYUFBqBmdBdE2dtWesfHPbryloLNeLakgx4v+Z95T+sHUfVTp3IjU9s2DT0 e+4Lwu21yjr4j7q6/bIkOGPWKKcXVP3LWA1Mh2JOO+NiCFzepC44U9IKmetxoIhb RladVrn7o/99KBmo+eUJ =8YFZ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ