Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 06 May 2013 16:10:59 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: OpenVPN use of non-constant-time
 memcmp in HMAC comparison in openvpn_decrypt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/06/2013 10:33 AM, Vincent Danen wrote:
> Could a CVE be assigned to this issue?  Copying and pasting from
> the upstream announcement:
> 
> 
> Exploit summary OpenVPN 2.3.0 and earlier running in UDP mode are
> subject to chosen ciphertext injection due to a non-constant-time
> HMAC comparison function. Plaintext recovery may be possible using
> a padding oracle attack on the CBC mode cipher implementation of
> the crypto library, optimistically at a rate of about one character
> per 3 hours. PolarSSL seems vulnerable to such an attack; the
> vulnerability of OpenSSL has not been verified or tested.
> 
> Severity OpenVPN servers are typically configured to silently drop
> packets with the wrong HMAC. For this reason measuring the
> processing time of the packets is not trivial without a MITM
> position. In practice, the attack likely needs some target-specific
> information to be effective.
> 
> The severity of this vulnerability can be considered low. Only if 
> OpenVPN is configured to use a null-cipher, arbitrary plain-text
> can be injected which can completely open up this attack vector.
> 
> Affected versions OpenVPN 2.3.0 and earlier are vulnerable. A fix
> (commit f375aa67cc) is included in OpenVPN 2.3.1 and later.
> 
> 
> References:
> 
> https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
>
> 
https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee
> 
> https://bugs.gentoo.org/show_bug.cgi?id=468756 
> https://bugzilla.redhat.com/show_bug.cgi?id=960192

Please use CVE-2013-2061 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRiCpzAAoJEBYNRVNeJnmTIDsQAJ5sDruwZcqFRIB6LoV2i6Dk
mOzs0HPV+S+zi7cBfv9mG+++nvn7GxXjl2h4sICo8l4hbMYDcBO242sg1x8e8IWV
SetEQe9o4x3cz3qJGU8s0GsmT9uTwrjigdJNb56OEKKQPdXb+hsBKpzZ5aF5hfBr
U1WviV3/HxZSfnDeJ1NHYHK3FqsA/s/fVHdt9B8r1zBi0/fQx4DyHbFg66bzCW8t
bZiPGvveSc6BwuIvLYHdtQfzXud6uW63Gs/gSsnk2ew0ahwtC4JlnntLXeGcTipz
MXA3s6T8sU3nK1YuQGuYaz8hrflimxek7YzIHNDaRb0k95f3Kma7Xb1QKdHSMjDU
ePVzsev1EXoGZogs/1C/RO5NSKu7aL69fmOg+M0BC/+fqvMSiFfJXB0FP0X2+VZ4
NwVJXyrhIMXozeWfZX0E/UhmwbeFIaMkcfc6MIgfkxS2jStUEJnqB9VpBEg2O/gC
A8FCskScJyUtGvNFv0neZR867LqQ6Rzb3HKbS1rAmV4OwNf0kEl6V7wjdkms2Wus
3mUFEVYUFBqBmdBdE2dtWesfHPbryloLNeLakgx4v+Z95T+sHUfVTp3IjU9s2DT0
e+4Lwu21yjr4j7q6/bIkOGPWKKcXVP3LWA1Mh2JOO+NiCFzepC44U9IKmetxoIhb
RladVrn7o/99KBmo+eUJ
=8YFZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.