Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Aug 2014 21:38:43 +0200
From: Tomas Hoger <thoger@...hat.com>
To: Ben Reser <ben@...er.org>
Cc: Marcus Meissner <meissner@...e.de>,
        OSS Security List
 <oss-security@...ts.openwall.com>
Subject: Re: Re: Possible CVE request: subversion MD5
 collision authentication leak

On Fri, 01 Aug 2014 07:47:53 -0700 Ben Reser wrote:

> On 8/1/14 3:12 AM, Marcus Meissner wrote:
> > The subversion list has fixed a md5 collision attack possibility.
> > 
> > http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E
> > 
> > http://svn.apache.org/r1550691
> > http://svn.apache.org/r1550772
> > 
> > The referenced E-Mail speaks about CVE request, so not sure who
> > will assign one.
> 
> Already got one (the request was directed at security@...che.org who
> hand them out to us): CVE-2014-3528.

I believe the attack here is supposed to create a collision against MD5
sums used as names of files under ~/.subversion/auth/svn.simple/.
However, as attacker does not control realm strings for any of the
trusted repositories, that would require preimage attack.  The lack of
(publicly) known efficient preimage attacks against MD5 should imply
such attack is still only theoretical.

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ