Date: Mon, 04 Aug 2014 15:32:13 -0700 From: Ben Reser <ben@...er.org> To: Tomas Hoger <thoger@...hat.com> CC: Marcus Meissner <meissner@...e.de>, OSS Security List <oss-security@...ts.openwall.com> Subject: Re: Re: Possible CVE request: subversion MD5 collision authentication leak On 8/4/14 12:38 PM, Tomas Hoger wrote: > I believe the attack here is supposed to create a collision against MD5 > sums used as names of files under ~/.subversion/auth/svn.simple/. > However, as attacker does not control realm strings for any of the > trusted repositories, that would require preimage attack. The lack of > (publicly) known efficient preimage attacks against MD5 should imply > such attack is still only theoretical. I think your understanding of the current state of MD5 collision attacks is out of date. Chosen prefix attacks are possible. See: http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/ The MD5 hash is created off the data in the following format: <$URL> $REALM An attacker trying to take advantage of this only needs the $URL portion to match their server. The $REALM can then be whatever data is required to make the MD5 hash match the system they are trying to attack. I know of nobody that has taken the time to generate a MD5 collision to take advantage of this. But I'm pretty sure that it could be done.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ