Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 5 Aug 2014 16:03:29 +1000
From: Michael Samuel <mik@...net.net>
To: oss-security@...ts.openwall.com
Subject: [CVE Requests] rsync and librsync collisions

Hi,

I think there should be CVEs assigned for this:

rsync: MD5 collision DoS attack or limited file corruption
librsync: MD4 collision file corruption

Note: librsync is not the same code, protocol or maintainer as rsync.

The librsync attack is far easier to perform, since there's no
whole-file checksum and it will simply copy the first instance of a
collision into any place where the second collision is.

The rdiff utility that ships with librsync truncates hashes to 8
bytes, allowing a very fast and efficient birthday attack - so even if
MD4 was replaced attacks would still be possible while the hash is
truncted.  This also affects duplicity - they both use
RS_DEFAULT_STRONG_LEN - so the _librsyncmodule that ships with
duplicity will need recompiling after the fix ships.

Previous posting for context:
http://www.openwall.com/lists/oss-security/2014/07/28/1

Regards,
  Michael

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ