Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 02 Oct 2012 13:20:20 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: Raphael Geissert <geissert@...ian.org>
CC: oss-security@...ts.openwall.com
Subject: Re: CVE request - mcrypt buffer overflow flaw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/02/2012 12:42 PM, Raphael Geissert wrote:
> Kurt,
> 
> I think at least one more CVE id needs to be assigned:
> 
> On Saturday 15 September 2012 19:22:06 Raphael Geissert wrote:
>> On Tuesday 11 September 2012 10:19:38 Eygene Ryabinkin wrote:

>> Another week, another couple of patches. One makes it use strncpy
>> and forces a NUL on the last byte of local_algorithm, local_mode,
>> and local_keymode. Their values are checked later on, so it seems
>> safe to pass unvalidated data. The size of the buffers is
>> hard-coded to avoid making many changes to the code.
> 
> I think this needs a separate id, since fixes were released by
> Fedora and Debian referencing CVE-2012-4409 but only for the
> original report.
> 
> Eygene's followup issues have been fixed in Debian without
> referencing a CVE id.

Can you post a link to source fixes/commits? Thanks.

>> Once those issues were fixed I noticed that salt_size is not
>> initialized if the salt flag is not set. The result is an
>> inconditional call to malloc, with an uninitialized int as
>> argument. This can lead to a non-attacker-controlled memory
>> consumption DoS in most cases. It makes me think nobody actually
>> ever used it without a salt.
> 
> I've no strong opinion on whether this deserves an id.
> 
> Cheers,

Hrmm there's a thought, has this DoS been confirmed? As we've probably
seen over the last year more than a few sites fail to salt their
stored passwords =(.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQaz50AAoJEBYNRVNeJnmTSK4P/26UQ0ORk9a3iUwsegwosivb
S/hvJQ+nH8oXHrT4TX6sjwg0QacNHGVDcgMRf2iQVTSrDseJsFVz1EC+hQHR0A53
o3svXEb/11l+tpOxvXRaV2Tr5eU0BSwB+nDLiZgWry+IYLp17pyqdicNsLfwST6n
RZhWdI/cMFk7Oxm6FyM0fSoXWS95ixSCJrnRh60+PrZeKKe6K+Hw78+nMO9dUcjI
GQHrMMiNGY0CDwDrokQeYT6Asf96nXBurNjt/gd18u9QXp6NZ7hWLsfF/f8ISFC9
0firEfZYbBcuV7KSacPyk+kqgT+VsSXZPbCqeC78o8avHBN/pa7zjXmnJjBOH5ps
FD88YNv5hdk6NjCrK5PbfRqi79ltM1JzI6mDxXb7jmJ6OFbvdCcMqKoSMNQkkYRA
FaR0f3BOU2I/1JsYKcCUITLRjUAcvw1LQX6v9MWtEb3iN/jfGRYdXEa0hV75tgpq
qljttSu3i5F/x80/TrOfvtQ+unuESUulkeXExdMfOULnf9SBgxY7aZpbT9TCfBlI
qBY4xBZTtxh2lYwLTiCof0lCtu779uqKeszVi6LiF9SXv/4cm8srvU4K74CDIcjv
KLCP4ba+a/VihVBf2EUP2myRN7ayPXYwII6CtqYu4smhJc00UQFMtbFNghXx+3Sg
vU//7x41AXD3ET5hrRfL
=fa7h
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.