Date: Mon, 6 May 2013 10:33:38 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt Could a CVE be assigned to this issue? Copying and pasting from the upstream announcement: Exploit summary OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementation of the crypto library, optimistically at a rate of about one character per 3 hours. PolarSSL seems vulnerable to such an attack; the vulnerability of OpenSSL has not been verified or tested. Severity OpenVPN servers are typically configured to silently drop packets with the wrong HMAC. For this reason measuring the processing time of the packets is not trivial without a MITM position. In practice, the attack likely needs some target-specific information to be effective. The severity of this vulnerability can be considered low. Only if OpenVPN is configured to use a null-cipher, arbitrary plain-text can be injected which can completely open up this attack vector. Affected versions OpenVPN 2.3.0 and earlier are vulnerable. A fix (commit f375aa67cc) is included in OpenVPN 2.3.1 and later. References: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee https://bugs.gentoo.org/show_bug.cgi?id=468756 https://bugzilla.redhat.com/show_bug.cgi?id=960192 -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.