Date: Mon, 12 Aug 2013 12:41:59 -0400 (EDT) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: pending Bitcoin/Android CVE assignments -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITRE is currently working on third-party CVE requests related to a recent Bitcoin/Android issue that might (or might not) be related to other open-source products such as Bouncy Castle products. We'll send another message here after we have CVE assignments or another outcome. Our preference is to assign the CVE IDs after there seems to be agreement among security researchers about how many different vulnerabilities contribute to the problem. Ultimately, the observed problem seems to be: https://bitcointalk.org/index.php?topic=271486.0 Several people have reported their BTC stolen ... It has been noticed that the coins are all transferred in a few hours after a client improperly signs a transaction by reusing the same random number. Here is an example reference that suggests more than one vulnerability: https://code.google.com/p/bitcoin-wallet/source/detail?name=bitcoinj-0.10&r=04d2044880d88107ee4a939a516fb4be4cedeaf9# Other information we are currently considering includes: https://news.ycombinator.com/item?id=6195902 and http://android-developers.blogspot.com/2013/02/using-cryptography-to-store-credentials.html suggest that they are a communication from the "Android Developer Relations team" stating "This was fixed in Android 4.2 when we switched from BouncyCastle to OpenSSL as the underlying crypto provider. I don't know why you'd still be seeing this on Android 4.2." https://bitcointalk.org/index.php?topic=271486.msg2910339#msg2910339 and http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html refer to "The same k will lead to the same x1 coordinate, which will lead to the same r." http://armoredbarista.blogspot.com.au/2013/03/randomly-failed-weaknesses-in-java.html and http://www.scribd.com/doc/131955288/Randomly-Failed-The-State-of-Randomness-in-Current-Java-Implementations describe multiple issues in four different products. And, finally, https://news.ycombinator.com/item?id=6195787 says "They [ https://bitcointalk.org/index.php?topic=271831.0 ] claim the problem lies with 'a component of Android'. One of them told me that the solution was to switch from using SecureRandom to reading /dev/urandom directly. The actual source changes appear not to be public, and he wouldn't tell me details about the issue." - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iQEcBAEBAgAGBQJSCQ9QAAoJEGvefgSNfHMd1L4H/0mnG2dh7G824DxEQns2qBB3 Op1qk9FJeOzo+YL2x/lRbkGdem4UKUMS3rY9BSDJidfz8hfwfAZ6JysabUJzCkoB YkVC2zla2dKff+6fPsm49w26Ku9DgdGuKPdX2trKJhDkCqswQ1WNyV6sZIHKP51Y uCJBLo0TmffBZZOSH2e63AWrOT/rcClqr8G5aJHBJteNj+1eVY+dyQt/mDLVTbxW /ZQb4aYwKI3Rfacjbf8TbOo3TsevtzcjTMQSEya0F0AHx7HJWhxHniMVyGhgCjvQ CbobCP+uCohJzh+hSBj7v5PNMM9HA5EIQfms3lpyB8Kh0yrvT6LuER56etTpQDw= =7Oks -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.