Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 23 Apr 2015 03:03:00 -0400 (EDT)
From: cve-assign@...re.org
To: mprpic@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> * [Bug 2797] ntp-keygen trapped in endless loop for MD5 keys on big-endian machines.
> https://bugs.ntp.org/show_bug.cgi?id=2797
> 
> Patch: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg

> While the endless loop is not a security flaw per se

The unstated rationale here seems to be "ntp-keygen is a command-line
program that is not normally exposed in a way that crosses privilege
boundaries."

The documentation mentions:

  After setting up the environment it is advisable to update certificates
  from time to time, if only to extend the validity interval.
  Simply run
  @code{ntp-keygen}
  with the same flags as before to generate new certificates

It seems plausible that some sites may have created a web interface so
that operations staff can occasionally do a certificate update (maybe
with a new key), but these staff don't have login access to the
machine running NTP. The flaw would give them the new ability to
(sometimes) launch a CPU consumption attack. However, we have not
actually heard of anyone with a web-based ntp-keygen arrangement, so
we currently don't want to assign a CVE ID for that.

> the fact that
> ntp-keygen generates non-random keys is. If the lowest byte of the temp
> variable happens to be between 0x20 and 0x7f and not #, the generated
> MD5 key will consist of 20 identical characters, meaning only 93
> possible keys can be generated.

Use CVE-2015-3405 for this code error that results in a key space
that's much smaller than expected.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVOJgkAAoJEKllVAevmvmsSUMH/3wjdFZGeR9ubvEm6Yb0tq9q
lbbGuZSawcdPL/F45VYB+u75VTIjlJx6I693Rn+UwIvHYadOCARkk0/JBmf7GUyL
ANPAxy8RW0QnvB9eByTgiX2SREtGVkIusRSgOB37mZf5+rsjNZTbcEojBO0rIOO3
6PeslrWHMehqnp3rN8phCZWArinLCBaI/f+ohLLA0uYjpNM7MNvA1ULn9F0tuuic
ZOPMTCLynPDm9gGXS0yv7HWuE5Jni05ngq6+NcAI7xeCqpJQQ2uBB1JmJrg12e/R
yS/JSn+s7BFGb59/WPtg1fvIFiv2EAKU4DhhwP0vawzNCZcnZqESLF1umaQKsDs=
=yDz2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.