Hi there! Is there already an update for the new openssh (2.5.2p2) version which includes various security fixes? Best wishes Norbert -- ciao norb +-------------------------------------------------------------------+ | Norbert Preining http://www.logic.at/people/preining | | University of Technology Vienna, Austria preining@logic.at | | DSA: 0x09C5B094 (RSA: 0xCF1FA165) mail subject: get [DSA|RSA]-key | +-------------------------------------------------------------------+
Hi Norbert, On Monday 26 March 2001 12:49, Norbert Preining wrote:
Hi there!
Is there already an update for the new openssh (2.5.2p2) version which includes various security fixes?
I think in the discussion a few weeks ago it turned out that SuSE's default policy is to only offer patched versions of packages they ship with their CD's, i.e. if there is no security hole there probably won't be a feature upgrade. But I'm just in the course of building rpms for SuSE 7.0 (maybe SuSE 7.1) and I will offer the rpms, the spec file as well as a short instruction on building openssh for SuSE from source rpm (which you can download from www.openssh.org) on our web site, so stay tuned. With an appropriate spec file, it's a one-liner. By the way, I was surprised at how many people actually downloaded the binary rpm for openssh-2.5.1p1 from our web site Though I don't have any bad intentions at all, you should have no reason to trust me, and _never_ download security sensitive packages from untrusted sources. Anyway, it was a nice field test on how far you _could_ probably get with "social engineering" in security mailing lists. Maybe Kurt wants to write an article on that subject ...? ;-)
Best wishes
Norbert
Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany Tel.: +49-251-83-33557 Fax: +49-251-83-39083 E-Mail (work): lewelin@uni-muenster.de
Is there already an update for the new openssh (2.5.2p2) version which includes various security fixes?
I think in the discussion a few weeks ago it turned out that SuSE's default policy is to only offer patched versions of packages they ship with their CD's, i.e. if there is no security hole there probably won't be a feature upgrade.
If there is a security problem, we will fix it, especially if security-related software is concerned. The case of openssh is a mixed one: There is no imminent security threat with the versions we have out on the ftp server right now. Anyway, we have made updates, but we see some problems with them. Give us another few days and we'll have them fixed. The packages will be provided for the SuSE distributions that included openssh already. The others will not see updates because the package may not even compile on them.
But I'm just in the course of building rpms for SuSE 7.0 (maybe SuSE 7.1) and I will offer the rpms, the spec file as well as a short instruction on building openssh for SuSE from source rpm (which you can download from www.openssh.org) on our web site, so stay tuned. With an appropriate spec file, it's a one-liner. By the way, I was surprised at how many people actually downloaded the binary rpm for openssh-2.5.1p1 from our web site Though I don't have any bad intentions at all, you should have no reason to trust me, and _never_ download security sensitive packages from untrusted sources. Anyway, it was a nice field test on how far you _could_ probably get with "social engineering" in security mailing lists. Maybe Kurt wants to write an article on that subject ...? ;-)
Ack. It's sad. I believe Kurt has some sad articles about this already... :-)
Best wishes
Norbert
Regards, Martin
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Hi Roman, On Monday 26 March 2001 15:06, you wrote:
If there is a security problem, we will fix it, especially if security-related software is concerned. The case of openssh is a mixed one: There is no imminent security threat with the versions we have out on the ftp server right now. Anyway, we have made updates, but we see some problems with them. Give us another few days and we'll have them fixed.
Great news. Another hour of work avoided ... ;-)
The packages will be provided for the SuSE distributions that included openssh already. The others will not see updates because the package may not even compile on them.
Yep. BTW, the suse spec file in the contrib subdirectory of openssh/portable on www.openssh.org is broken anyway, it has wrong man paths and rc scripts, doesn't install sftp-server, and insecurely uses /tmp as buildroot. It is probably time to update it.
... Anyway, it was a nice field test on how far you _could_ probably get with "social engineering" in security mailing lists. Maybe Kurt wants to write an article on that subject ...? ;-)
Ack. It's sad. I believe Kurt has some sad articles about this already... :-)
99% probability. BTW great work Kurt! ;-)
Thanks, Roman.
Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany Tel.: +49-251-83-33557 Fax: +49-251-83-39083 E-Mail (work): lewelin@uni-muenster.de
Ack. It's sad. I believe Kurt has some sad articles about this already... :-)
99% probability. BTW great work Kurt! ;-)
Huh? I missed a few messages (checks archives...) ok. Yeah, me too, running cryptoarchive bothers me, a) not to many people download the sig files for tarballs, and b) many many people installed my solaris ssh packages (which of course are glorified tarballs I built). It's amazing what people will install. I've actually got an upcoming article on the importance of getting keys from trusted places, the assumption being all developers at least include a signature in another file (i.e. detached sig) and more importantly that people check them (rmemeber ftp.win.tue.nl getting hacked? like 60 downloads before someone checked the pgp sig and alerted them). BTW the next email should amuse you all.
Thanks, Roman.
Regards, Martin --
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
Ack. It's sad. I believe Kurt has some sad articles about this already... :-)
99% probability. BTW great work Kurt! ;-)
Huh? I missed a few messages (checks archives...) ok. Yeah, me too, running cryptoarchive bothers me, a) not to many people download the sig files for tarballs, and b) many many people installed my solaris ssh packages (which of course are glorified tarballs I built). It's amazing what people will install. I've actually got an upcoming article on the importance of getting keys from trusted places, the assumption being all developers at least include a signature in another file (i.e. detached sig) and more importantly that people check them (rmemeber ftp.win.tue.nl getting hacked? like 60 downloads before someone checked the pgp sig and alerted them). BTW the next email should amuse you all.
Thanks, Roman.
Regards, Martin --
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
SecurityPortal Security Advisory SPSA-2001-0001
http://www.securityportal.com/articles/advisory20010001.html
Title:
RPM PGP/GnuPG verification bug
Issue date:
Feb 27, 2001
History of advisory:
Feb 23, 2001 Ben De Rydt (ben dot de dot rydt at pandora dot be) brought this to
my attention.
Feb 27, 2001 advisory written and released to Linux vendor list, vendors
notified.
Feb 28, 2001 updated, thanks to Olaf Kirch for mentioning automatic key
downloads.
Author:
Kurt Seifried seifried@securityportal.com
Credits:
Ben De Rydt (ben dot de dot rydt at pandora dot be) originally brought this to
my attention, thanks go to him.
Olaf Kirch (okir@caldera.de) for mentioning automatic key downloads and macros
(which I read in the man page but mentally skipped over).
Overview:
There is a significant implementation/logic bug in how RPM verifies the
cryptographic signatures on RPM files.
Vendor Contact:
N/A
Impact:
An attacker can create RPM's that will appear to be legitimate to the
administrator, once installed root access (or anything else) can easily be
achieved.
Details:
If an attacker can trick an administrator into installing an RPM checking the
signature on the RPM can easily be subverted, thus the trojan'ed RPM is
installed and the attacker can gain access.
If an attacker can trick an administrator into installing a new key, or the
administrator has enabled automatic key downloads, and provide them with a
trojan'ed rpm file they can gain root access. No local access is required.
Getting an admin to install a new key can be as simple as posting fake keys with
identities like "secure@vendor.foo" or by simply emailing them to administrators
with a subject line such as "new vendor key, please use to verify future rpm
packages". Getting the administrator to download trojan'ed packages is
attainable by poisoning DNS, spoofing a site, or breaking into a major RPM ftp
site.
1) Attacker creates fake key, "secure@vendor.foo"
2) Attacker creates trojan'ed RPM, signs with fake key
3) Attacker sends key to victim, via email or otherwise, or victim has
"automatic key download" enabled (note: it is common for vendors to send out
self signed keys on various mailing lists)
4) Attacker either spoofs an update site, or breaks into a legitimate update
site, replaces the real RPM with their trojan'ed RPM
5) User downloads RPM, verifies it (examples sanitized):
[root@server /root]# rpm -K gnupg-1.0.1-1.i386.rpm
/root/RPMS/gnupg-1.0.2-4.i386.rpm: md5 gpg OK
Even with an "rpm -Kvv":
[root@stench /root]# rpm -Kvv /root/RPMS/gnupg-1.0.1-1.i386.rpm
D: New Header signature
D: Signature size: 149
D: Signature pad : 3
D: sigsize : 152
D: Header + Archive: 709097
D: expected size : 709097
/root/RPMS/gnupg-1.0.2-4.i386.rpm:
MD5 sum OK: 005707d7f35fc754dc5402462caf2ef6
gpg: Signature made Wed 30 Aug 2000 04:14:57 PM MDT using DSA key ID DB42A60E
gpg: Good signature from "Vendor, Inc
Impact: An attacker can create RPM's that will appear to be legitimate to the administrator, once installed root access (or anything else) can easily be achieved.
Details: If an attacker can trick an administrator into installing an RPM checking the signature on the RPM can easily be subverted, thus the trojan'ed RPM is installed and the attacker can gain access.
Yes. Put this: chmod 777 / into the %post install section of an rpm and have it installed. A wonderful exploit. [snip]
packages". Getting the administrator to download trojan'ed packages is attainable by poisoning DNS, spoofing a site, or breaking into a major RPM ftp site.
yes, yes. Nothing new. The fact that software packaging nowadays depends on cryptographic methods opens up some problems if the admin is moron enough is nothing new. This has been here since the day when someone plugged a cable between two computers.
# chattr +i /root/.gnupg/pubring.gpg This will prevent accidental or casual insertion of new keys. If you have many keys in either keyring you should make sure to verify the fingerprint every time you check a package's signature.
You fail to mention that the immutable flag is a feature of the ext2 filesystem. reiserfs (which is included in SuSE distributions and which has proven to be very stable) doesn't have that flag. Besides, this breaks an update from a SuSE aaa_base rpm package (which isn't the package's fault), and it doesn't help since it only defeats symptomatic aspects of the whole problem.
Vendors that ship RPM update tools should use a separate keyring (instead of root's) for verifying RPM's that are downloaded.
This does not really make a difference.
Once the attacker can make the admin do silly things on the box, there are
easier ways to gain root access.
Roman.
--
- -
| Roman Drahtmüller
The point is this: with automatic keydownload the attacker doesn't need to get a key to the victim. Without the attacker simply sends out a new self signed key and makes it appear as if from the vendor, in the last month several vendors have issued new keys, all self signed, posted to various mailing lists/etc. Do you 100% trust the security of all your mirror sites? Do you 100% trust your dns server, especially now with more people using autorpm/rhupdate/etc? Will SuSE be fixing this ala caldera/others? -Kurt
* Kurt Seifried wrote on Mon, Mar 26, 2001 at 07:48 -0700:
The point is this: with automatic keydownload the attacker doesn't need to get a key to the victim.
So the flaw is, that RPM trusts a untrusted key in pubring?
Without the attacker simply sends out a new self signed key and makes it appear as if from the vendor,
this is a common problem. To avoid this, it's possible to compare fingerprints or use keys from CD. The same for eMail and all. RPM shouldn't trust untrusted keys of course.
in the last month several vendors have issued new keys, all self signed,
you mean: self signed only?
posted to various mailing lists/etc. Do you 100% trust the security of all your mirror sites? Do you 100% trust your dns server, especially now with more people using autorpm/rhupdate/etc?
:) if so, there wouldn't be really no need for signatures at all ;)
Will SuSE be fixing this ala caldera/others?
Isn't RedHat the maintainer of RPM? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (5)
-
Kurt Seifried
-
Martin Leweling
-
Norbert Preining
-
Roman Drahtmueller
-
Steffen Dettmer