Bug#559107: weaknesses in BSD PRNG algorithms

To: Moritz Muehlenhoff <jmm@inutil.org>, 559107@bugs.debian.org
Subject: Bug#559107: weaknesses in BSD PRNG algorithms
From: Petr Salinger <Petr.Salinger@seznam.cz>
Date: Fri, 4 Dec 2009 13:31:34 +0100 (CET)
Message-id: <Pine.LNX.4.62.0912041253530.2753@sci.felk.cvut.cz>
Reply-to: Petr Salinger <Petr.Salinger@seznam.cz>, 559107@bugs.debian.org
In-reply-to: <20091203214259.GA4729@galadriel.inutil.org>
References: <Pine.LNX.4.62.0912020917460.29205@sci.felk.cvut.cz> <20091201222629.4015.92086.reportbug@localhost.localdomain> <handler.559107.D559107.125974199823788.notifdone@bugs.debian.org> <20091202193737.GA732@inutil.org> <Pine.LNX.4.62.0912031328110.32543@sci.felk.cvut.cz> <20091203214259.GA4729@galadriel.inutil.org>

If I understand it correctly, this means that the fix is present in
kfreebsd-8, but not kfreebsd-7?


Yes.

Not having it enabled by default seems good enough to me.


If I understand it correctly, the security problem is

"it allows remote attackers to guess sensitive values such as IPfragmentation IDs by observing a sequence of previously generated values".

By default, the next_value is previous_value+1, i.e. unsecure at all.

It can be enabled to use random (secure) value, the random value is inkfreebsd-7 generated by weak X2 algorithm, in kfreebsd-8 by "algorithmsuggested by Amit Klein".


So the options are:

1) leave it as is (same as native FreeBSD)
2) only backport new algorithm to kfreebsd-7
3) change default to use random algorithm in both kfreebsd-7 and kfreebsd-8
4) backport new algorithm to kfreebsd-7 and change default to use
   random algorithm in both kfreebsd-7 and kfreebsd-8

What prefers the security team ?

Will Squeeze use kfreebsd-7 or -8 or both?


It is not yet decided, the kfreebsd-8 is really fresh.

Petr

Reply to:

Follow-Ups:
- Bug#559107: weaknesses in BSD PRNG algorithms
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Bug#559107: Local root exploit in rtld
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Bug#559107: closed by Petr Salinger <Petr.Salinger@seznam.cz> (Re: Bug#559107: Local root exploit in rtld)
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Bug#559107: weaknesses in BSD PRNG algorithms
  - From: Petr Salinger <Petr.Salinger@seznam.cz>
- Bug#559107: weaknesses in BSD PRNG algorithms
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: kfreebsd-kernel-headers and USB API breakage
Next by Date: Bug#559344: kldutils: bashism used in /etc/init.d/module-init-tools
Previous by thread: Processed: Re: Bug#559107: weaknesses in BSD PRNG algorithms
Next by thread: Bug#559107: weaknesses in BSD PRNG algorithms
Index(es):
- Date
- Thread