Re: Wheezy update of simplesamlphp?
Hello Thijs,
On Mon, 04 Sep 2017, Thijs Kinkhorst wrote:
> On Wed, August 30, 2017 16:26, Raphael Hertzog wrote:
> > The Debian LTS team would like to fix the security issues which are
> > currently open in the Wheezy version of simplesamlphp:
> > https://security-tracker.debian.org/tracker/source-package/simplesamlphp
> >
> > Would you like to take care of this yourself?
>
> None of this is particularly worrysome, but together an update might be
> worthwhile. I'll see what I can do.
I prepared an update fixing all CVE except CVE-2017-12870 that I marked as
ignored on wheezy because aesEncrypt/aesDecrypt in this version uses a different
implementation based on mcrypt and not openssl and it doesn't look like
worth reimplementing the fix entirely.
It would be nice if you (and/or other LTS users) could test the package (I
did absolutely no tests so far, except building the package):
$ dget https://people.debian.org/~hertzog/packages/simplesamlphp_1.9.2-1+deb7u1_amd64.changes
The debdiff is attached if you want to review it, too.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
diff -Nru simplesamlphp-1.9.2/debian/changelog simplesamlphp-1.9.2/debian/changelog
--- simplesamlphp-1.9.2/debian/changelog 2012-08-29 17:45:36.000000000 +0200
+++ simplesamlphp-1.9.2/debian/changelog 2017-11-30 15:07:03.000000000 +0100
@@ -1,3 +1,15 @@
+simplesamlphp (1.9.2-1+deb7u1) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Debian LTS Team.
+ * Fix CVE-2017-12867: Invalid token creation and validation
+ * Fix CVE-2017-12869: Authentication context bypass in the multiauth module
+ * Fix CVE-2017-12872: Multiple timing side-channel issues
+ (use the patch fixed for CVE-2017-12868 too)
+ * Fix CVE-2017-12873: Incorrect persistent NameID generation
+ * Fix CVE-2017-12874: incorrect signature verification
+
+ -- Raphaël Hertzog <hertzog@debian.org> Thu, 30 Nov 2017 15:07:03 +0100
+
simplesamlphp (1.9.2-1) unstable; urgency=medium
* New upstream security release:
diff -Nru simplesamlphp-1.9.2/debian/patches/CVE-2017-12867.patch simplesamlphp-1.9.2/debian/patches/CVE-2017-12867.patch
--- simplesamlphp-1.9.2/debian/patches/CVE-2017-12867.patch 1970-01-01 01:00:00.000000000 +0100
+++ simplesamlphp-1.9.2/debian/patches/CVE-2017-12867.patch 2017-11-30 15:07:03.000000000 +0100
@@ -0,0 +1,17 @@
+Description: Fix CVE-2017-12867: Invalid token creation and validation
+ See https://simplesamlphp.org/security/201708-01
+Origin: backport, https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
+Last-Update: 2017-11-30
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
++++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
+@@ -55,7 +55,7 @@ class SimpleSAML_Auth_TimeLimitedToken {
+
+ #echo '<p>Calculating sha1( ' . $this->calculate_time_slot($offset) . ':' . $this->secretSalt . ' )<br />';
+
+- return sha1( $this->calculate_time_slot($offset) . ':' . $this->secretSalt);
++ return sha1($offset . ':' . $this->calculate_time_slot($offset) . ':' . $this->secretSalt);
+ }
+
+ /**
diff -Nru simplesamlphp-1.9.2/debian/patches/CVE-2017-12869.patch simplesamlphp-1.9.2/debian/patches/CVE-2017-12869.patch
--- simplesamlphp-1.9.2/debian/patches/CVE-2017-12869.patch 1970-01-01 01:00:00.000000000 +0100
+++ simplesamlphp-1.9.2/debian/patches/CVE-2017-12869.patch 2017-11-30 15:07:03.000000000 +0100
@@ -0,0 +1,31 @@
+From f1e485284dd428ab3cd9500c62e19c7c7234be9a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
+Date: Fri, 5 May 2017 11:36:42 +0200
+Subject: [PATCH] bugfix: Allow only valid auth sources in MultiAuth.
+
+The configuration of the MultiAuth authentication source specifies the auth sources that the user is presented with when asked for authentication. However, there was no proper check for the auth source selected by the user to ensure it is one of those allowed for MultiAuth.
+
+See https://simplesamlphp.org/security/201704-02
+
+Origin: upstream, https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a
+---
+ modules/multiauth/lib/Auth/Source/MultiAuth.php | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/modules/multiauth/lib/Auth/Source/MultiAuth.php
++++ b/modules/multiauth/lib/Auth/Source/MultiAuth.php
+@@ -144,7 +144,13 @@ class sspmod_multiauth_Auth_Source_Multi
+ assert('is_array($state)');
+
+ $as = SimpleSAML_Auth_Source::getById($authId);
+- if ($as === NULL) {
++ $valid_sources = array_map(
++ function($src) {
++ return $src['source'];
++ },
++ $state[self::SOURCESID]
++ );
++ if ($as === NULL || !in_array($authId, $valid_sources)) {
+ throw new Exception('Invalid authentication source: ' . $authId);
+ }
+
diff -Nru simplesamlphp-1.9.2/debian/patches/CVE-2017-12870.patch simplesamlphp-1.9.2/debian/patches/CVE-2017-12870.patch
--- simplesamlphp-1.9.2/debian/patches/CVE-2017-12870.patch 1970-01-01 01:00:00.000000000 +0100
+++ simplesamlphp-1.9.2/debian/patches/CVE-2017-12870.patch 2017-11-30 15:07:03.000000000 +0100
@@ -0,0 +1,11 @@
+From 4c939be1696bacb2b95ee11d4ebc5814a08b04c5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
+Date: Wed, 26 Apr 2017 11:50:01 +0200
+Subject: [PATCH] Make sure data encrypted with
+ SimpleSAML\Utils\Crypto::aesEncrypt() is also authenticated.
+
+---
+ lib/SimpleSAML/Utils/Crypto.php | 63 ++++++++++++++++++++++---------
+ tests/lib/SimpleSAML/Utils/CryptoTest.php | 2 +-
+ 2 files changed, 47 insertions(+), 18 deletions(-)
+
diff -Nru simplesamlphp-1.9.2/debian/patches/CVE-2017-12872.patch simplesamlphp-1.9.2/debian/patches/CVE-2017-12872.patch
--- simplesamlphp-1.9.2/debian/patches/CVE-2017-12872.patch 1970-01-01 01:00:00.000000000 +0100
+++ simplesamlphp-1.9.2/debian/patches/CVE-2017-12872.patch 2017-11-30 15:07:03.000000000 +0100
@@ -0,0 +1,107 @@
+From ab7761d4a523a4ed00479fb1ddba688e7ca72439 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
+Date: Fri, 17 Mar 2017 10:34:24 +0100
+Subject: [PATCH] Add a SimpleSAML\Utils\Crypto::secureCompare() method.
+
+Use it when constant-time comparisons are needed to avoid side-channel attacks.
+
+See https://simplesamlphp.org/security/201703-01
+
+Origin: backport, https://github.com/simplesamlphp/simplesamlphp/commit/ab7761d4a523a4ed00479fb1ddba688e7ca72439
+---
+ lib/SimpleSAML/Session.php | 3 ++-
+ lib/SimpleSAML/Utils/Crypto.php | 36 ++++++++++++++++++++++++--
+ modules/authcrypt/lib/Auth/Source/Htpasswd.php | 4 ++-
+ 3 files changed, 39 insertions(+), 4 deletions(-)
+
+--- a/lib/SimpleSAML/Session.php
++++ b/lib/SimpleSAML/Session.php
+@@ -1037,7 +1037,7 @@ class SimpleSAML_Session {
+ SimpleSAML_Logger::warning('Missing AuthToken cookie.');
+ return NULL;
+ }
+- if ($_COOKIE[$authTokenCookieName] !== $session->authToken) {
++ if (!SimpleSAML\Utils\Crypto::secureCompare($session->authToken, $_COOKIE[$authTokenCookieName])) {
+ SimpleSAML_Logger::warning('Invalid AuthToken cookie.');
+ return NULL;
+ }
+--- a/lib/SimpleSAML/Utils/Crypto.php
++++ b/lib/SimpleSAML/Utils/Crypto.php
+@@ -46,6 +46,38 @@ class SimpleSAML_Utils_Crypto {
+
+
+ /**
++ * Compare two strings securely.
++ *
++ * This method checks if two strings are equal in constant time, avoiding timing attacks. Use it every time we need
++ * to compare a string with a secret that shouldn't be leaked, i.e. when verifying passwords, one-time codes, etc.
++ *
++ * @param string $known A known string.
++ * @param string $user A user-provided string to compare with the known string.
++ *
++ * @return bool True if both strings are equal, false otherwise.
++ */
++ public static function secureCompare($known, $user)
++ {
++ if (function_exists('hash_equals')) {
++ // use hash_equals() if available (PHP >= 5.6)
++ return hash_equals($known, $user);
++ }
++
++ // compare manually in constant time
++ $len = mb_strlen($known, '8bit'); // see mbstring.func_overload
++ if ($len !== mb_strlen($user, '8bit')) {
++ return false; // length differs
++ }
++ $diff = 0;
++ for ($i = 0; $i < $len; $i++) {
++ $diff |= ord($known[$i]) ^ ord($user[$i]);
++ }
++ // if all the bytes in $a and $b are identical, $diff should be equal to 0
++ return $diff === 0;
++ }
++
++
++ /**
+ * This function checks if a password is valid
+ * @param $crypted Password as appears in password file, optionally prepended with algorithm
+ * @param $clear Password to check
+@@ -64,7 +96,7 @@ class SimpleSAML_Utils_Crypto {
+
+ if(in_array(strtolower($algo), hash_algos())) {
+ // Unsalted hash
+- return ( $crypted == self::pwHash($clear, $algo) );
++ return self::secureCompare($crypted, self::pwHash($clear, $algo));
+ }
+
+ if($algo[0] == 'S' && in_array(substr(strtolower($algo),1), hash_algos())) {
+@@ -72,7 +104,7 @@ class SimpleSAML_Utils_Crypto {
+ // Salted hash
+ $hash_length = strlen(hash($php_algo, 'whatever', TRUE));
+ $salt = substr(base64_decode($cryptedpw), $hash_length);
+- return ( $crypted == self::pwHash($clear, $algo, $salt) );
++ return self::secureCompare($crypted, self::pwHash($clear, $algo, $salt);
+ }
+
+ throw new Exception('Hashing algoritm \'' . strtolower($algo) . '\' not supported');
+--- a/modules/authcrypt/lib/Auth/Source/Htpasswd.php
++++ b/modules/authcrypt/lib/Auth/Source/Htpasswd.php
+@@ -72,8 +72,9 @@ class sspmod_authcrypt_Auth_Source_Htpas
+ $attributes = array_merge(array('uid' => array($username)), $this->attributes);
+
+ // Traditional crypt(3)
+- if(crypt($password, $crypted) == $crypted) {
++ if (SimpleSAML\Utils\Crypto::secureCompare($crypted, crypt($password, $crypted))) {
+ SimpleSAML_Logger::debug('User '. $username . ' authenticated successfully');
++ SimpleSAML_Logger::warning('CRYPT authentication is insecure. Please consider using something else.');
+ return $attributes;
+ }
+
+@@ -86,6 +87,7 @@ class sspmod_authcrypt_Auth_Source_Htpas
+ // SHA1 or plain-text
+ if(SimpleSAML_Utils_Crypto::pwValid($crypted, $password)) {
+ SimpleSAML_Logger::debug('User '. $username . ' authenticated successfully');
++ SimpleSAML_Logger::warning('SHA1 and PLAIN TEXT authentication are insecure. Please consider using something else.');
+ return $attributes;
+ }
+ throw new SimpleSAML_Error_Error('WRONGUSERPASS');
diff -Nru simplesamlphp-1.9.2/debian/patches/CVE-2017-12873.patch simplesamlphp-1.9.2/debian/patches/CVE-2017-12873.patch
--- simplesamlphp-1.9.2/debian/patches/CVE-2017-12873.patch 1970-01-01 01:00:00.000000000 +0100
+++ simplesamlphp-1.9.2/debian/patches/CVE-2017-12873.patch 2017-11-30 14:59:53.000000000 +0100
@@ -0,0 +1,39 @@
+Description: Fix CVE-2017-12873: Incorrect persistent NameID generation
+ See https://simplesamlphp.org/security/201612-04
+Origin: upstream, https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953 https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231 https://github.com/simplesamlphp/simplesamlphp/commit/300d8aa48fe93706ade95be481c68e9cf2f32d1f
+Last-Update: 2017-11-30
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/lib/SimpleSAML/Auth/ProcessingChain.php
++++ b/lib/SimpleSAML/Auth/ProcessingChain.php
+@@ -344,12 +344,18 @@ class SimpleSAML_Auth_ProcessingChain {
+
+ if (count($uid) > 1) {
+ SimpleSAML_Logger::warning('Multiple attribute values for user id attribute [' . $attributeName . '].');
++ return;
+ }
+
+ $uid = $uid[0];
++
++ if (empty($uid)) {
++ SimpleSAML_Logger::warning('Empty value in attribute '.$attributeName.". on user. Cannot set UserID.");
++ return;
++ }
+ $state['UserID'] = $uid;
+ }
+
+ }
+
+-?>
+\ No newline at end of file
++?>
+--- a/modules/saml/lib/IdP/SAML2.php
++++ b/modules/saml/lib/IdP/SAML2.php
+@@ -580,6 +580,7 @@ class sspmod_saml_IdP_SAML2 {
+ if ($attribute === NULL) {
+ if (!isset($state['UserID'])) {
+ SimpleSAML_Logger::error('Unable to generate NameID. Check the userid.attribute option.');
++ return NULL;
+ }
+ $attributeValue = $state['UserID'];
+ $idpEntityId = $idpMetadata->getString('entityid');
diff -Nru simplesamlphp-1.9.2/debian/patches/CVE-2017-12874.patch simplesamlphp-1.9.2/debian/patches/CVE-2017-12874.patch
--- simplesamlphp-1.9.2/debian/patches/CVE-2017-12874.patch 1970-01-01 01:00:00.000000000 +0100
+++ simplesamlphp-1.9.2/debian/patches/CVE-2017-12874.patch 2017-11-30 14:43:35.000000000 +0100
@@ -0,0 +1,17 @@
+Description: Fix CVE-2017-12874: incorrect signature verification
+ See https://simplesamlphp.org/security/201612-03 for details.
+Origin: upstream, https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
+Last-Update: 2017-11-30
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security.php
++++ b/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security.php
+@@ -221,7 +221,7 @@ static public function validateXMLSignat
+ $signedInfoXML = self::addNamespace($signedInfo, "http://www.w3.org/2000/09/xmldsig#";);
+ SimpleSAML_Logger::debug("canonicalizo ".$signedInfoXML);
+ $canonical_signedinfo = $transformer->applyTransforms($signedInfoXML);
+- if (openssl_verify($canonical_signedinfo,$signatureValue,$check_key)) {
++ if (openssl_verify($canonical_signedinfo,$signatureValue,$check_key) === 1) {
+ list($reference) = $sxe->xpath("//ds:Signature/ds:SignedInfo/ds:Reference");
+ openssl_free_key($check_key);
+ return (string)$reference['URI'];
diff -Nru simplesamlphp-1.9.2/debian/patches/series simplesamlphp-1.9.2/debian/patches/series
--- simplesamlphp-1.9.2/debian/patches/series 2012-04-21 17:32:47.000000000 +0200
+++ simplesamlphp-1.9.2/debian/patches/series 2017-11-30 15:07:03.000000000 +0100
@@ -1 +1,6 @@
debian_config.patch
+CVE-2017-12874.patch
+CVE-2017-12873.patch
+CVE-2017-12872.patch
+CVE-2017-12869.patch
+CVE-2017-12867.patch
Reply to: