lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DA9463C8-FE2D-4CD3-9BE5-671D516EFA63@doxpara.com>
Date: Sat, 1 May 2010 21:02:50 -0400
From: Dan Kaminsky <dan@...para.com>
To: "nick@...us-l.demon.co.uk" <nick@...us-l.demon.co.uk>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: newest category of security bugs considered
	elite ?





On May 1, 2010, at 8:30 PM, Nick FitzGerald <nick@...us-l.demon.co.uk>  
wrote:

> Dan Kaminsky wrote:
>
>> I really like the hash length declaration bugs, where the client can
>> tell the server how many bytes of a hash need to be validated.  (Yep,
>> you just say "one byte is plenty")
>>
>> SNMPv3 and XML-DSIG both fell to this, catastrophically.
>
> I thought Georgi asked for the newest class of elite vulns?
>
> Does (at least) ten years old count as new?
>
Ooh, SMB's old Hollywood OS bug -- one character at a time attacks.  
Indeed, this is very old.  It's actually an annoying pattern, that  
things we think are attack multipliers ('you have to simultaneously  
attack MD5 and SHA1') turn out to just be adders (you can attack one  
at a time).

This bug class is different, and as far as I know unseen from the 80's  
and 90's. In this one, you tell the remote system, 'sure, I can match  
your stored hash -- but it's only one byte long.'. So you try an  
average of 128 passwords, and off you go.

It's basically a problem where the client is trusted to provide  
excessive metadata about server state. If you've got other examples in  
this family, it'd be cool to hear them.

(The TLS reneg bug was super cool but client/server confusion of  
identical protocol messages has precedent, I'm sure.)



>   http://www.microsoft.com/technet/security/bulletin/ms00-072.mspx
>
> And against Win9x count as elite?   8-)
>
> FWIW, MS00-072 was fairly widely exploited in the wild by at least the
> Opaserv (aka Opasoft) family of worms, though not until a couple (?)  
> of
> years after the bulletin's release.
>
>
>
> Regards,
>
> Nick FitzGerald
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ