神刀安全网

Timeline of libexpat random vulnerability

libexpat calls rand to obtain a secret hash salt. That’s not good. Actually, as far as vulnerabilities go, it’s pretty chickenshit, but perhaps there’s a lesson to be learned.

2012-03-24 – libexpat 2.1.0 released with a fix for an algorithmic hash table attack ( CVE-2012-0876 ). It uses rand() seeded by srand(time(NULL)) to obtain a hash table salt.

2012-04-01 – libexpat 2.1.0 imported to OpenBSD . The rand calls are replaced with arc4random as spotted by deraadt and nicm. April Fools!

2012-04-05 – A public report that using random may be too predictable.

2013 – Tick tock.

2014 – Tick tock.

2015-02-07 – Redhat bug filed . The complaint is not that rand is a poor choice for secret salts, but that calling srand interferes with the proper malfunctioning of other rand consumers.

2016-06-04 – libexpat is the proud recipient of two more CVE awards . By sheer miraculous luck, OpenBSD is not susceptible. Users of other operating systems need not be alarmed as libexpat has been patched to use getpid as a source of entropy as well.

 const unsigned long entropy = gather_time_entropy() ^ getpid() ^ (unsigned long)parser; 

Lesson to be learned? Sometimes bad things happen and there’s nothing we can do to prevent them. So it goes.

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Timeline of libexpat random vulnerability

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址