headers
NetBSD Security Officer | 6 Jun 2012 23:40
Picon

NetBSD Security Advisory 2012-001: OpenSSL buffer overflow in DER read function


		NetBSD Security Advisory 2012-001
		=================================

Topic:		OpenSSL buffer overflow in DER read function

Version:	NetBSD-current:		source prior to Apr 20th, 2012
		NetBSD 6.0 Beta:	affected
		NetBSD 5.0.*:		affected
		NetBSD 5.0:		affected
		NetBSD 5.1:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected

Severity:	remote DoS, information disclosure

Fixed:		NetBSD-current:		Apr 19th, 2012
		NetBSD 6.0 Beta:	Apr 23rd, 2012
		NetBSD-5-0 branch:	Apr 21st, 2012
		NetBSD-5-1 branch:	Apr 21st, 2012
		NetBSD-5 branch:	Apr 21st, 2012
		NetBSD-4-0 branch:	May 11th, 2012
		NetBSD-4 branch:	May 11th, 2012

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 6 Jun 2012 23:41
Picon

NetBSD Security Advisory 2012-002: OpenSSL Invalid TLS/DTLS record attack


		NetBSD Security Advisory 2012-002
		=================================

Topic:		OpenSSL Invalid TLS/DTLS record attack

Version:	NetBSD-current:		source prior to May 12th, 2012
		NetBSD 6.0 Beta:	affected
		NetBSD 5.0.*:		affected
		NetBSD 5.0:		affected
		NetBSD 5.1:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected

Severity:	remote DoS

Fixed:		NetBSD-current:		May 11th, 2012
		NetBSD 6.0 Beta:	May 22nd, 2012
		NetBSD-5-0 branch:	May 22nd, 2012
		NetBSD-5-1 branch:	May 22nd, 2012
		NetBSD-5 branch:	May 22nd, 2012
		NetBSD-4-0 branch:	May 22nd, 2012
		NetBSD-4 branch:	May 22nd, 2012

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========
(Continue reading)

Permalink | Reply | 0 comments |
headers
iMil | 10 Jun 2012 12:54

IPSEC not routing back packets on NetBSD 6.0_BETA2


Hi,

I used to have a working IPSEC tunnel using base's racoon between my home
gateway and another server. This setup was working on NetBSD 5.1_STABLE,
and since I've migrated my gateway to NetBSD 6.0 this morning, it seems
there's some kind of routing problem.

The tunnel seems to be ok as the log shows,

On my gateway:

Jun 10 12:34:43 exar racoon: INFO: begin Identity Protection mode.
Jun 10 12:34:43 exar racoon: INFO: received Vendor ID: DPD
Jun 10 12:34:43 exar racoon: INFO: ISAKMP-SA established 
1.1.1.1[500]-2.2.2.2[500] 
spi:4589f12564960cc8:bf2c30c693c93570
Jun 10 12:34:44 exar racoon: INFO: initiate new phase 2 negotiation: 
1.1.1.1[500]<=>2.2.2.2[500]
Jun 10 12:34:44 exar racoon: INFO: IPsec-SA established: ESP/Tunnel 
1.1.1.1[500]->2.2.2.2[500] spi=226782882(0xd846ea2)
Jun 10 12:34:44 exar racoon: INFO: IPsec-SA established: ESP/Tunnel 
1.1.1.1[500]->2.2.2.2[500] spi=67783732(0x40a4c34)

On the remote server:

Jun 10 12:38:43 nadd racoon: INFO: respond new phase 1 negotiation: 
2.2.2.2[500]<=>1.1.1.1[500]
Jun 10 12:38:43 nadd racoon: INFO: begin Identity Protection mode.
Jun 10 12:38:43 nadd racoon: INFO: received Vendor ID: DPD
(Continue reading)

Permalink | Reply | 4 comments |
headers
Michael van Elst | 10 Jun 2012 15:21
Picon

Re: IPSEC not routing back packets on NetBSD 6.0_BETA2

imil <at> home.imil.net (iMil) writes:

>I used to have a working IPSEC tunnel using base's racoon between my home
>gateway and another server.

>     authentication_algorithm hmac_sha256,hmac_sha1;

hmac_sha256 became incompatible.

-- 
--

-- 
                                Michael van Elst
Internet: mlelstv <at> serpens.de
                                "A potential Snark may lurk in every tree."
Permalink | Reply | 3 comments |
headers
iMil | 10 Jun 2012 15:30

Re: IPSEC not routing back packets on NetBSD 6.0_BETA2


>>     authentication_algorithm hmac_sha256,hmac_sha1;
>
> hmac_sha256 became incompatible.

Fixed, and now works as expected. Thanks for the tip.

-------------------------------------------
Emile "iMil" Heitor .°. <imil <at> home.imil.net>                               _
                         http://gcu-squad.org        ASCII ribbon campaign ( )
                                                      - against HTML email  X
                                                                  & vCards / \
Permalink | Reply | 2 comments |
headers
iMil | 10 Jun 2012 16:11

Re: IPSEC not routing back packets on NetBSD 6.0_BETA2


>> hmac_sha256 became incompatible.
>
> Fixed, and now works as expected. Thanks for the tip.

FWIW, NetBSD 6.0 racoon.conf manpage still says:

              authentication_algorithm algorithms;
                      des, 3des, des_iv64, des_iv32, hmac_md5, hmac_sha1,
                      hmac_sha256, hmac_sha384, hmac_sha512, non_auth (used
                      with ESP authentication and AH)

Where did you get that information? is it a well known fact?

-------------------------------------------
Emile "iMil" Heitor .°. <imil <at> home.imil.net>                               _
                         http://gcu-squad.org        ASCII ribbon campaign ( )
                                                      - against HTML email  X
                                                                  & vCards / \
Permalink | Reply | 1 comment |
headers
Michael van Elst | 10 Jun 2012 19:26
Picon

Re: IPSEC not routing back packets on NetBSD 6.0_BETA2

imil <at> home.imil.net (iMil) writes:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1

>>> hmac_sha256 became incompatible.
>>
>> Fixed, and now works as expected. Thanks for the tip.

>FWIW, NetBSD 6.0 racoon.conf manpage still says:

>              authentication_algorithm algorithms;
>                      des, 3des, des_iv64, des_iv32, hmac_md5, hmac_sha1,
>                      hmac_sha256, hmac_sha384, hmac_sha512, non_auth (used
>                      with ESP authentication and AH)

>Where did you get that information? is it a well known fact?

I got hit by it too.

The change is a bit older:

http://mail-index.netbsd.org/source-changes/2011/02/25/msg019329.html

but you only saw it if you built a kernel with FAST_IPSEC. Since netbsd-6
went to use FAST_IPSEC instead of the old KAME code, it is now also
standards compliant but will not interoperate with netbsd-5 or older
if you use hmac_sha256.

--

--
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 14 Jun 2012 11:52
Picon

NetBSD Security Advisory 2012-003: Intel processors sysret to non-canonical address behaviour


		NetBSD Security Advisory 2012-003
		=================================

Topic:		Intel processors sysret to non-canonical address behaviour

Version:	NetBSD-current:		source prior to June 11, 2012
		NetBSD 6.0 Beta:	affected
		NetBSD 5.1.*:		affected
		NetBSD 5.1:		affected
		NetBSD 5.0.*:		affected
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected

Severity:	local DoS, possibly local user privilege escalation

Fixed:		NetBSD-current:		June 12th, 2012
		NetBSD-6 branch:	June 12th, 2012
		NetBSD-5 branch:	June 12th, 2012
		NetBSD-5-1 branch:	June 12th, 2012
		NetBSD-5-0 branch:	June 12th, 2012
		NetBSD-4 branch:	June 12th, 2012
		NetBSD-4-0 branch:	June 12th, 2012

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jean-Yves Migeon | 25 Jun 2012 20:24
Picon
Favicon

crypto_memset (was: Re: Zero it if you're going to copy it out.)

On 25.06.2012 15:20, Thor Lancelot Simon wrote:
> On Mon, Jun 25, 2012 at 02:16:33PM +0100, Roger Pau Monne wrote:
>>
>> Yes, it doesn't hurt to zero memory if returning it to the user. Who
>> knows what might be there previously.
> 
> I'm sorry, I can't let this go.
> 
> This is not a case of "it doesn't hurt" -- it's a case of "it's absolutely
> necessary".  It is completely unacceptable to leak the contents of kernel
> memory to the user!

BTW, did we get the {crypto,safe,secure}:
_memset: not optimized by compiler away,
_memcmp: constant-time memcmp for a given size

? I can't find anything in the commit logs.

I am sure these will find their place in the kernel, and also in some
places in userland (except for cache manipulation, maybe).

--

-- 
Jean-Yves Migeon
jeanyves.migeon <at> free.fr
Permalink | Reply | 11 comments |
headers
Matthias Drochner | 26 Jun 2012 20:51
Picon
Picon
Favicon

Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)


> BTW, did we get the {crypto,safe,secure}:
> _memset: not optimized by compiler away,
> _memcmp: constant-time memcmp for a given size

I have an implementation of explicit_bzero in my tree.
The name is from OpenBSD. It certainly makes sense to
use a bzero-like API because there is no need to carry
the '0' fill pattern around.
Didn't commit because someone suggested to use memset_s
(from C1x Annex K).

> I am sure these will find their place in the kernel,
> and also in some places in userland

While my implementation lives in src/common, I've only
used it from userland so far because I've found that
the compiler didn't optimize out memset calls in the
kernel even where it could, probably due to optimization
switches. It should certainly be used in the kernel
as well, to avoid surprises in future.
Is anyone working on C1x Annex K support?

best regards
Matthias

------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
(Continue reading)

Permalink | Reply | 10 comments |

Gmane