Issue #1858
closed
CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed
Description
In working on another security issue in this same script, I noticed that
Pulp's pulp-qpid-ssl-cfg script uses bash's $RANDOM in unsafe ways. One
of them is already being fixed as part of another CVE (the TMP directory
is unsafe, CVE-2016-3696), but the other two uses are:
0) The default NSS DB password is a single value from $RANDOM,
limiting it to the strings from 0 to 32768:
https://github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfg#L25
1) The certutil -z flag receives a "noise file". The script uses $RANDOM to
populate a file with numbers to generate this file:
https://github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfg#L97-L105
Since $RANDOM is used in this way, the seed file ends up having low
diversity since only 11 possible bytes appear in the file: ASCII 0-9 and
newline. Additionally, bash's RANDOM has not been described as a
sound random generator for such purposes.
pwgen can be used to fix #0, but I'm not sure we want to depend
on pwgen. One possibility is to avoid having a default password and force
the user to provide one. Suggestions for this problem welcome.
For #1 we should just grab 8 kB from /dev/urandom and call it a day.
Updated by rbarlow over 8 years ago
- Subject changed from CVE-2016-XXXX: Unsafe use of bash $RANDOM for NSS DB password and seed to CVE-2016-3700: Unsafe use of bash $RANDOM for NSS DB password and seed
Updated by rbarlow over 8 years ago
- Subject changed from CVE-2016-3700: Unsafe use of bash $RANDOM for NSS DB password and seed to CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed
Updated by rbarlow over 8 years ago
- Status changed from ASSIGNED to POST
Added by rbarlow over 8 years ago
Added by rbarlow over 8 years ago
Revision 1b9b635d | View on GitHub
CVE-2016-3704: Use stronger seed and DB password. (#2555)
Pulp's pulp-qpid-ssl-cfg script used bash's $RANDOM in unsafe ways:
-
The default NSS DB password was a single value from $RANDOM, limiting it to the strings from 0 to 32768.
-
The certutil -z flag receives a "noise file". The script used $RANDOM to populate a file with numbers to generate this file. Since $RANDOM was used in this way, the seed file had low diversity since only 11 possible bytes appeared in the file (ASCII 0-9 and newline).
This commit alters the script to use /dev/urandom as the source for generating the DB password and the seed.
https://pulp.plan.io/issues/1858
fixes #1858
Updated by rbarlow over 8 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulp|1b9b635d370b3103376f6fb7864e76181a6f0f20.
Added by Randy Barlow over 8 years ago
Added by Randy Barlow over 8 years ago
Updated by semyers over 8 years ago
- Platform Release changed from 2.8.4 to 2.8.5
Updated by semyers over 8 years ago
- Status changed from 5 to CLOSED - CURRENTRELEASE
.
CVE-2016-3704: Use stronger seed and DB password. (#2555)
Pulp's pulp-qpid-ssl-cfg script used bash's $RANDOM in unsafe ways:
The default NSS DB password was a single value from $RANDOM, limiting it to the strings from 0 to 32768.
The certutil -z flag receives a "noise file". The script used $RANDOM to populate a file with numbers to generate this file. Since $RANDOM was used in this way, the seed file had low diversity since only 11 possible bytes appeared in the file (ASCII 0-9 and newline).
This commit alters the script to use /dev/urandom as the source for generating the DB password and the seed.
https://pulp.plan.io/issues/1858
fixes #1858