Re: CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/06/2013 10:33 AM, Vincent Danen wrote:
> Could a CVE be assigned to this issue?  Copying and pasting from
> the upstream announcement:
>
>
> Exploit summary OpenVPN 2.3.0 and earlier running in UDP mode are
> subject to chosen ciphertext injection due to a non-constant-time
> HMAC comparison function. Plaintext recovery may be possible using
> a padding oracle attack on the CBC mode cipher implementation of
> the crypto library, optimistically at a rate of about one character
> per 3 hours. PolarSSL seems vulnerable to such an attack; the
> vulnerability of OpenSSL has not been verified or tested.
>
> Severity OpenVPN servers are typically configured to silently drop
> packets with the wrong HMAC. For this reason measuring the
> processing time of the packets is not trivial without a MITM
> position. In practice, the attack likely needs some target-specific
> information to be effective.
>
> The severity of this vulnerability can be considered low. Only if 
> OpenVPN is configured to use a null-cipher, arbitrary plain-text
> can be injected which can completely open up this attack vector.
>
> Affected versions OpenVPN 2.3.0 and earlier are vulnerable. A fix
> (commit f375aa67cc) is included in OpenVPN 2.3.1 and later.
>
>
> References:
>
> https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee
> https://bugs.gentoo.org/show_bug.cgi?id=468756 
> https://bugzilla.redhat.com/show_bug.cgi?id=960192

Please use CVE-2013-2061 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRiCpzAAoJEBYNRVNeJnmTIDsQAJ5sDruwZcqFRIB6LoV2i6Dk
mOzs0HPV+S+zi7cBfv9mG+++nvn7GxXjl2h4sICo8l4hbMYDcBO242sg1x8e8IWV
SetEQe9o4x3cz3qJGU8s0GsmT9uTwrjigdJNb56OEKKQPdXb+hsBKpzZ5aF5hfBr
U1WviV3/HxZSfnDeJ1NHYHK3FqsA/s/fVHdt9B8r1zBi0/fQx4DyHbFg66bzCW8t
bZiPGvveSc6BwuIvLYHdtQfzXud6uW63Gs/gSsnk2ew0ahwtC4JlnntLXeGcTipz
MXA3s6T8sU3nK1YuQGuYaz8hrflimxek7YzIHNDaRb0k95f3Kma7Xb1QKdHSMjDU
ePVzsev1EXoGZogs/1C/RO5NSKu7aL69fmOg+M0BC/+fqvMSiFfJXB0FP0X2+VZ4
NwVJXyrhIMXozeWfZX0E/UhmwbeFIaMkcfc6MIgfkxS2jStUEJnqB9VpBEg2O/gC
A8FCskScJyUtGvNFv0neZR867LqQ6Rzb3HKbS1rAmV4OwNf0kEl6V7wjdkms2Wus
3mUFEVYUFBqBmdBdE2dtWesfHPbryloLNeLakgx4v+Z95T+sHUfVTp3IjU9s2DT0
e+4Lwu21yjr4j7q6/bIkOGPWKKcXVP3LWA1Mh2JOO+NiCFzepC44U9IKmetxoIhb
RladVrn7o/99KBmo+eUJ
=8YFZ
-----END PGP SIGNATURE-----