oss-sec mailing list archives
Re: Re: Possible CVE request: subversion MD5 collision authentication leak
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 4 Aug 2014 21:38:43 +0200
On Fri, 01 Aug 2014 07:47:53 -0700 Ben Reser wrote:
On 8/1/14 3:12 AM, Marcus Meissner wrote:The subversion list has fixed a md5 collision attack possibility. http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E http://svn.apache.org/r1550691 http://svn.apache.org/r1550772 The referenced E-Mail speaks about CVE request, so not sure who will assign one.Already got one (the request was directed at security () apache org who hand them out to us): CVE-2014-3528.
I believe the attack here is supposed to create a collision against MD5 sums used as names of files under ~/.subversion/auth/svn.simple/. However, as attacker does not control realm strings for any of the trusted repositories, that would require preimage attack. The lack of (publicly) known efficient preimage attacks against MD5 should imply such attack is still only theoretical. -- Tomas Hoger / Red Hat Product Security
Current thread:
- Possible CVE request: subversion MD5 collision authentication leak Marcus Meissner (Aug 01)
- Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 01)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Michael Samuel (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger (Aug 04)
- Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 01)
- <Possible follow-ups>
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 05)