CVE-2016-1231, CVE-2016-1232: Prosody XMPP server multiple vulnerabilities

[Matthew Wild <mwild1 () gmail com>]

Two vulnerabilities have been discovered and fixed in the Prosody XMPP
server. Details below.

CVE-2016-1231 prosody: path traversal vulnerability in the built-in
HTTP server's file-serving module
-------------

Project: Prosody XMPP server
URL: https://prosody.im/
Affected versions:
    0.9.x (before 0.9.9), 0.10 (unreleased)
Affected Prosody modules:
    mod_http_files (and community modules that depend on it)
Fixed versions:
    0.9.9, 0.10 nightly build 196, trunk nightly build 608

Description
-----------

A flaw was found in Prosody's HTTP file-serving module (mod_http_files)
that allows it to serve requests outside of the configured public root
directory. This could allow attackers access to private files including
sensitive data.

Affected configurations
-----------------------

The default configuration has mod_http_files disabled, and is not
vulnerable. Additionally, configurations where mod_http_files serves
files at the root URL (e.g. not /files/ prefix, using http_paths) are
not vulnerable.

Temporary mitigation
--------------------

Disable mod_http_files and any community modules that depend on it.

Advice
------

All users should upgrade to 0.9.9, or check their OS distribution for
security updates. Users of development branches (0.10, trunk) should
upgrade to the latest nightly builds.

Credits
-------

The flaw was discovered by Kim Alvefur, a member of the Prosody team.

//////////////////////////

CVE-2016-1232 prosody: using a weak PRNG to generate the
authentication secret used when verifying server-to-server connections
using the dialback method.
-------------

Project: Prosody XMPP server
URL: https://prosody.im/
Affected versions:
    All
Affected Prosody modules:
    mod_dialback
Fixed versions:
    0.9.9, 0.10 nightly build 196, trunk nightly build 608

Description
-----------

It was discovered that Prosody's generation of the secret token for
server-to-server dialback authentication relied upon a weak random
number generator that was not cryptographically secure. This allows an
attacker to guess at probable values of the secret key. A successful
guess allows impersonation of the affected domain to other servers on
the network.

Affected configurations
-----------------------

Configurations with mod_dialback loaded (default configuration) are
affected.

Servers with s2s_secure_auth = true will not be susceptible to incoming
attempts to spoof other domains on the network. However if mod_dialback
is loaded, a server's domain's may still be spoofed by an attacker in
connections to other servers.

Not affected are configurations with a strong custom dialback_secret set
(though periodically regenerating the dialback_secret is still
advisable).

Temporary mitigation
--------------------

Set the 'dialback_secret' option in your configuration file to a long
random string.

A strong dialback_secret can be generated (for example) using the
command:

head -c 32 /dev/urandom | base64

Alternatively disable mod_dialback by adding it to your modules_disabled
option in your configuration file. In this case communication with
servers that only support dialback or have untrusted certificates will
not be possible.

Advice
------

All users should upgrade to 0.9.9, or check their OS distribution for
security updates. Users of development branches (0.10, trunk) should
upgrade to the latest nightly builds.

Credits
-------

The flaw was discovered and reported by Thijs Alkemade.