Multiple security issues

Debian Bug report logs - #595998
Multiple security issues

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Multiple security issues

Date: Tue, 07 Sep 2010 22:13:28 +0200

Package: encfs
Severity: grave
Tags: security

The following issues were reported to the oss-security mailing list:

----
Hello Steve, vendors,

  Micha Riser reported:
  [A] http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html

three security flaws in EncFS encrypted filesystem (more from [A]):

"A security analysis of EncFS has revealed multiple vulnerabilities:
(1) Only 32 bit of file IV used
(2) Watermarking attack
(3) Last block with single byte is insecure"

References:
  [B] http://www.arg0.net/encfs
  [C] http://bugs.gentoo.org/show_bug.cgi?id=335938
  [D] http://archives.neohapsis.com/archives/fulldisclosure/2010-08/att-0316/watermark-attack-encfs.tar.gz
  [E] https://bugzilla.redhat.com/show_bug.cgi?id=630460


Solutions / patches information:
================================

* for issue (1) -- seems it wasn't fixed / isn't possible to
  fix without breaking backward compatibility. More from [B]:

  "The old IV setup is kept for backwards compatibility."

* for issue (2) -- EncFS upstream has released a fix for the issue:
  [F] http://code.google.com/p/encfs/source/detail?r=59

Valient, could you please confirm, the above referenced [F] patch,
is the correct one to address the watermarking attack issue?

* for issue (3) -- not sure about patch status (included in [F] too?)

Steve, could you allocate CVE ids for these flaws?
----

Upstream replied:

----
Jan,

Yes, the patch referenced in [F],  specifically changes to SSL_Cipher.cpp, were made in response to issues (1) & (2).  These are+not backward compatible, and so only apply to new filesystems.

Issue (3) is not directly addressed.  A workaround is to enable per-block MAC headers, or per-block random bytes.  A patch going+into 1.7.2 allows per-block random bytes to be configured independently of MAC headers.  It would be possible to change the
+default settings such that per-block random bytes are always used.

Adding new encryption modes is not planned for encfs 1.x.

regards,
Valient

----

The following CVE assignments have been made:

----
Here goes:

CVE-2010-3073 encfs Only 32 bit of file IV used
CVE-2010-3074 encfs Watermarking attack
CVE-2010-3075 encfs Last block with single byte is insecure"

Thanks

-----

Cheers,
         Moritz









-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages encfs depends on:
pn  fuse-utils                    <none>     (no description available)
pn  libboost-serialization1.34.1  <none>     (no description available)
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
pn  libfuse2                      <none>     (no description available)
ii  libgcc1                       1:4.4.4-9  GCC support library
pn  librlog1c2a                   <none>     (no description available)
ii  libssl0.9.8                   0.9.8o-1   SSL shared libraries
ii  libstdc++6                    4.4.4-9    The GNU Standard C++ Library v3

encfs recommends no packages.

encfs suggests no packages.

Message #10 received at 595998@bugs.debian.org (full text, mbox, reply):

From: Ariel <asdebian@dsgml.com>

To: 595998@bugs.debian.org

Subject: Uploaded in experimental

Date: Wed, 15 Sep 2010 14:00:15 -0400 (EDT)

This bug was actually fixed already in encfs uploaded to experimental on 
Sep 1.

Normally I would suggest uploading it in unstable and asking for an 
unblock.

But I think a program like encfs needs more testing. In particular 1.7.2 
was released on Sep 5 (and is not yet in experimental).

So I think this bug should be ignored for squeeze, unless debian is not 
released for a few more months.

	-Ariel

Message #15 received at 595998-close@bugs.debian.org (full text, mbox, reply):

From: Eduard Bloch <blade@debian.org>

To: 595998-close@bugs.debian.org

Subject: Bug#595998: fixed in encfs 1.7.2-1

Date: Thu, 16 Sep 2010 13:47:07 +0000

Source: encfs
Source-Version: 1.7.2-1

We believe that the bug you reported is fixed in the latest version of
encfs, which is due to be installed in the Debian FTP archive:

encfs_1.7.2-1.debian.tar.gz
  to main/e/encfs/encfs_1.7.2-1.debian.tar.gz
encfs_1.7.2-1.dsc
  to main/e/encfs/encfs_1.7.2-1.dsc
encfs_1.7.2-1_amd64.deb
  to main/e/encfs/encfs_1.7.2-1_amd64.deb
encfs_1.7.2.orig.tar.gz
  to main/e/encfs/encfs_1.7.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 595998@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eduard Bloch <blade@debian.org> (supplier of updated encfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 16 Sep 2010 15:43:04 +0200
Source: encfs
Binary: encfs
Architecture: source amd64
Version: 1.7.2-1
Distribution: unstable
Urgency: high
Maintainer: Eduard Bloch <blade@debian.org>
Changed-By: Eduard Bloch <blade@debian.org>
Description: 
 encfs      - encrypted virtual filesystem
Closes: 595998
Changes: 
 encfs (1.7.2-1) unstable; urgency=high
 .
   * New upstream release dealing with security issues (closes: #595998)
Checksums-Sha1: 
 9aaac9968fc323f7652ac5439da7ab2cfe21dd64 1157 encfs_1.7.2-1.dsc
 739514a89b7ad8398ff6320042995947f7fb37f8 930420 encfs_1.7.2.orig.tar.gz
 2243f2c695fa49fee6b4ab64b6d5ebad1a889983 18295 encfs_1.7.2-1.debian.tar.gz
 44691616b0e253c2217a05066a337d957d331861 416894 encfs_1.7.2-1_amd64.deb
Checksums-Sha256: 
 e4782c4c8fae81886017c326f3968676a0f37581b0308aa3339f4de4bd000445 1157 encfs_1.7.2-1.dsc
 8c0c18011438c1816be5e3cf3e573e38773dc09bf7f8e0ecee3426eadb3e8284 930420 encfs_1.7.2.orig.tar.gz
 b5557a1a5d2c8baa2af5f77f553ff007b0db5f2765aafe1978951c49729077b7 18295 encfs_1.7.2-1.debian.tar.gz
 42df2bb591971796819b9ad115c2b07d59506cd94316eee481d857cb787494ee 416894 encfs_1.7.2-1_amd64.deb
Files: 
 913140c86a01e427d2f0c80cac683252 1157 utils optional encfs_1.7.2-1.dsc
 3a3fef640c7c9f020104304392cd1836 930420 utils optional encfs_1.7.2.orig.tar.gz
 69d38e4b369b622803bfa32b838c972f 18295 utils optional encfs_1.7.2-1.debian.tar.gz
 9831d25d4b3b84040ace74713d74f923 416894 utils optional encfs_1.7.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFMkh8n4QZIHu3wCMURAseWAJ4m9slWPwtMeu2pqcYtTfoSTxz0uwCeJKXq
7CYjjjXnYLe9kPoQPN/iOXA=
=KIaa
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.