Bug 1039915 (CVE-2013-7040)
Summary: | CVE-2013-7040 python: hash secret can be recovered remotely | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Ratul Gupta <ratulg> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bgollahe, bkabrda, derks, dmalcolm, drieden, ivazqueznet, jeffrey.ness, jkurik, jonathansteffan, katzj, mmaslano, mstuchli, nobody+bgollahe, pfrields, python-maint, tdawson, tkramer, tomspur, tradej |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-12-18 07:03:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1039917, 1039918, 1039919 | ||
Bug Blocks: | 1039920 |
Description
Ratul Gupta
2013-12-10 10:13:13 UTC
Created python tracking bugs for this issue: Affects: fedora-all [bug 1039917] Created python26 tracking bugs for this issue: Affects: epel-5 [bug 1039919] Created python3 tracking bugs for this issue: Affects: fedora-all [bug 1039918] This issue is an offshoot of CVE-2012-1150. This flaw which essentially causes hash collisions and hence denial of service, was fixed by introducing a random salt value which could be read from /dev/urandom or provided by user on invocation of the python interpreter using an environment variable. However it was found that whether the keys (in the hash table) collided or not would only depend on the last 8 bits of the random value. This issue could be exploited by generating multiple datasets, which could test all the possible 256 combinations of the random hash. Then the attacker could evaluate the time taken by each request to be processed and based on the one which takes maximum time, he could obtain the last 8 bits of the secret seed value used for randomization. This maximum impact of this flaw is denial of service, depending on how the python application is written to handle remote requests. Python upstream examined various non-cryptographic hash algorithms and their implementations, but it seemed that most of them were vulnerable to some form of hash collisions and therefore would not serve their purpose in the long term. In the end it was found that SipHash was most suitable for this purpose. SipHash is a cryptographic pseudo random function with a 128-bit seed and 64-bit output. It is designed to be a fast and secure keyed hash algorithm. Upstream has proposed a Python Enhancement Proposal document PEP 456 with the required details: http://www.python.org/dev/peps/pep-0456/ Upstream does not intend to back port this patch to python-2.x, and is currently only applied to python-3.4. The patch is intrusive. Python applications should validate the length/size of the data before storing the data in hash tables or dictionaries this should stop most of the hash-collision related denial of service attacks. Statement: This issue affects the version of python as shipped with Red Hat Enterprise Linux 5 and 6. There are currently no plans to fix this issue. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1039915#c4 |