Bug 219187
Summary: | A truncated md5 password in /etc/shadow is still valid. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Chuck Berg <cberg> | ||||
Component: | pam | Assignee: | Tomas Mraz <tmraz> | ||||
Status: | CLOSED ERRATA | QA Contact: | Jay Turner <jturner> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4.4 | CC: | carl, nalin, security-response-team, srevivo | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | RHBA-2007-0300 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-05-01 17:24:59 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Chuck Berg
2006-12-11 19:51:50 UTC
Truncating the MD5 passwords in /etc/shadow could happen only by accident (broken script run by admin or so). So I don't think it is too serious problem. This bug should not be called a security flaw. While it appears it could have a security context, this really shouldn't. No known good tools will cause this condition to happen, which means that an admin must run a third party tool over the shadow file, and apparently one that produces untrusted data. If an admin has a process producing untrustworthy output that will be copied into the shadow file, there are other serious problems, not just this. md5 is known to be flawed in many ways, this is simply one of them. Created attachment 143326 [details]
Proposed patch
This is a proposed patch to fix the problem.
Bug 207387 gives a good example why a person might need to develop their own tools to edit /etc/passwd and /etc/shadow, or edit manually. As an actual security issue, an attacker who already has root can modify a user's password so that the original password still works, but also some additional ones. If a lot of effort has been taken to lock a system down, an attacker might find this to be the most viable method of preserving remote access. Since pwck doesn't complain, it could easily be missed even though the admin thinks he is checking for this kind of thing. "This bug should not be called a security flaw." su and sshd don't care too much about truncated passwords, and accept a password potentially very different from the intended password. That isn't a security problem? So while the source of the problem is exceedingly rare and controlled, the resulting hole is undetectable (pwck ***never*** complains) and wide enough to make a system insecure. (Unless having multiple passwords for root isn't a security problem.) If you're using md5 passwords, root has multiple passwords. It's the nature of md5 passwords. They're known to be weak against collision attacks. If you're worried about anything being able to accept a password which is different than the intended one, don't use MD5 password hashes. I can be convinced that this should be considered a security flaw, but these current arguments are stretches. This bug simply highlights the inherent weakness of MD5 and why it should not be used. If MD5 has inherent weaknesses that mean it should be never used, will we be offered a more secure password hash? Not that the choice of hash is in any way relevant to this bug. (except that the comments surrounding it indicate that it was introduced due to the requirement to support multiple hashes). The inherent weaknesses of MD5 are not critical in case of password hashes. The problem with this bug is that truncating the MD5 password enlarges the weakness by many orders of magnitude. However that doesn't change anything on the evaluation of this problem - it is not a security flaw because it doesn't give any advantage to an attacker on a system which is not broken by admin action first. Also an attacker who already has a root can do just anything on your system so this is not a situation we can guard against. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. QE ack for RHEL4.5. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0300.html |