Bug 1125799 (CVE-2014-3528) - CVE-2014-3528 subversion: credentials leak via MD5 collision
Summary: CVE-2014-3528 subversion: credentials leak via MD5 collision
Alias: CVE-2014-3528
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1125800 1180622 1180623 1180624 1180625
Blocks: 1125801 1174061
TreeView+ depends on / blocked
Reported: 2014-08-01 05:09 UTC by Murray McAllister
Modified: 2021-02-17 06:20 UTC (History)
5 users (show)

Fixed In Version: subversion 1.7.18, subversion 1.8.10
Doc Type: Bug Fix
Doc Text:
It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm.
Clone Of:
Last Closed: 2015-02-11 05:07:43 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0165 0 normal SHIPPED_LIVE Moderate: subversion security update 2015-02-11 02:22:56 UTC
Red Hat Product Errata RHSA-2015:0166 0 normal SHIPPED_LIVE Moderate: subversion security update 2015-02-11 04:11:18 UTC

Description Murray McAllister 2014-08-01 05:09:08 UTC
A possible MD5 collision issue was found in the way Subversion handled cached credentials. If an attacker could trick a victim into connecting to their Subversion server, they could send a specially-crafted realm string to the victim that could trigger an MD5 collision. This could lead to the Subversion client sending another realm's credentials to the attacker's server.

Upstream patches:




Comment 2 Murray McAllister 2014-08-01 05:10:16 UTC
Created subversion tracking bugs for this issue:

Affects: fedora-all [bug 1125800]

Comment 6 Vincent Danen 2014-08-01 16:03:49 UTC
This was assigned CVE-2014-3528:


Comment 10 Tomas Hoger 2014-08-04 19:32:41 UTC
When connecting to a subversion repository that requires password authentication, subversion client can save provided authentication credentials in a local file after prompting user.  Passwords are saved in a file as:

  ~/.subversion/auth/svn.simple/<md5 hash>

The md5 hash is MD5 checksum of a realm string that consists of remote server's scheme, hostname, and port, and an HTTP base authentication realm.

For example, realm string for the upstream Subversion repository is "<https://svn.apache.org:443> ASF Committers" with an MD5 checksum of d3c8a345b14f6a1b42251aef8027ab57.

For an attack, a developer known to have authentication credentials cached for a specific repository must be convinced to use svn to access different repository, which uses URL and realm that hash to the same string as the URL and realm of the trusted repository.  That would cause svn to send saved credentials for the different repository to the attacker server, as svn only picked credentials based on MD5 checksum and did not check full URL and realm.

As attacker does not control URL and realm of the trusted repository, they can not use known efficient ways to construct collisions.  This rather requires a preimage attack.  As there is currently no known efficient preimage attack against MD5, impact of this flaw is very limited.

There are authentication provider in svn that call the affected svn_config_read_auth_data() function.  MD5 collision seems to have no or very limited security impact for those, as they are used to store server's SSL certificate, store client's SSL certificate, store pass phrase for client certificate, or provide repository user name.

Comment 11 Tomas Hoger 2014-08-04 19:42:48 UTC
This issue affects subversion versions shipped with Red Hat Enterprise Linux 5, 6, and 7.  Given the limited impact, and the life cycle phase Red Hat Enterprise Linux 5 is in at the moment, this issue is not currently planned to be fixed there.  Future updates may correct this issue in newer Red Hat Enterprise Linux versions.

Comment 12 Vincent Danen 2014-08-11 18:22:11 UTC
External References:


Comment 13 Fedora Update System 2014-08-28 15:29:54 UTC
subversion-1.7.18-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 errata-xmlrpc 2015-02-10 21:23:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:0165 https://rhn.redhat.com/errata/RHSA-2015-0165.html

Comment 19 errata-xmlrpc 2015-02-10 23:11:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:0166 https://rhn.redhat.com/errata/RHSA-2015-0166.html

Comment 20 Vincent Danen 2015-02-11 05:07:43 UTC

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Note You need to log in before you can comment on or make changes to this bug.