The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of crypt_blowfish: hash collision

Synthesis of the vulnerability

When the user has a password containing 8 bit characters, the Blowfish hashing algorithm of crypt() generates an invalid hash, which is potentially faster to find with a brute force.
Severity of this threat: 2/4.
Creation date: 19/08/2011.
Références of this weakness: CVE-2011-2483, DSA-2340-1, MDVSA-2011:161, MDVSA-2011:178, MDVSA-2011:179, MDVSA-2011:180, openSUSE-SU-2011:0921-1, openSUSE-SU-2011:0921-2, openSUSE-SU-2011:0970-1, openSUSE-SU-2011:0972-1, openSUSE-SU-2012:0480-1, openSUSE-SU-2013:1670-1, openSUSE-SU-2013:1676-1, RHSA-2011:1377-01, RHSA-2011:1378-01, SUSE-SA:2011:035, SUSE-SU-2011:0922-1, SUSE-SU-2011:0923-1, SUSE-SU-2011:0927-1, SUSE-SU-2011:0971-1, SUSE-SU-2011:0974-1, SUSE-SU-2011:0991-1, SUSE-SU-2011:1081-1, SUSE-SU-2011:1081-2, VIGILANCE-VUL-10934.

Description of the vulnerability

The crypt() function hashes the password of a user. When a user is added, the hash is stored in the /etc/shadow file. When the user authenticates, the hash is compared to the hash from /etc/shadow.

The crypt() function supports several hash algorithms:
 - DES
 - MD5 (prefix $1$)
 - Blowfish (prefix $2a$), which is implemented in the crypt_blowfish library

However, crypt_blowfish uses signed C characters (-128 to 127), instead of unsigned characters (0 to 255). The generated hash is thus invalid if the password contains 8 bit characters.

This error has no impact of user authentication, because the invalid hash was stored in the /etc/shadow file, and the invalid hash of the entered password is the same.

However, the generated hash is subject to collisions: several passwords can have the same hash. A brute force attack thus requires to test less passwords before finding user's password.

When the user has a password containing 8 bit characters, the Blowfish hashing algorithm of crypt() therefore generates an invalid hash, which is potentially faster to find with a brute force.
Full Vigil@nce bulletin... (Free trial)

This cybersecurity threat impacts software or systems such as Debian, Mandriva Linux, NLD, OES, openSUSE, PostgreSQL, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer threat note is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this security threat.

Solutions for this threat

crypt_blowfish: version 1.2.
The version 1.2 is corrected:
  http://www.openwall.com/crypt/
Users' password have to be reset.

PostgreSQL: version 9.1.1.
The version 9.1.1 is corrected:
  http://www.postgresql.org/download

PostgreSQL: version 9.0.5.
The version 9.0.5 is corrected:
  http://www.postgresql.org/download

PostgreSQL: version 8.4.9.
The version 8.4.9 is corrected:
  http://www.postgresql.org/download

PostgreSQL: version 8.3.16.
The version 8.3.16 is corrected:
  http://www.postgresql.org/download

PostgreSQL: version 8.2.22.
The version 8.2.22 is corrected:
  http://www.postgresql.org/download

Debian: new postgresql packages.
New packages are available:
  postgresql-8.3 8.3.16-0lenny1
  postgresql-8.4 8.4.9-0squeeze1

Mandriva 2010.1, MES 5: new glibc packages.
New packages are available:
  Mandriva Linux 2010.1: glibc-2.11.1-8.3mnb2
  Mandriva Enterprise Server 5: glibc-2.8-1.20080520.5.8mnb2

Mandriva Linux 2011: new glibc packages.
New packages are available:
  glibc-2.13-6.1-mdv2011.0

Mandriva: new php-suhosin packages.
New packages are available:
  php-suhosin-0.9.32.1-0.6mdv2010.2
  php-suhosin-0.9.32.1-9.1-mdv2011.0
  php-suhosin-0.9.32.1-0.6mdvmes5.2

Mandriva: new postgresql packages.
New packages are available:
  postgresql8.4-8.4.9-0.1mdv2010.2
  postgresql9.0-9.0.5-0.1-mdv2011.0
  postgresql8.3-8.3.16-0.1mdvmes5.2

openSUSE 12.1: new postgresql packages.
New packages are available:
  postgresql-9.1.3-3.7.1

openSUSE: new whois packages.
New packages are available:
  openSUSE 11.4 : whois-5.0.26-7.1
  openSUSE 12.2 : whois-5.0.26-10.4.1
  openSUSE 12.3 : whois-5.0.26-12.4.1

RHEL: new postgresql packages.
New packages are available:
  postgresql-7.4.30-3.el4
  postgresql-8.1.23-1.el5_7.2
  postgresql84-8.4.9-1.el5_7.1
  postgresql-8.4.9-1.el6_1.1

SUSE LE 10: new yast2-core packages.
New packages are available:
  SUSE LE 10 SP3 : yast2-core-2.13.48-0.5.1
  SUSE LE 10 SP4 : yast2-core-2.13.48-0.8.1

SUSE: new crypt_blowfish, glibc packages.
New packages are available, as indicated in information sources.

SUSE: new yast2-core packages.
New packages are available:
  openSUSE 11.3 : yast2-core-2.19.4-0.2.1
  openSUSE 11.4 : yast2-core-2.20.1-0.3.1
  SUSE LE 11 : yast2-core-2.17.35.3-0.3.1
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerabilities announces. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.