************************************************************************** Security Bulletin 9511 DISA Defense Communications System March 7, 1995 Published by: DDN Security Coordination Center (SCC@NIC.DDN.MIL) 1-(800) 365-3642 DEFENSE DATA NETWORK SECURITY BULLETIN The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DDN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and password="guest". The bulletin pathname is scc/ddn-security-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/ddn-security-9510). ************************************************************************** + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important advisory was issued by the Computer ! ! Emergency Response Team (CERT) and is being relayed unedited ! ! via the Defense Information Systems Agency's Security ! ! Coordination Center distribution system as a means of ! ! providing DDN subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ============================================================================= ============================================================================= CA-95:03a CERT Advisory March 3, 1995 REVISED Telnet Encryption Vulnerability ----------------------------------------------------------------------------- *** THIS IS A REVISED CERT ADVISORY *** *** A portion of the patch was accidentally omitted from Appendix B in the original release of CA-95:03. This revision contains a new, complete Appendix B.*** The CERT Coordination Center has received reports of a serious security problem in the Berkeley Telnet clients that provide support for the experimental Telnet encryption option using the Kerberos V4 authentication. All known released versions of the BSD Telnet that support Kerberos V4 authentication and encryption are affected. We recommend that all sites that use encrypted telnet in conjunction with Kerberos V4 obtain a patch or upgraded version of Telnet according to the instructions in Section III below. As we receive additional information relating to this advisory, we will place it, along with any clarifications, in a CA-95:03a.README file. CERT advisories and their associated README files are available by anonymous FTP from info.cert.org. We encourage you to check the README files regularly for updates on advisories that relate to your site. --------------------------------------------------------------------------- I. Description There is a vulnerability in Berkeley Telnet clients that support encryption and Kerberos V4 authentications. This vulnerability substantially reduces the effectiveness of the encryption. II. Impact Anyone who can access and read packets that make up the encrypted Telnet session can easily decrypt the session. This is possible, for example, when an intruder uses a packet sniffer on the network to intercept the Telnet sessions. III. Solution Obtain and install the appropriate patch according to the instructions included with the patch. In Appendix A is a summary of the vendors who have reported to us and the status they provided, including how to obtain patches. This information is reproduced in the README file associated with this advisory. We will update the README file as we receive more information from vendors. --------------------------------------------------------------------------- The CERT Coordination Center wishes to thank Theodore Ts'o of the Massachusetts Institute of Technology for identifying and developing a solution to this problem. We also thank Douglas Engert of Argonne National Laboratory for pointing out the omission in our original Appendix B. --------------------------------------------------------------------------- If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in Forum of Incident Response and Security Teams (FIRST). If you wish to send sensitive incident or vulnerability information to CERT staff by electronic mail, we strongly advise that the e-mail be encrypted. The CERT Coordination Center can support a shared DES key, PGP (public key available via anonymous FTP on info.cert.org), or PEM (contact CERT staff for details). Internet E-mail: cert@cert.org Telephone: +1 412-268-7090 (24-hour hotline) CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4), and are on call for emergencies during other hours. Fax: +1 412-268-6989 CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 USA Past advisories, CERT bulletins, information about FIRST representatives, and other information related to computer security are available for anonymous FTP from info.cert.org. CERT is a service mark of Carnegie Mellon University. ............................................................................. Appendix A: Vendor Information CA-95:03a.README Issue date: March 3, 1995 This file is a supplement to CERT advisory CA-95:03a, "Telnet Encryption Vulnerability" and will be updated as additional information becomes available. This README supersedes CA-95:03.README. As of March 3, 1995, information from Digital Equipment Corporation and Sequent Computer Systems has been added to the original text. Below is information we have received from vendors who have patches available or upcoming, along with names of vendors who have reported that their products do not have the problem. If you have an encrypting Telnet from a vendor who is not listed, please contact that vendor for information regarding how to get a fixed version. Vendor or Source Status ---------------- ------------ Berkeley SW Distribution (BSD) source-code patch available from Berkeley; also in Appendix B of this advisory Data General Corporation not affected by the vulnerability Digital Equipment Corporation not affected by the vulnerability FTP Software, Inc. patch available Harris NightHawk System not affected by the vulnerability Hewlett-Packard Company not affected by the vulnerability Nat'l. Center for Supercomputer Applications (NCSA) upgrade available Open Software Foundation not affected by the vulnerability The Santa Cruz Operation, Inc.(SCO) not affected by the vulnerability Sequent Computer Systems not affected by the vulnerability Sun Microsystems, Inc. not affected by the vulnerability PATCH INFORMATION ------------- Berkeley Software Distribution (BSD) A source-code patch, along with the domestic version of the most recently released Telnet sources from Berkeley, are available by anonymous FTP from net-dist.mit.edu:/pub/telnet/telnet.patch MD5 65d56befe3d0f1699d38de5509552578 There is also a PGP ASCII signature file for the patch in net-dist.mit.edu:/pub/telnet/telnet.patch.sig This patch can also be found in CERT Advisory CA-95:03a, Appendix B. (Note: Do not calculate a checksum for Appendix B alone. It will not match the checksum of the FTP version of the patch because the tabs in the FTP copy have been replaced with blank spaces in the CA-95:03a Appendix B copy.) ------------- FTP Software, Inc. Customers of FTP Software with an encrypting telnet (provided in the PC/TCP or OnNet packages) should call the FTP technical support line at 1-800-282-4387 and ask for the "tn encrypt patch". ------------- National Center for Supercomputer Applications (NCSA) Users of NCSA Telnet should upgrade to the NCSA Telnet 2.6.1d7, AND install the appropriate Kerberos plug-in which are available by anonymous FTP from ftp.ncsa.uiuc.edu Upgrade /Mac/Telnet/Telnet2.6/prerelease/d7/Telnet2.6.1d7(68K).sit.hqx MD5 b34b9fda59421b3b83f8df08a83f83b5 /Mac/Telnet/Telnet2.6/prerelease/d7/Telnet2.6.1d7(fat).sit.hqx MD5 877add7c3d298111889fc3f2f272ce6f Kerberos plug-ins /Mac/Telnet/Telnet2.6/prerelease/AuthMan.plugin.1.0b1.hqx MD5 df727eae184b22125f90ef1a31513fd4 /Mac/Telnet/Telnet2.6/prerelease/Kerberos_Telnet_plugin.sit.hqx MD5 dbda691efe9038648f234397895c734d Questions regarding NCSA Telnet should be directed to mactel@ncsa.uiuc.edu ............................................................................. Appendix B: Patch for Vulnerability in Telnet Encryption Option Omission error corrected March 3, 1995 See CA-95:03a.README for updated information. Index: auth.c =================================================================== RCS file: /mit/krb5/.cvsroot/src/appl/telnet/libtelnet/auth.c,v retrieving revision 5.5 retrieving revision 5.7 diff -u -r5.5 -r5.7 --- auth.c 1994/08/18 21:06:45 5.5 +++ auth.c 1994/11/08 04:39:02 5.7 @@ -244,7 +244,7 @@ { register int x; - if (strcasecmp(type, AUTHTYPE_NAME(0))) { + if (!strcasecmp(type, AUTHTYPE_NAME(0))) { *maskp = -1; return(1); } @@ -260,14 +260,14 @@ int auth_enable(type) - int type; + char * type; { return(auth_onoff(type, 1)); } int auth_disable(type) - int type; + char * type; { return(auth_onoff(type, 0)); } @@ -277,15 +277,20 @@ char *type; int on; { - int mask = -1; + int i, mask = -1; Authenticator *ap; if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) { printf("auth %s 'type'\n", on ? "enable" : "disable"); printf("Where 'type' is one of:\n"); printf("\t%s\n", AUTHTYPE_NAME(0)); - for (ap = authenticators; ap->type; ap++) + mask = 0; + for (ap = authenticators; ap->type; ap++) { + if ((mask & (i = typemask(ap->type))) != 0) + continue; + mask |= i; printf("\t%s\n", AUTHTYPE_NAME(ap->type)); + } return(0); } @@ -293,7 +298,6 @@ printf("%s: invalid authentication type\n", type); return(0); } - mask = getauthmask(type, &mask); if (on) i_wont_support &= ~mask; else @@ -317,16 +321,22 @@ auth_status() { Authenticator *ap; + int i, mask; if (i_wont_support == -1) printf("Authentication disabled\n"); else printf("Authentication enabled\n"); - for (ap = authenticators; ap->type; ap++) + mask = 0; + for (ap = authenticators; ap->type; ap++) { + if ((mask & (i = typemask(ap->type))) != 0) + continue; + mask |= i; printf("%s: %s\n", AUTHTYPE_NAME(ap->type), (i_wont_support & typemask(ap->type)) ? "disabled" : "enabled"); + } return(1); } Index: kerberos.c =================================================================== RCS file: /mit/krb5/.cvsroot/src/appl/telnet/libtelnet/kerberos.c,v retrieving revision 5.5 retrieving revision 5.8 diff -u -r5.5 -r5.8 --- kerberos.c 1994/08/18 21:07:02 5.5 +++ kerberos.c 1994/11/14 21:33:58 5.8 @@ -225,9 +225,10 @@ register int i; des_key_sched(cred.session, sched); - des_set_random_generator_seed(cred.session); - des_new_random_key(challenge); - des_ecb_encrypt(challenge, session_key, sched, 1); + des_init_random_number_generator(cred.session); + des_new_random_key(session_key); + des_ecb_encrypt(session_key, session_key, sched, 0); + des_ecb_encrypt(session_key, challenge, sched, 0); /* * Increment the challenge by 1, and encrypt it for * later comparison. @@ -320,6 +321,11 @@ break; } + /* + * Initialize the random number generator since it's + * used later on by the encryption routine. + */ + des_init_random_number_generator(session_key); des_key_sched(session_key, sched); memcpy((void *)datablock, (void *)data, sizeof(Block)); /* @@ -337,7 +343,7 @@ * increment by one, re-encrypt it and send it back. */ des_ecb_encrypt(datablock, challenge, sched, 0); - for (r = 7; r >= 0; r++) { + for (r = 7; r >= 0; r--) { register int t; t = (unsigned int)challenge[r] + 1; challenge[r] = t; /* ignore overflow */ Index: commands.c =================================================================== RCS file: /mit/krb5/.cvsroot/src/appl/telnet/telnet/commands.c,v retrieving revision 5.14 retrieving revision 5.16 diff -u -r5.14 -r5.16 --- commands.c 1994/08/18 21:07:37 5.14 +++ commands.c 1994/11/08 06:42:49 5.16 @@ -1919,8 +1919,8 @@ }; extern int - auth_enable P((int)), - auth_disable P((int)), + auth_enable P((char *)), + auth_disable P((char *)), auth_status P((void)); static int auth_help P((void)); @@ -1959,6 +1959,12 @@ { struct authlist *c; + if (argc < 2) { + fprintf(stderr, + "Need an argument to 'auth' command. 'auth ?' for help.\n"); + return 0; + } + c = (struct authlist *) genget(argv[1], (char **) AuthList, sizeof(struct authlist)); if (c == 0) { @@ -2015,7 +2021,7 @@ EncryptEnable, 1, 1, 2 }, { "disable", "Disable encryption. ('encrypt enable ?' for more)", EncryptDisable, 0, 1, 2 }, - { "type", "Set encryptiong type. ('encrypt type ?' for more)", + { "type", "Set encryption type. ('encrypt type ?' for more)", EncryptType, 0, 1, 1 }, { "start", "Start encryption. ('encrypt start ?' for more)", EncryptStart, 1, 0, 1 }, @@ -2058,6 +2064,12 @@ char *argv[]; { struct encryptlist *c; + + if (argc < 2) { + fprintf(stderr, + "Need an argument to 'encrypt' command. 'encrypt ?' for help.\n"); + return 0; + } c = (struct encryptlist *) genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist)); **************************************************************************** * * * The point of contact for MILNET security-related incidents is the * * Security Coordination Center (SCC). * * * * E-mail address: SCC@NIC.DDN.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * **************************************************************************** PLEASE NOTE: Some users outside of the DOD computing communities may receive DDN Security bulletins. If you are not part of the DOD community, please contact your agency's incident response team to report incidents. Your agency's team will coordinate with DOD. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver@first.org with an empty subject line and a message body containing the line: send first-contacts. This document was prepared as an service to the DOD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.