Bug 20786 - CVE-2009-0217 XML signature HMAC truncation authentication bypass
Summary: CVE-2009-0217 XML signature HMAC truncation authentication bypass
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: xml-security (show other bugs)
Version: unstable
Hardware: all Linux
: P3 normal
Assignee: viy
QA Contact: qa-sisyphus
URL: http://www.kb.cert.org/vuls/id/466161
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-07-15 15:10 MSD by Vladimir Lettiev
Modified: 2010-09-28 16:48 MSD (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-07-15 15:10:04 MSD 
+++ Данная ошибка создана размножением ошибки 20785 +++

XML Signature Syntax and Processing (XMLDsig) is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services for data. XMLDsig is commonly used by web services such as SOAP. The XMLDsig recommendation includes support for HMAC truncation, as specified in RFC2014. When HMAC truncation is under the control of an attacker, however, this can result in an effective authentication bypass. For example, by specifying an HMACOutputLength of 1, only one bit of the signature is verified. This can allow an attacker to forge an XML signature that will be accepted as valid.

fixed in svn (http://svn.apache.org/viewvc?view=rev&revision=794013)
Comment 1 viy 2009-10-05 19:09:10 MSD 
fixed in b16, java-1.6.0-sun-1.6.0.16-alt1.src.rpm
Comment 2 viy 2009-10-05 19:10:44 MSD 
sorry
Comment 3 Repository Robot 2010-09-28 14:55:00 MSD 
xml-security-0:1.4.3-alt1_0jpp6 -> sisyphus:

* Tue Sep 28 2010 Igor Vlasenko <viy@altlinux> 0:1.4.3-alt1_0jpp6
- new version (closes: #20786)

* Tue Sep 28 2010 Igor Vlasenko <viy@altlinux> 0:1.4.2-alt1_5jpp6
- new version