Control: tags 1081158 + patch Control: tags 1081158 + pending
Dear Apollon, I've prepared an NMU for tgt (versioned as 1:1.0.85-1.3) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. While the bug is new, I decided to already upload to delayed/10 because the last two uploads were NMUs. But I'm happy to cancel this uploads and rather pass it to you as maintainer! Regards, Salvatore
diff -Nru tgt-1.0.85/debian/changelog tgt-1.0.85/debian/changelog --- tgt-1.0.85/debian/changelog 2024-04-09 09:28:44.000000000 +0200 +++ tgt-1.0.85/debian/changelog 2024-09-08 21:03:20.000000000 +0200 @@ -1,3 +1,10 @@ +tgt (1:1.0.85-1.3) unstable; urgency=medium + + * Non-maintainer upload. + * chap: Use proper entropy source (CVE-2024-45751) (Closes: #1081158) + + -- Salvatore Bonaccorso <car...@debian.org> Sun, 08 Sep 2024 21:03:20 +0200 + tgt (1:1.0.85-1.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru tgt-1.0.85/debian/patches/0009-chap-Use-proper-entropy-source.patch tgt-1.0.85/debian/patches/0009-chap-Use-proper-entropy-source.patch --- tgt-1.0.85/debian/patches/0009-chap-Use-proper-entropy-source.patch 1970-01-01 01:00:00.000000000 +0100 +++ tgt-1.0.85/debian/patches/0009-chap-Use-proper-entropy-source.patch 2024-09-08 21:03:20.000000000 +0200 @@ -0,0 +1,69 @@ +From: Richard Weinberger <rich...@nod.at> +Date: Tue, 3 Sep 2024 16:14:58 +0200 +Subject: chap: Use proper entropy source +Origin: https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd +Bug-Debian: https://bugs.debian.org/1081158 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-45751 + +The challenge sent to the initiator is based on a poor +source of randomness, it uses rand() without seeding it by srand(). +So the glibc PRNG is always seeded with 1 and as a consequence the +sequence of challenges is always the same. + +An attacker which is able to monitor network traffic can apply a replay +attack to bypass the CHAP authentication. All the attacker has to do +is waiting for the server or the service to restart and replay with a +previously record CHAP session which fits into the sequence. + +To overcome the issue, use getrandom() to query the kernel random +number generator. +Also always send a challenge of length CHAP_CHALLENGE_MAX, there is no +benefit in sending a variable length challenge. + +Signed-off-by: Richard Weinberger <rich...@nod.at> +--- + usr/iscsi/chap.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/usr/iscsi/chap.c b/usr/iscsi/chap.c +index aa0fc67132dd..b89ecabd59be 100644 +--- a/usr/iscsi/chap.c ++++ b/usr/iscsi/chap.c +@@ -28,6 +28,7 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> ++#include <sys/random.h> + + #include "iscsid.h" + #include "tgtd.h" +@@ -359,22 +360,19 @@ static int chap_initiator_auth_create_challenge(struct iscsi_connection *conn) + sprintf(text, "%u", (unsigned char)conn->auth.chap.id); + text_key_add(conn, "CHAP_I", text); + +- /* +- * FIXME: does a random challenge length provide any benefits security- +- * wise, or should we rather always use the max. allowed length of +- * 1024 for the (unencoded) challenge? +- */ +- conn->auth.chap.challenge_size = (rand() % (CHAP_CHALLENGE_MAX / 2)) + CHAP_CHALLENGE_MAX / 2; ++ conn->auth.chap.challenge_size = CHAP_CHALLENGE_MAX; + + conn->auth.chap.challenge = malloc(conn->auth.chap.challenge_size); + if (!conn->auth.chap.challenge) + return CHAP_TARGET_ERROR; + ++ if (getrandom(conn->auth.chap.challenge, conn->auth.chap.challenge_size, 0) != conn->auth.chap.challenge_size) ++ return CHAP_TARGET_ERROR; ++ + p = text; + strcpy(p, "0x"); + p += 2; + for (i = 0; i < conn->auth.chap.challenge_size; i++) { +- conn->auth.chap.challenge[i] = rand(); + sprintf(p, "%.2hhx", conn->auth.chap.challenge[i]); + p += 2; + } +-- +2.45.2 + diff -Nru tgt-1.0.85/debian/patches/series tgt-1.0.85/debian/patches/series --- tgt-1.0.85/debian/patches/series 2024-04-09 09:28:44.000000000 +0200 +++ tgt-1.0.85/debian/patches/series 2024-09-08 21:03:20.000000000 +0200 @@ -6,3 +6,4 @@ 0006-fix-pie-build 0007-Fix-compilation-with-glusterfs-6.patch 0008-Fix-example-config-path-in-manpages.patch +0009-chap-Use-proper-entropy-source.patch
