Bug#460706: python-paramiko: insecure use of RandomPool

Mon, 14 Jan 2008 11:06:27 -0800 

tags 460706 + patch
thanks

Hi,
attached is a patch that should fix this problem extracted 
from the upstream thread on the mailinglist (including the 
update).

it will be also archived on:
http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch

Please ping me in case you have no time to do an upload and 
need this NMU.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

diff -u paramiko-1.6.4/debian/changelog paramiko-1.6.4/debian/changelog
--- paramiko-1.6.4/debian/changelog
+++ paramiko-1.6.4/debian/changelog
@@ -1,3 +1,13 @@
+paramiko (1.6.4-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by security team.
+  * Fix insecure use of RandomPool if paramiko is used for threads or multiple
+    forked processes. This enables one session to predict random data of
+    another session using its own random data.
+    (CVE id pending; Closes: #460706).
+
+ -- Nico Golde <[EMAIL PROTECTED]>  Mon, 14 Jan 2008 19:36:40 +0100
+
 paramiko (1.6.4-1) unstable; urgency=low
 
   * New upstream release (Closes: #344734, #382348).
only in patch2:
unchanged:
--- paramiko-1.6.4.orig/paramiko/common.py
+++ paramiko-1.6.4/paramiko/common.py
@@ -96,21 +96,11 @@
     DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 7, 13, 14
 
 
-from Crypto.Util.randpool import PersistentRandomPool, RandomPool
+from osrandom import OSRandomPool
 
 # keep a crypto-strong PRNG nearby
-import os
-try:
-    randpool = PersistentRandomPool(os.path.join(os.path.expanduser('~'), '/.randpool'))
-except:
-    # the above will likely fail on Windows - fall back to non-persistent random pool
-    randpool = RandomPool()
-
-try:
-    randpool.randomize()
-except:
-    # earlier versions of pyCrypto (pre-2.0) don't have randomize()
-    pass
+
+randpool = OSRandomPool()
 
 import sys
 if sys.version_info < (2, 3):
only in patch2:
unchanged:
--- paramiko-1.6.4.orig/paramiko/osrandom.py
+++ paramiko-1.6.4/paramiko/osrandom.py
@@ -0,0 +1,93 @@
+#!/usr/bin/python
+# -*- coding: ascii -*-
+# Copyright (C) 2008  Dwayne C. Litzenberger <dlitz at dlitz.net>
+#
+# This file is part of paramiko.
+#
+# Paramiko is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free
+# Software Foundation; either version 2.1 of the License, or (at your option)
+# any later version.
+#
+# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with Paramiko; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+import sys
+
+# Detect an OS random number source
+osrandom_source = None
+
+# Try os.urandom
+if osrandom_source is None:
+    try:
+        from os import urandom
+        osrandom_source = "os.urandom"
+    except ImportError:
+        pass
+
+# Try winrandom
+if osrandom_source is None:
+    try:
+        from Crypto.Util import winrandom
+        osrandom_source = "winrandom"
+    except ImportError:
+        pass
+
+# Try /dev/urandom
+if osrandom_source is None:
+    try:
+        _dev_urandom = open("/dev/urandom", "rb", 0)
+        def urandom(bytes):
+            return _def_urandom.read(bytes)
+        osrandom_source = "/dev/urandom"
+    except (OSError, IOError):
+        pass
+
+# Give up
+if osrandom_source is None:
+    raise ImportError("Cannot find OS entropy source")
+
+class BaseOSRandomPool(object):
+    def __init__(self, numbytes=160, cipher=None, hash=None):
+        pass
+
+    def stir(self, s=''):
+        # According to "Cryptanalysis of the Random Number Generator of the
+        # Windows Operating System", by Leo Dorrendorf and Zvi Gutterman
+        # and Benny Pinkas <http://eprint.iacr.org/2007/419>,
+        # CryptGenRandom only updates its internal state using kernel-provided
+        # random data every 128KiB of output.
+        if osrandom_source == 'winrandom' or sys.platform == 'win32':
+            self.get_bytes(128*1024)    # discard 128 KiB of output
+
+    def randomize(self, N=0):
+        self.stir()
+
+    def add_event(self, s=None):
+        pass
+
+class WinrandomOSRandomPool(BaseOSRandomPool):
+    def __init__(self, numbytes=160, cipher=None, hash=None):
+        self._wr = winrandom.new()
+        self.get_bytes = self._wr.get_bytes
+        self.randomize()
+
+class UrandomOSRandomPool(BaseOSRandomPool):
+    def __init__(self, numbytes=160, cipher=None, hash=None):
+        self.get_bytes = urandom
+        self.randomize()
+
+if osrandom_source in ("/dev/urandom", "os.urandom"):
+    OSRandomPool = UrandomOSRandomPool
+elif osrandom_source == "winrandom":
+    OSRandomPool = WinrandomOSRandomPool
+else:
+    raise AssertionError("Unrecognized osrandom_source %r" % (osrandom_source,))
+
+# vim:set ts=4 sw=4 sts=4 expandtab:

Attachment: pgpJHhqmezMKI.pgp
Description: PGP signature

Reply via email to