-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Version 1.0.13 of Mandos is released. This is a security bug fix release.
Thanks to "C. Dominik Bodi" <dominik.b...@gmx.de> for reporting this problem! <http://bugs.debian.org/551907> Who Is Affected? ================ The security bug affects users running the Mandos server on the same computer as a Mandos client. Those that do not are not affected. Bug Effects =========== The Mandos server has a "clients.conf" file containing encrypted versions of passwords for the clients' encrypted disks. If the same computer also was a Mandos client, this file was mistakenly copied into the /boot/initrd.img* file, making the contents of that file vulnerable to a physical attack on the computer. This will automatically fix itself on installation of mandos-client 1.0.13 on rebuilding the /boot/initrd.img* file. Bug Impact and Recovery ======================= The impact of the clients.conf file being vulnerable to a physical attack on the computer is that if both the Mandos server (with a vulnerable clients.conf) and the Mandos client are seized by a physical attacker, the disks will be readable - it will be as if the disks were not encrypted. Note: There is nothing to worry about if ANY of these are true: 1. A Mandos server is not also a Mandos client. 2. Neither the Mandos server nor the Mandos client has been compromised, either by root compromise or by physical attack. This security bug *only* affects the security of what happens *after* an attack - if there has not been an attack yet, the system is secure once it is upgraded to Mandos 1.0.13. No keys or passwords needs to be changed. If the Mandos server is suspected to *be* compromised, all the encrypted disk passwords for the clients should be changed - this will make any leaked information useless. (Conversely, if a key from a Mandos client should ever be compromised, it is a simple case of just generating a new one and creating a new stanza for the Mandos server "clients.conf" file. But this is NOT what this bug is about.) More Bug Details ================ The script to create new /boot/initrd.img* files copied *all files* - From /etc/mandos, when in reality it only needed "plugin-runner.conf". This was in anticipation of any user-supplied or future plugins needing config files, but we overlooked the fact that the config files for the Mandos *server* was present in the same directory. We are very ashamed of this blatant mistake. We do try to do better than this. Version 1.0.13 (2009-10-22) * Client ** Security bug fix: If Mandos server is also installed, do not copy its config files (with encrypted passwords) into the initrd.img-* files. The upload would fix these Debian bugs: 551907 The Debian package for unstable can be found on mentors.debian.net: - - dget http://mentors.debian.net/debian/pool/main/m/mandos/mandos_1.0.13-1.dsc /Teddy Hogeborn - -- The Mandos Project http://www.fukt.bsnet.se/mandos -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkrfnXYACgkQOWBmT5XqI90L4QCffl3qBwS88qYNoU3WPS2cwfHx TdwAoK6mYL3WA4U8RScIVHd4YLDs6hk1 =da5p -----END PGP SIGNATURE----- _______________________________________________ Mandos-Dev mailing list mandos-...@fukt.bsnet.se http://mail.fukt.bsnet.se/cgi-bin/mailman/listinfo/mandos-dev -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
