From: Claes W. <kl...@ta...> - 2012-06-20 20:54:49
|
Folks, New yaws release which contains a fix to pretty serious security hole. The relevant relnote entry is: Use crypto:rand_bytes() instead of the cryptographically weak random module. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cookies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez) It's been almost 6 months since the last release, so this one also contains a long series of good fixes and improvements from a lot of good people. Thanks everyone !! Code, release, relnotes, docs etc at http://yaws.hyber.org/ Yaws team - /klacke/Steve/Christopher |
From: Claes W. <kl...@ta...> - 2012-06-20 20:59:03
|
On 06/20/2012 10:54 PM, Claes Wikstrom wrote: > > Folks, > > New yaws release which contains a fix to pretty serious security hole. > The relevant relnote entry is: > > Use crypto:rand_bytes() I posted this also the erlang questions list, anyone using random:uniform/1 is in bad shape. /kalcke |
From: CGS <cgs...@gm...> - 2012-06-20 21:23:17
|
Thanks, Claes! I was just working on a project in which a good security is a must. I will upgrade my Yaws asap. Cheers, CGS On Wed, Jun 20, 2012 at 10:58 PM, Claes Wikstrom <kl...@ta...> wrote: > On 06/20/2012 10:54 PM, Claes Wikstrom wrote: > > > > Folks, > > > > New yaws release which contains a fix to pretty serious security hole. > > The relevant relnote entry is: > > > > Use crypto:rand_bytes() > > I posted this also the erlang questions list, anyone using random:uniform/1 > is in bad shape. > > /kalcke > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Erlyaws-list mailing list > Erl...@li... > https://lists.sourceforge.net/lists/listinfo/erlyaws-list > |
From: Kenji R. <ken...@ac...> - 2012-06-24 08:27:01
|
I made a quick fix for FreeBSD Port www/yaws. It's on GitHub at: https://github.com/jj1bdx/yaws-freebsd-port (see tag "1.93") I've also sent a problem report to FreeBSD Port maintainers. Kenji Rikitake ++> Claes Wikstrom <kl...@ta...> [2012-06-20 22:54:41 +0200]: > New yaws release which contains a fix to pretty serious security hole. > The relevant relnote entry is: > > Use crypto:rand_bytes() instead of the cryptographically weak random module. > Swedish security consultant and cryptographer Kalle Zetterlund discovered a way > to - given a sequence of cookies produced by yaws_session_server - predict the > next session id. Thus providing a gaping security hole into yaws servers that > use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez) |
From: Sergei G. <sgo...@ne...> - 2012-06-24 11:22:44
Attachments:
random.diff
|
Hi! On Thu, Jun 21, 2012 at 12:54 AM, Claes Wikstrom <kl...@ta...> wrote: > > New yaws release which contains a fix to pretty serious security hole. > The relevant relnote entry is: > > Use crypto:rand_bytes() instead of the cryptographically weak random module. There's one issue remaining with this change: the new cookie consists of random characters in 0-FF range which means that occasionally some control characters will appear in it. If, for example 0A0A will happen then this will break the whole next headers (0A0A will be treated as the end of headers) not counting that the client will see the wrong cookie. I'll add the attached patch to fix this bug in a Debian YAWS package, but I think that it'll be useful for others too (additionally, it makes the similar changes to the chat and mail applications). It's certainly not the best one but it works. Cheers! -- Sergei Golovan |
From: Claes W. <kl...@ta...> - 2012-06-24 21:38:30
|
On 6/24/12 1:22 PM, Sergei Golovan wrote: > Hi! > > On Thu, Jun 21, 2012 at 12:54 AM, Claes Wikstrom<kl...@ta...> wrote: >> >> New yaws release which contains a fix to pretty serious security hole. >> The relevant relnote entry is: >> >> Use crypto:rand_bytes() instead of the cryptographically weak random module. > > There's one issue remaining with this change: the new cookie consists > of random characters in 0-FF range which means that occasionally some > control characters will appear in it. So, I actually though of this when I decided on the crypto:rand_bytes() fix, but thought that since the previous random produced an integer it's ok. However looking at the code, I see now that integer_to_list is called, so indeed, we need this fixed Thanks /klacke |
From: Claes W. <kl...@ta...> - 2012-06-24 21:53:36
|
On 6/24/12 11:38 PM, Claes Wikstrom wrote: > On 6/24/12 1:22 PM, Sergei Golovan wrote: >> Hi! >> >> On Thu, Jun 21, 2012 at 12:54 AM, Claes Wikstrom<kl...@ta...> wrote: >>> >>> New yaws release which contains a fix to pretty serious security hole. >>> The relevant relnote entry is: >>> >>> Use crypto:rand_bytes() instead of the cryptographically weak random module. >> >> There's one issue remaining with this change: the new cookie consists >> of random characters in 0-FF range which means that occasionally some >> control characters will appear in it. > > So, I actually though of this when I decided on the crypto:rand_bytes() > fix, but thought that since the previous random produced an integer > it's ok. However looking at the code, I see now that integer_to_list > is called, so indeed, we need this fixed > Thought more on this, this bug, makes the session server secure but unusable, so we'll have to do a followup release. I pushed the fix, but I'll wait a day or two to make 1.94 available in case more problems pop up. Thanks Sergei, /klacke |
From: Nico K. <lis...@go...> - 2012-06-25 09:04:20
|
while you're at it (yaws 1.94)... the current version does not compile on Erlang R13 - the patch is quite simple and attached to this mail. Could you add this as well? Regards Nico On Sunday 24 Jun 2012 23:53:48 Claes Wikstrom wrote: > On 6/24/12 11:38 PM, Claes Wikstrom wrote: > > On 6/24/12 1:22 PM, Sergei Golovan wrote: > >> Hi! > >> > >> On Thu, Jun 21, 2012 at 12:54 AM, Claes Wikstrom<kl...@ta...> wrote: > >>> New yaws release which contains a fix to pretty serious security hole. > >>> The relevant relnote entry is: > >>> > >>> Use crypto:rand_bytes() instead of the cryptographically weak random > >>> module.>> > >> There's one issue remaining with this change: the new cookie consists > >> of random characters in 0-FF range which means that occasionally some > >> control characters will appear in it. > > > > So, I actually though of this when I decided on the crypto:rand_bytes() > > fix, but thought that since the previous random produced an integer > > it's ok. However looking at the code, I see now that integer_to_list > > is called, so indeed, we need this fixed > > Thought more on this, this bug, makes the session server secure but > unusable, so we'll have to do a followup release. I pushed the fix, but > I'll wait a day or two to make 1.94 available in case more problems pop up. > > Thanks Sergei, > > > /klacke |
From: Claes W. <kl...@ta...> - 2012-06-25 09:13:57
|
On 06/25/2012 11:04 AM, Nico Kruber wrote: > while you're at it (yaws 1.94)... > the current version does not compile on Erlang R13 - the patch is quite simple > and attached to this mail. > > Could you add this as well? Thanks, fixed /klacke |